Tools and tips for managing fundamental components of the Windows architecture

Windows' services are central to the function of the OS and your loaded applications. Your system hosts dozens of services that control just about everything you can do with Windows. They enable actions from logging on to file-and-print functionality to supporting legacy networks. In this first part of a two-part series, I give you a definition of services and what they do as well as tools and tips about how to manage them. I discuss the services available in Windows 2000 Server, Standard Edition without service packs applied (the other Win2K server products and Win2K Professional have different service options). The information I provide here sets the foundation for configuring and performance-tuning your Win2K services, which I'll discuss in Part 2.

What Is a Service?
The Windows NT architecture has always used the services model (i.e., operational modules that encapsulate specific system functions). For example, Win2K's Indexing Service contains all the compiled code and interfaces necessary to index content on your server. Other applications and services can rely on and use the Indexing Service to provide even more functionality. A case in point is Microsoft SQL Server 2000's cross-store search function, which uses the Indexing Service to let you search for content across files and directories, on the Web, in SQL Server databases, and even in the Microsoft Exchange Server Web Store.

Isolating functions neatly into individual services makes the functions more manageable and easier to use. In addition, the isolation gives you fine-grained control over execution and availability of the OS or application features, helps you troubleshoot problems, and lets you easily access system information, such as network properties and performance counters.

A service can be a core part of the OS's Service Controller, which is the services.exe file in the \winnt\system32 directory. You can also find running services on the Processes tab in the Task Manager dialog box. A service can also be an application or the compartmentalized functionality of a server application such as SQL Server or Exchange. For example, installing Exchange loads a new selection of services that makes up the application's messaging and collaboration functionality. You can even set an individual end-user or desktop application to run as a system service.

Service Administration
Managing services on your Win2K Server system is fairly straightforward. Log on to your server as Administrator or to an account in the Administrators group that lets you change services' settings. The Microsoft Management Console (MMC) Computer Management snap-in gives you complete control over services' attributes and execution and lets you view services' status. To access the Computer Management snap-in, click Start, Services, Programs, Administrative Tools, or right-click the My Computer icon on your desktop and select Manage. In the Computer Management window, which Figure 1 shows, expand the Services and Applications tree and click Services. The right pane will list all the installed services on your system, regardless of whether they're running.

Right-clicking a service brings up a menu of tasks, which Table 1 defines. You can also use the icon that accompanies each listed service to start, stop, pause, or restart the service. Just select the service and click the appropriate icon.

By default, the Computer Management console displays five columns of information for each currently installed service: Name, Description, Status, Startup Type, and Log On As. However, you can configure the Computer Management console by selecting Choose Columns from the View menu. At the resulting dialog box, you can select the data that you want the console to display.

To view a service's properties, right-click or double-click the service name and select Properties from the pop-up menu. Figure 2 shows the Properties dialog box for the Fax Service. This dialog box offers far more control than NT 4.0 provides. On the General tab, you can't change the service name, but you can change both the display name and the description, which might help you organize your services in the management interface for easier recognition and use. The General tab also displays the path to the service's executable file. The Fax Service is a standalone executable that the system runs as a service, whereas other system services, such as the Alerter service, are part of the core Windows functionality and the OS's Service Controller. From the Startup type drop-down list on the General tab, you can select whether the system service or application is loaded automatically or manually or is disabled. Table 2 outlines these options. To govern how the Fax Service operates, you can change the Service status parameter to Start, Stop, Pause, or Resume. In the Start parameters text box, you can specify start parameters that you want the system to pass to the service when it loads, such as file locations and control attributes.

The Log On tab of the Properties dialog box, which Figure 3, page 72, shows, gives you control over a service's security attributes. On this tab, you can select which security attribute the service runs under, determining the scope of its operation in the system as well as that of any application that depends on the service. Thus, use caution when you configure this tab's settings. By default, services log on and run with the security attributes of the LocalSystem account (a unique system user account that's local to the server and doesn't provide logon or network access). LocalSystem is similar to the Administrator account in that LocalSystem runs under the authority of the OS. Therefore, the service has the access necessary to run properly. You can also set a service to run under a user account that you create for a specific purpose, such as centralizing the management of certain applications. (For example, you might create an Exchange_Server user account that only Exchange Server services use and that's associated with specific user rights and policies.) On the Log On tab, you can also associate service-execution parameters with hardware profiles to control which applications and services run under various hardware configurations. For example, you might have a special maintenance-mode profile in which the server boots to a minimum configuration that has all peripheral devices, storage arrays, and the related system services disabled so that you can install or upgrade applications without interference.

