The Core Technologies Blog

Our Software // Windows Services // 24Γ—7 Operation


Getting ready for Windows 11

Getting ready for Windows 11

Microsoft will release Windows 11 on October 5 2021.

As a member of the Windows Insider program, we’ve had the opportunity to test drive the new operating system for the past couple of months. Our verdict? Windows 11 provides a welcome facelift to Windows 10, while leaving the low-level internals and APIs largely untouched. It’s more evolution than revolution.

Let’s dig into the details of Windows 11 — and investigate how our software performs on the brand new operating system.

What’s new in Windows 11?

Windows 11 included many improvements. Our top highlights include:

  • General improvements to the user interface, focusing on simplicity, ease of use, and flexibility. This is the “cleanest” and most “Mac-looking” version of Windows to date.

    Windows 11 desktop
  • Excellent support for multiple desktops, with large previews and easy switching:

    Multiple desktops on Windows 11
  • Improved security, with protection against firmware and hardware attacks. In a world besieged by ransomware, phishing, and worse, this is a welcome addition.

What features have been removed?

The list of features deprecated or removed in Windows 11 is fairly short for a major release. Here’s what raised our eyebrows:

  • Support for moving the taskbar to different locations on the screen (e.g. top, left, or right) has been removed. That was convenient for our team, especially when making screen recordings.

  • Internet Explorer has been disabled and replaced by Microsoft Edge. Finally! We won’t miss IE around here…

  • Right-clicking on the taskbar calls up a menu with a single entry — Taskbar settings. We’ll miss the convenience of quickly summoning Task Manager, showing the desktop or effortlessly arranging windows from the Windows 10 taskbar. πŸ™

Will Windows 11 run on my computer?

The system requirements for Windows 11 are fairly modest — 2 CPU cores, 4 GM RAM and 64 GB hard drive space. Most modern computers easily meet those thresholds.

However, to deliver important security benefits, Windows 11 only runs on devices that support Trusted Platform Module (TPM) version 2.0.

To find out if your computer supports TPM, run tpm.msc from a command prompt. Here you can see that our Windows 10 desktop (purchased in 2019) supports TPM version 2.0:

Trusted Platform Module (TPM)

Note that TPM is a requirement for physical hardware, not for virtual machines. We had no trouble installing Windows 11 on a VirtualBox virtual machine, even though TPM is not supported there.

One oddity to watch out for: Windows 11 Home edition requires internet connectivity and a Microsoft account to complete setup on first use. Apparently Microsoft is very keen to bring you into their online ecosystem!

What’s changed for Windows Services?

As far as we can see, Windows 11 does not introduce any changes to the Windows Services API, nor to the service-related tools distributed with the operating system.

In fact, the Services application and the Services tab in the Task Manager look and work exactly as they do in Windows 10:

Services and Task Manager are unchanged

And finally, the practical NET and SC commands don’t present any new options either.

Does AlwaysUp run on Windows 11?

Yes.

Other than a minor inaccuracy detecting the operating system version in internal logging components, AlwaysUp version 13.0 (to be released in October 2021) performed perfectly on Win 11.

And over the course of the past 7 weeks, we have run OneDrive, Dropbox, Java and VirtualBox continuously as Windows Services. All have performed flawlessly through multiple reboots, automatic updates, deliberate crashes and other challenging scenarios.

OneDrive/AlwaysUp running on Windows 11

Does Service Protector work well on Windows 11?

Yes.

With the underlying Windows Services architecture remaining intact, we detected no issues running Service Protector 7.0:

Service Protector works well on Windows 11

What about your other software? Are they all compatible with Win11?

To date, here are the results of our testing on the new operating system:

Our applications are compatible with Win11

The only application that did not pass with flying colors is MyFolders. Unfortunately the MyFolders menu is not visible when you right-click in File Explorer! And in order to reveal the MyFolders menu, you must select Show more options:

File Explorer: Show more options

Afterwards, the familiar menu from Windows 10 will appear and you will be able to interact with MyFolders as normal:

The MyFolders menu

We’ll see if there is a way to eliminate the inconvenience of that extra click.

Best of luck with Windows 11 if (when) you decide to upgrade!

Posted in Windows | Tagged , , , , , , , , | 1 Comment

Q&A: Where does AlwaysUp store the Password for my Windows Account?

Q&A: Where does AlwaysUp store the Password for my Windows Account?
  I was looking to use AlwaysUp to run Excel as a service, and it looks like you can specify an account. How is the password stored when specifying an account? I want to make sure it’s stored securely.

— Ben

Good question Ben!

You are right to be concerned about security, especially with deadly ransomware attacks on the rise.

