Following your AlwaysUp documentation, I am using the “Monitor the application and stop it whenever it hangs” option. When I set its value to 1 minute, this feature does not work as I expect.
I wrote a simple application that goes into an endless loop after one minute of execution time. But the application is not restarted by AlwaysUp. Why not?
— Beatrix
Hi Beatrix. Not all infinite loops can be detected by AlwaysUp. Let me explain…
AlwaysUp catches non-responsive GUI applications
AlwaysUp’s hang detection feature is designed to identify a specific situation — where a Windows GUI application is not responding to the operating system.
We have all encountered this type of hang before. It happens when Firefox suddenly locks up, or when Excel goes gray and the cursor turns into a spinning wheel. The application is frozen and all input is ignored.
If you are lucky, the disruption only lasts a few seconds; if not, you may have to forcibly terminate the application from the Task Manager. Very annoying!
Beyond the gray window and spinning cursor, there are a couple of telltale signs when an application is hung/non-responsive:
You will see “Not responding” in the application’s title bar.
The application’s process will be marked as “Not responding” in the Task Manager:
Furthermore, Windows may throw up a warning outlining your very limited options:
The good news is that AlwaysUp has you covered in all of those situations!
How AlwaysUp checks if your application is hung
When you enable hang-checking, the AlwaysUp Windows Service component executes the following procedure every few seconds:
Scans the desktop to identify all top-level windows belonging to the application being monitored.
Sends each of those top-level windows a WM_NULL (no-op) message.
Waits a few seconds for each of the windows to acknowledge the message.
Declares the application a hang if no windows respond.
An application that remains hung over the user-supplied duration (1 minute, in your case) will be terminated and restarted.
Not all endless loops result in a frozen/non-responsive application
There are a couple of consequences stemming from the way that AlwaysUp checks for a hang.
First, an application without a top-level window can never be classified as a hang.
For example, this simple, non-GUI C# program that loops forever will escape detection:
using System;
namespace InfiniteLoop {
class Program {
static void Main(string[] args) {
while (true) {
Thread.Sleep(1000);
}
}
}
}
Second, if an application creates multiple windows, all windows must be non-responsive for AlwaysUp to declare a hang. If even a single window processes the WM_NULL message, the application will be classified as responsive.
My guess is that your endless loop test fits into one of the scenarios above. Unfortunately AlwaysUp’s hang detection feature will not be able to help there. Sorry about that!
But all is not lost…
Use the Sanity Check feature to detect endless loops and other failures
There can be many indications that a program is stuck. For example, an application might:
stop responding to requests over the network;
stop writing entries to a status file;
report an “I have failed” message to a log file;
or leave files collecting dust in a specific “inbox” folder
In situations like these — where the failure is detectable by a script or simple utility — you should look to AlwaysUp’s powerful Sanity Check feature. It allows you to extend failure detection to encompass anything you like, including the issues listed above.
The Sanity Check page digs into the technical details, which we will not repeat here. Please review the documentation and get in touch if you need help to use that flexible functionality.
Windows Services are special applications designed to run unattended on your PC. A service an do virtually anything its programmer demands, such as reading files, sending email, checking for viruses — whatever.
Yet in the midst of that tremendous diversity, the vast majority of services have a lot in common. With inspiration from Professional NT Services, it is our observation that the majority of windows services can be placed in one of four categories: Server, Agent, Processor or Canary.
Server: Accept and fulfill requests for services and/or resources
The majority of Windows services implement the Server pattern. They typically act as the proxy/gatekeeper to a well-defined area of the operating system, fulfilling requests as they come in.
For example:
Spooler implements the Print Spooler API. It accepts print requests from desktop applications and negotiates with printers to ensure that they all documents are (eventually) printed.
User Profile Service is responsible for loading and unloading user information on behalf of all applications.
Windows Event Log records application, system and security events through the Event Log API.
Agent: Perform a task regularly on behalf of a person
Many services implement the Agent pattern. They run in the background, performing requested tasks at pre-defined times.
For example:
Google Update Service keeps your Google software up to date, applying security patches and other improvements as they become available.
The Schedule service works in conjunction with the Windows Task Scheduler, launching each scheduled task at its appointed date and time.