The Recovery tab provides new functionality in Win2K. If a service fails under NT 4.0, all you can do is look in the event logs for a clue about the cause. You need additional management tools to solve the problem from there. As Figure 4 shows, the Recovery tab provides a drop-down list of actions the system can take after a service's first failure, second failure, and subsequent failures. You can choose from four options: Take no action, Restart the Service, Run a File, or Reboot the Computer. Judiciously selecting actions makes your server self-maintaining to a certain extent. For example, if the Fax Service configured in Figure 4 stops for some reason, the server will first try to restart the service. On the second failure, the server will run a file containing an application that sends a page alert to the systems administrator. If the service fails again, the system will reboot.

The Recovery tab also gives you access to an attribute that resets the failure count so that the count doesn't get caught in a terminal loop. In addition, you can set the length of time the server will wait before it tries to restart the service. Clicking Restart Computer Options takes you to a dialog box, which Figure 5 shows, in which you can specify what will happen if an automatic system reboot becomes necessary.

The Dependencies tab shows which services the selected service relies on for its operation and which services depend on the selected service. Figure 6 shows that the Plug and Play and Print Spooler services, among others, are necessary for the Fax Service to function, but that no other applications or services currently depend on the Fax Service.

Some systems management applications let you remotely control services (e.g., restart a failed application service over a dial-up connection). You can find this useful functionality in many popular systems management tools and out-of-band management applications as well as in the Microsoft Windows 2000 Resource Kit.

You can also manage services from a command prompt. Use the Net Start and Net Stop commands to pass parameters to a service and control its execution. Use the command prompt to create system startup and shutdown scripts that let you simultaneously control many services, or to create batch commands that restart multiple services after an error.

Taking Action
Why would you want to look up or modify a service's settings? Many situations require you to investigate the status of the services on your system and take action, as the following examples show.

An application or service has a problem. If you receive an event-log warning or a system error or if an application isn't functioning properly, you'll need to navigate to the services management tool that I discussed in the previous section.

You need to cause configuration changes to take effect. Changing a service's properties or server network settings sometimes requires you to reboot the system or at least restart a service. You can use the services management tool's tasks to manually stop and restart the required services, causing the changes to take effect without rebooting the system.

You need to troubleshoot. If your server is having difficulties, a useful method of tracking the cause is to shut down services one by one until you discover which service is causing the problem. Or, you can shut down all application services until you can diagnose the one you know to be problematic.

You want to change the way the system behaves. If you want to control access to the server by shutting down network authentication services, change service security settings, or turn applications on and off, you can do so from the services management tool.

You need to shut down services to install applications or system updates. Sometimes you need to use the services management tool to shut down services and install various applications or system updates. For example, you must terminate all services that use ODBC before you can install the Microsoft Data Access Components (MDAC) update.

You need to install new services or applications. Before installation, some applications, services, and system updates require you to stop a server application. For example, before you can apply an MDAC update, you must shut down all ODBC-dependent services.

Installing and Uninstalling Services
If you installed and then removed applications from pre-Win2K Windows installations, the uninstallation process invariably left little program gremlins on your system. In Win2K, Microsoft has significantly improved this situation by designing the OS to maintain much tighter control over application components and their code. The result is that you can use Win2K's native packaging and development tools to minimize the instances of nonfunctional services remaining in your configuration.

In many cases, applications manage their components by themselves, configuring or creating new services as needed. When you use an application's original installer tool to remove the application, the tool can usually clean up and remove any remaining pieces. However, if you've changed the application's configuration since you installed the tool, you might have to manually change the configuration back to the original for the installer tool to successfully remove the application.

Win2K uses the Control Panel Add/Remove Programs applet to add and remove application, network, and data services. However, I strongly recommend that you don't try to manually remove a service by tracking down its code in the \winnt directory and deleting it. Doing so can have unpredictable but negative effects on your server's operation. Alternatively, the resource kit provides an array of tools that you can use for service-management tasks. Table 3 provides a list of resource kit tools for managing system and application services.

If you prefer to manage from a command prompt, the resource kit offers command-line versions of service-management tools that let you install and uninstall services' executable files, but only on the local machine. In addition, these tools require you to use the Service Controller (sc.exe) tool to start and set services' attributes. The Service Installation Wizard is a GUI tool that lets you install, start, and set services' attributes from one interface, even on remote servers. However, you should use this tool only with applications and services that don't have an install/uninstall program.

The resource kit's Srvany tool lets you run an end-user or other Windows application as a system service. (Some applications install as system services, but you have to force others to run this way.) Running Windows applications as system services lets you set an application to load automatically when the server boots, without requiring a user to log on. (However, you should test this configuration on a nonproduction system first—some applications don't function properly when forced to run as services.) The application runs in the background regardless of the security attributes of the current user. The resource kit includes instructions for how to install and use Srvany. For more information about Win2K's resource kit tools, invest in the resource kit and pay close attention to the Win2K core Help files and the resource kit's documentation.

Learn the Basics
Take time to gain an understanding of Win2K Server services and become familiar with the auxiliary Win2K service-management tools available to you. This knowledge will help you analyze Win2K's default services configuration to determine your server's optimal configuration.