Mr. Roboto

Service Control Freak

Services are invaluable, but be sure to keep them from taking over.

Services are awesome: They run in the background, quietly doing stuff that makes Windows work better, like sharing files and folders. Unfortunately, services are not-so-awesome when it comes to maintenance: Services logged onto by means of a user account need their passwords changed on a periodic basis, and doing so can be a nightmarish, completely manual task. Disabling unwanted services, or changing a widespread service to use a different logon account, are less-commonly performed tasks, but they're still a nuisance, or worse. The result? Companies often don't even bother keeping their services updated, electing instead to take the security and maintenance risk on the chin or, even worse, just run every service as LocalSystem, effectively giving them near-Godlike powers on servers and workstations.

Getting a Handle
Stop the madness. First, there are commercial tools out there that can make service management completely automated. One such tool is Service Explorer from ScriptLogic, a graphical tool that lets you manage all the services in your enterprise with a few mouse clicks. It'll even help inventory services, so that you know (rather than guessing) which services are running on which machines. However, if there's no budget for a third-party commercial tool, this month's free tools can still be a big help. I'm giving you a set of command-line tools (written in VBScript), which are designed to help automate service management. Run any of them with a /? command-line argument to get syntax help; any of them can target a list of computers from a text file (perfect for updating a service that's running on a few servers, like SQL Server or Exchange Server), or can target computers from Active Directory (based on OU membership). Add the /ping argument to help speed up the tool's operation when one or more targeted computers might not be reachable (turned off, for example), and add /verbose to see detailed progress messages as the tool runs. Note that the tools perform their magic using that old administrator's friend, Windows Management Instrumentation (WMI); that means targeted computers will need to lower their shields (firewalls) for the tools to be able to connect and do their job.

Here's what you get:

  • ChangeServiceLogonAcct, which changes the logon account that a service is using
  • ChangeServiceLogonPassword, a must-have for any administrator
  • ChangeServiceStartMode, which allows you to set a service to manual, disabled or automatic
  • ListComputersUsingService, an invaluable tool that'll tell you which computers (in your domain, usually) are running a given service
  • ListServicesUsingAccount, which tells you all of the services that are logging on using a given user account
  • RemoveService (self-explanatory)
  • StopDisableService, which stops and disables a service that you don't want running anymore

Download this month's tool from

How It Works
For example, if you want to see which computers in your Sales OU are running a service named MyService, you'd run something like ListComputersUsingService /container:Sales /recurse /output:c:\list.txt. That'll actually save the list to a text file named C:\List.txt, making a review of the script's findings easier. The /recurse argument (available in all the tools) processes sub-OUs as well.

For all their functionality, most of these tools come down to a single line of useful VBScript code. For example, here's an excerpt from the ChangeSer viceLogonPassword tool:


Having connected to the specified service by using WMI, the oService variable represents that service; the Change method is used to change its logon password. The remaining 400-odd lines of code in the tool is given over to reading AD, pinging and so forth; useful stuff, but it's neat to see how one line of VBScript can effect such a powerful change.

About the Author

With more than fifteen years of IT experience, Don Jones is one of the world’s leading experts on the Microsoft business technology platform. He’s the author of more than 35 books, including Windows PowerShell: TFM, Windows Administrator’s Scripting Toolkit, VBScript WMI and ADSI Unleashed, PHP-Nuke Garage, Special Edition Using Commerce Server 2002, Definitive Guide to SQL Server Performance Optimization, and many more. Don is a top-rated and in-demand speaker and serves on the advisory board for TechMentor. He is an accomplished IT journalist with features and monthly columns in Microsoft TechNet Magazine, Redmond Magazine, and on Web sites such as TechTarget and Don is also a multiple-year recipient of Microsoft’s prestigious Most Valuable Professional (MVP) Award, and is the Editor-in-Chief for Realtime Publishers.

comments powered by Disqus
Upcoming Events

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.