Windows Update automatically detects, downloads, and installs of updates for Windows and other Microsoft programs.
Processor: Watches for important events then takes action
A Processor springs to life in response to a triggering event. It has the autonomy to take action and resolve the issue at hand.
For example:
Windows Time ensures that your PC’s clock is correct, synchronizing it with clients and servers in the network.
Background Intelligent Transfer Service opportunistically transfers files in the background when network traffic is low.
Bluetooth Support Service supports the discovery and pairing of nearby Bluetooth devices.
Canary: Notify a person (or application) when something important happens
A Canary is a special kind of Processor. It too watches for important events, but its primary task is to shout loudly instead of taking definitive action.
For example:
Windows Defender Advanced Threat Protection Service helps protect against advanced threats by monitoring and reporting security events that happen on the computer.
System Event Notification Service monitors system events and notifies subscribers to COM+ Event System of these events.
Connected User Experiences and Telemetry enables features that support in-application and connected user experiences. The service manages the event driven collection and transmission of diagnostic and usage information (used to improve the experience and quality of the Windows Platform) when the diagnostics and usage privacy option settings are enabled under Feedback and Diagnostics.
Many desktop applications follow a Windows Service pattern too!
Those four patterns apply to regular desktop applications as well. Most notably:
iTunes enables your Apple devices to play any track from your media library. iTunes is a Server.
SyncToy will synchronize two file systems on demand. SyncToy is an Agent.
Dropbox watches your file system and copies updated files to the server. Dropbox is a Processor.
SpeedFan monitors your computer’s voltage, fan speeds and temperatures and lets you know when something is wrong. SpeedFan is a Canary.
If you are responsible for a legacy/desktop application that aligns with one of the four service patterns, you should consider installing it as a Windows Service. It probably should have been built as a service in the first place!
I have installed Service Security Editor and accidentally DENY one particular service for all users, including local administrator on my laptop. Now I am not able to start the service although I have tried to open from Service Security Editor.
Is there a way to grant the permission again in order to allow me to start the service again? I’m on Windows Server 2012 R2, if that matters.
— Charles
Hi Charles, sorry to hear that!
You won’t be able to access the service from any account or group where you applied the Deny permission. As Microsoft mentions in the confirmation window, the Deny directive is at the “top of the heap” and always takes precedence over Allow:
Here are a couple of ways to fix your problem:
Solution #1: Restore your Windows Service permissions from a new Administrator account
Did you deny access to the Administrators group?
If not, you can restore your permissions from a new administrator account in a few steps:
Create a new user account — best done from the Control Panel:
Change the account type to Administrator:
Login as the new user.
Start Service Security Editor and open your service. Select the account in the top panel, remove all the Deny entries and replace with Allow rights.
For example:
After applying those changes, you should be able to access the service when you next log into your regular account.
Don’t forget to delete the new administrator account you created for this purpose!
Solution #2: Restore your Windows Service permissions from the SYSTEM account
The first solution will not work if you denied access to all administrators. No admin will be able to open the service.
Fortunately the all-powerful SYSTEM account will still be able to manipulate the service. But since you can’t simply sign in as the SYSTEM user and update the service’s permissions, you must take a less than direct approach using our popular AlwaysUp application:
Even though the software costs $49.99, you can use it for completely free for 30 days — more than enough time for you to restore the rights to your Windows Service.
Setup the command prompt to run as the SYSTEM user in AlwaysUp. To do so:
Select Application > Add to open the “Add Application” window.
In the Application field, enter the full path to the Windows command prompt executable, cmd.exe. On Windows Server 2012 R2 (and almost all other versions of Windows), this is:
c:\windows\system32\cmd.exe
Click the Save button to record your settings. An entry for Cmd should appear in the AlwaysUp window:
Select Application > Start “Cmd” in this session. In a second or two, a black command prompt window will appear on your desktop. It will be running in the context of the SYSTEM user.
From the command prompt window, type the full path to the Service Security Editor executable and hit enter. This will start a new instance of Service Security Editor on your desktop:
Open your service in Service Security Editor. Select the Administrators group in the top panel, remove all the Deny entries and add Allow rights.
How about giving full control to all administrators?
Click the OK button to save the updated access rights.
And finally, now that your service is once again accessible, clean up:
Close Service Security Editor.