Rest assured that AlwaysUp manages your Windows securely. Here are some of the measures in place to protect your valuable credentials.

AlwaysUp hides your Windows password on the Logon tab

As a first line of defense, the field that captures your Windows password “masks” the characters, showing asterisks (“*”) instead of the characters you type:

AlwaysUp obfuscates your Windows password

By doing so, AlwaysUp does not reveal your password to casual onlookers.

Windows stores your password — not AlwaysUp

Next, and more importantly, AlwaysUp never keeps, tracks or transmits your Windows password after it creates (or updates) a service.

Instead, AlwaysUp hands your password to the Windows Services layer (via the CreateService or ChangeServiceConfig API functions), which stores the password securely. In that way, your password is handled just as safely as it is with the trusted operating system tools, like the Services application.

Specifically, the Service Control Manager — which launches and initializes services — stores the password with LsaStorePrivateData. And when it’s ready to start a service, the SCM calls LsaRetrievePrivateData to retrieve the service’s password. After the initial creation, AlwaysUp is simply not involved.

AlwaysUp doesn’t include your password when you export

As another important security measure, AlwaysUp does not (actually, cannot) include your Windows password when you export your application to an XML file. Instead, you will see ENTER A PASSWORD in the password field:

AlwaysUp doesn't export your Windows password

Because AlwaysUp saves a placeholder instead of your password, you will have to re-enter your password when you import the XML file. However our team thought that was a small inconvenience to avoid leaking a sensitive password.

A note on Excel as a service

Please be sure to follow our tutorial showing how to run Excel 2013 with AlwaysUp. Please heed the comment about automation at the top of the page. Unfortunately, not all Excel functions operate properly in the context of a background Windows Service.

Best of luck with Excel!

Posted in AlwaysUp | Tagged , , , | Leave a comment

Q&A: How Do I Delay the Start of my Windows Service?

Q&A: How Do I Delay the Start of my Windows Service?
  Our build server has a ton of services installed and it takes a while for them to start whenever the machine boots. One of the services doesn’t connect to the database if it starts too soon. When that happens, I have to log in and start it manually. Is there a way to delay the service until the other services are up and running?

— Christos D.

Hi Christos.

After some brainstorming, our team has come up with four potential solutions for you.

Solution #1: Set your Service to “Automatic (Delayed Start)”

The simplest way to delay a service is to adjust when it starts at boot. Instead of starting as soon as possible, you can tell Windows to launch the service about 2 (or more) minutes after boot.

To make that change:

  1. Start the Services utility.

    To do so, press the Windows + R keys to open the Run window, and then type services.msc.

  2. Find your service in the list. Double-click its row to open the service’s properties.

  3. In the Startup type field, select Automatic (Delayed Start) from the list:

    Choose Automatic (Delayed Start)
  4. Click OK to save your change.

Need to wait for longer than 2 minutes?

By default, all “delayed start” services are launched a couple of minutes after boot. Fortunately, that wait time is configurable and you can set it to longer if you like, but that setting applies to all delayed start services. There is simply no way to adjust the wait time of a single delayed start service.

Solution #2: Specify a Dependency between Services

Another option for delaying the start of a service is to mark it as dependent on another service.

To explain, let’s take two services, Service1 and Service2. If Service1 must start before Service2, you would update Service2 to add Service1 as a dependent. You would say that Service2 depends on Service1.

I know that may be a bit confusing, so let’s look at a real-world example.

Microsoft’s “System Events Broker” depends on a couple of services: “Remote Procedure Call (RPC)” and “RPC Endpoint Mapper”. You can see the relationship in the service’s properties (in the Services application):

System Events Broker service: Dependencies

Because of those dependencies, Windows will always start the two RPC services before launching the “System Events Broker” service.

So to delay the start of your important service, mark it as dependent on another, precursor service.

Note however, there are significant side effects of setting up a dependency relationship between two services.

For example, the screenshot above also shows that “Task Scheduler” depends on “System Events Broker”. As a result of that relationship, stopping “System Events Broker” will stop “Task Scheduler”, as the Services application informs us here:

Stop the System Events Broker service

You see, the dependency relationship is about much more startup sequence. It implies that “System Events Broker” is critical for “Task Scheduler” to operate.

So if you mark your service as dependent on another service, stopping that other service might stop your own. Make sure you’re OK with that.

Solution #3: Launch your service from an “at startup” scheduled task

Instead of having the Windows Services launch your service, you can shift that responsibility to the Windows Task Scheduler. And in doing so, you can introduce a post-boot delay to start the service after your machine settles down.

Here’s how to create a scheduled task that starts your service a few minutes after boot:

  1. Launch the Task Scheduler.

    To do so, press the Windows + R keys to open the Run window, and then type taskschd.msc.