Switch to AlwaysUp and select Application > Stop”Cmd” to shut down the command prompt.
Hopefully one of these methods will get you back on your feet Charles. If not, please don’t hesitate to get in touch again. There may be another trick or two up our sleeves. 🙂
The Power service implements your computer’s power schemes, policies and notifications as configured in the Control Panel:
The service’s name (and display name) is Power and it runs inside the shared services host process, svchost.exe:
Is it safe to disable the Power service?
In their guidance on disabling system services on Windows Server 2016, Microsoft does not indicate that it is OK to disable the Power service. Indeed, they punt on specific guidance altogether, commenting that “the impact of disabling the service has not been fully evaluated”.
Their ultimate recommendation is to stick with the default configuration — automatic start at boot.
The “Stop” button is disabled. How can I stop the Power service?
If you examine the service’s screenshot, you will notice that the Stop button is disabled — indicating that the service cannot be stopped.
And even the versatile NET STOP command run as an administrator will fail, complaining that the service isn’t in the right “state”:
This is different from the typical permission/rights problem seen when attempting to stop other important services. Here, the Power service is actively refusing to be stopped under any condition and there is no way around it.
What will happen if I kill the Power service’s process?
Your computer will shut down, immediately.
This is because the Power service is hosted by an instance of the shared service host process (svchost.exe) also running these core services:
Background Tasks Infrastructure Service / BrokerInfrastructure: Responsible for background tasks.
Local Session Manager / LSM: Manages local user sessions.
Task Manager will confirm that all four services have the same PID (process identifier):
So killing that svchost process will stop all four services.
If you choose to press on and try to end the process, Task Manager will warn you of the dire consequences:
And that is no idle threat! We were greeted with this delightful blue screen of death after terminating the process on our Windows Server 2019 machine:
Be careful!
The Power service isn’t starting. Help!
We suggest the following:
Reboot your computer. Hopefully you have fallen victim to a temporary glitch and sanity will be restored when the operating system next starts.
Manually run Windows Update. If you’re lucky, the Microsoft Windows engineers have already found and fixed the problem with their software.
Seek expert help. Start with a google search for a quick fix; move on to your local administrator if no resolution is forthcoming.
Reinstall Windows. You may have to start over from scratch if nothing else works… 🙁
Questions? Problems?
If you’d like to know more about the Windows Power service, or you have a specific problem, please feel free to get in touch. We’ll do our best to help you!
I’m wanting to know what permissions a user is required to have in order to stop and start AlwaysUp services. Is there a way to grant access to specific users as I don’t want to have to give them full Admin rights? I’ve created shortcuts but getting the “access denied” message. Thanks in advance.
— Bryant, Wide Bay Water
Hi Bryant.
Typically, only administrators have the power to control Windows Services. That is an appropriate stance, as most services are administrative in nature.
Indeed, it would be a huge mistake to allow non-privileged persons to stop any of the important tasks servicing the computer in the background. Think of the chaos it could cause!
But there are always exceptions. And the good news is that Microsoft provides the ability to set granular permissions on each Windows Service. You can leverage that API/functionality from command-line tools like Microsoft’s SubInACL but your best option is to work directly with AlwaysUp (which is much easier to use).
How to adjust the rights of an AlwaysUp Windows Service
Follow these steps to grant a non-admin user the ability to start and/or stop your service:
Start AlwaysUp.
Highlight/select the application you wish to grant access to. Stop it if necessary.
Select Application > Advanced > Service Security Settings from the menu.
In the Service Security Settings window that comes up, select the user in the top pane. You will have to add the account if it’s not there.
In lower pane, choose the permissions you wish the user to have.
Here you see us permitting user “Mike Jones” to read/access and start (but not stop) the Plex Media Server service:
Remember: The user must work with the full, quoted name of the service, with the “managed by AlwaysUp” suffix. For example, if your application entry is named “VirtualBox” in AlwaysUp, the service will be named:
“VirtualBox (managed by AlwaysUp)”
Easily adjust the rights of non-AlwaysUp Windows Services too!
The instructions above will work for AlwaysUp services, but our free Service Security Editor tool can adjust the permissions of any service. Check it out if you need a general, portable solution for all your Windows Services.