  2. On the right, click Create Basic Task to launch the wizard:

    Task Scheduler: Create Basic Task
  3. Give your task a meaningful name. For example, we’re restarting the Print Spooler service 10 minutes after boot:

    Start Spooler service task: Name

    Click Next.

  4. For the trigger, choose When the computer starts:

    Start Spooler service task: Trigger

    Click Next.

  5. For action, select Start a program:

    Start Spooler service task: Action

    Click Next.

  6. In the Program/script field, enter NET.EXE.

    And in the Add arguments field, enter START followed by the name of your service:

    Start Spooler service task: Run NET START

    Click Next.

  7. On the summary screen, check the Open the Properties dialog… box. We still need to make a few adjustments to the new scheduled task:

    Start Spooler service task: Summary

    Click Finish to exit the wizard.

  8. In the Properties window that comes up, affirm a couple of options:

    Run whether user is logged on or not. Otherwise, your service will only restart when you’re logged on.

    Run with highest privileges. Necessary because starting your service likely requires administrative rights.

    Start Spooler service task: Properties
  9. Switch to the Triggers tab and edit the At startup trigger.

    In the Edit Trigger window, check the Delay task for box and enter your delay in minutes. You may have to type the time as not all values appear in the dropdown:

    Start Spooler service task: Edit Trigger

    Click OK to save your change.

  10. Back on the Properties window, click OK to close out of the task. You will probably have to enter your password:

    Start Spooler service task: Enter password

And now that you have a scheduled task to start the service when you want, you should prevent the service from trying to start automatically at boot. Open your service’s properties and change the Startup type to Manual:

Set service startup type to Manual

Finally, please reboot and make sure that your service starts in the expected time frame.

Solution #4 (for AlwaysUp services only): Pause before starting

If your service was created by AlwaysUp, you are able to stall your application via a configuration setting.

To do so:

  1. Edit your application in AlwaysUp.

  2. Switch to the Startup tab.

  3. In the Pause for field, enter a suitable delay in seconds:

    Set AlwaysUp startup pause time
  4. Check the But only after a reboot box — to avoid the pause when you start the service/application manually.

  5. Click OK to save your settings.

The next time your computer boots, Windows will start the AlwaysUp service. And, as you instructed, AlwaysUp will pause for a while before launching your application.

Hopefully one of these methods will work in your situation!

Posted in Windows Services | Tagged , , , , , | Leave a comment

Q&A: Should I use NET or SC to start/stop/restart our Windows Services?

Q&A: Should I use NET or SC for Windows Services?
  My team manages a few third-party Windows Services. We plan to write scripts that start, stop and restart the services as part of regular maintenance through batch files. Should we use NET or SC? What’s the difference? Is one more reliable?

— Silvia

Hi Silvia.

Yes, both commands are adept at manipulating the state of a Windows Service. For example, both NET STOP and SC STOP will cause a service to shut down.

And both NET and SC are mature, stable and reliable utilities. Apparently Microsoft has worked out all the bugs over the past 30 years. πŸ™‚

However, as far as developing batch files to start, stop and restart services, there is one subtle but important difference between the two utilities.

NET makes a request and waits to confirm…

When you issue a NET START or NET STOP command, NET.EXE:

  1. Opens the Windows Service Control Manager (with OpenSCManager).

  2. Opens the service (with OpenService).

  3. Rejects the operation if the service is not in a compatible state. For example, if a stop was requested but the service is already stopped, an error is returned (likely exit code 2).

  4. Requests that the service transitions to the appropriate state (with ControlService).

  5. For the next 30 seconds:

    1. Periodically checks the state of the service (with QueryServiceStatusEx).

    2. Returns success (exit code 0) if the service transitions to the expected end state.

    3. Keeps waiting if the service has not transitioned to the expected end state.

  6. Returns an error if 30 seconds has elapsed but the service has not transitioned to expected end state.

… But SC simply makes a request and exits

On the other hand, when you run SC START or SC STOP command, SC.EXE:

  1. Opens the Windows Service Control Manager (with OpenSCManager).

  2. Opens the service (with OpenService).

  3. Rejects the operation if the service is not in a compatible state. For example, if a stop was requested but the service is already stopped, an error is returned (likely exit code 2).

  4. Requests that the service transitions to the appropriate state (with ControlService).

  5. Returns success (exit code 0).

SC does not wait for the service to stop or start.

What the difference means for your batch files

Because SC does not wait for the service to transition to the desired state, you have to be careful when you use SC in batch files.

For example, to restart a service, this sequence looks like it should do the trick:

SC STOP ServiceName
SC START ServiceName

And it works, for many services!

Indeed, here is the Print Spooler service quickly transitioning through the PENDING states and ending up running, as desired:

Restarting the Spooler service with SC

However, things go awry if the service takes a few seconds to stop.

For example, our CloudFileServer service takes 2-5 seconds to terminate (while it closes and uploads transient files to a remote site). The SC script doesn’t fare as well with that service:

Restarting the CloudFileServer service with SC

As you can see, SC STOP succeeds and the service promptly transitions to the STOP_PENDING state. Unfortunately, the subsequent SC START fails with the “already running” error because the service is still shutting down — it has not yet stopped. And the final result (not pictured) is a dead service — the opposite of what we were hoping to achieve!

On the contrary, the equivalent sequence with the NET command worked much better:

Restarting the CloudFileServer service with NET

However, NET will run into the same problem as SC if the service takes longer than 30 seconds to stop.

You should pause or confirm when using SC

Of course, you can have SC behave like NET by adding extra code to your script. For instance, adding the TIMEOUT command (which pauses for a fixed period) will give a slow service the chance to stop gracefully before attempting to restart it:

SC STOP CloudFileServer
TIMEOUT /T 10
SC START CloudFileServer

This updated script works well with our CloudFileServer service:

Restarting the CloudFileServer service with SC #2

Similarly, you can add code to check the state of the service (with the SC QUERY command) and react accordingly. That approach is more complicated, but it may be worth it in your situation.

Consider ServicePilot when working with slow or busy services

If you are working with services that take a while to start or stop, you should consider using our free ServicePilot command line utility.

Like NET.EXE, ServicePilot will wait to confirm the desired end state. However, ServicePilot allows you to specify the time to wait for the transition to complete.

Here is ServicePilot controlling SlowStopService — our internally developed service which can take up to a minute to stop:

Restarting a slow service with ServicePilot

Best of luck with your batch files!

Posted in Windows Services | Tagged , , , , | Leave a comment

The Top 3 Real-World Problems with Microsoft Srvany

3 Serious Problems with Microsoft Srvany

Despite being almost 20 years old, Microsoft’s free Srvany utility is still a surprisingly popular tool. Every week, we come across at least one person using the ancient service wrapper to install an executable or batch file to start at boot as a Windows Service.

Truthfully, Srvany is fine for many situations. It’s basic, and it works. And the price is right.

However, the utility has several shortcomings that aren’t immediately obvious. Here are the top 3 that we (and our customers) have encountered over the years:

Problem #1: Srvany may continue to run even though your application is dead

When it is started, a Srvany service immediately launches its target application. And if the application starts properly and runs without interruption, everything is great.

But what happens if the application crashes or stops running?

To find out, we created a new service that runs the Windows Notepad text editor:

Notepad Windows Service installed

When we started the service, Srvany launched notepad.exe as instructed. Here you can see the service in the “Running” state with Notepad operating in Session 0:

Srvany running Notepad as a service

Next, we forcibly terminated Notepad.exe. As expected, the process disappeared.

However, even after Notepad had exited, the service remained in the “Running” state. Misleading, to say the least.

Basically, you cannot rely on the state of a Srvany service to reflect the state of the target application. Just because the service says its running doesn’t mean that the application is!

Problem #2: Srvany may leave your application running after the service stops

As described in this article, when you stop a Srvany service, only the target application is closed. If the target application had launched other applications, those others will not be stopped.

This can be a problem for batch files and applications involving multiple processes.

To illustrate, we installed a new Srvany service that runs a batch file. The batch file starts Notepad:

Batch file Windows Service installed

When we started the service, Srvany launched the batch file, which started Notepad. So far so good:

Srvany running a Batch File as a service

However, when we stopped the service, only the batch file (cmd.exe) was terminated. Notepad continued to run, alive and well — despite the service being in the stopped state.

Here again, the state of the service does not reflect the state of the target application. But there are unwelcome side effects too.

If we start the service again, Srvany will launch a fresh copy of Notepad. And then we have two copies of Notepad running. This “duplicate” scenario can create chaos for more complex situations, for example with applications that should not run multiple instances. Watch out!

Problem #3: Srvany isn’t particularly user friendly

According to our customers, Srvany comes up short in three areas of usability:

  1. There is no GUI to install your application as a service. You must use a separate command line tool (Instsrv) to create a new Srvany service, which is less than ideal.

  2. To configure the application to run, you have to create keys and values with the Windows Registry Editor — an administrative tool that can cripple your PC if you use it incorrectly.

  3. Srvany is difficult to troubleshoot because it doesn’t write a log file or provide helpful feedback when things go wrong. As a result, frustration often ensues.

Proceed with caution!

Posted in Srvany | Tagged , , | Leave a comment