What Are Services?
A service is an essential mechanism built into Microsoft Windows operating systems. You can think of services as “particular applications” that run with no stare to the current user context. Services are unlike from “regular” user application since you can configure a service to run from the time a system starts up (boots) until it shuts down, without requiring an active user to be nearby – that is, services can run even though no users are logged on.
We like to think about services as organization tasks for us in the background with no intrusive with user operations. Services on Windows are accountable for all kinds of background action that do not involve the user, ranging from the Remote Procedure Call (RPC) service, through Printer Spoolers, to the Network Location Awareness service.
Over the years, Windows has grown and with it the numeral background services. But to be honest, background services in Windows are a pain – the operating system ships with a lot of them in the box. On top of that, ISVs and their application add even more services, like software updates to name only one. With that said, some of these services are critical and are required during boot sequences, some are required later when a specific user logs on, while others don’t need to execute until they are called upon. Nonetheless, when you look at the currently running services, you see a lot of services that really don’t need to run 24x7.
What’s wrong with Services Running 24x7?
There are several issues with having services run 24x7:
First, why have something run (even in the background) when there is no need for it to run? Any running process (services included) uses valuable memory and CPU resources that could be used by other applications and services. If you total up all the services that are running at any given time, they add up to quite a lot of memory, handles, threads, and plenty of CPU usage. All of these “wasted” resources reduce the in general computer presentation, decrease its receptiveness, and make users think their computers are lethargic and slow. Also, since most of the running services are configured as Auto-Start (start running upon system log-on), these services have an crash on the computer's boot time.
Second, these exhausted resources, have a direct crash on power consumption. The more demands we place on the CPU, the more power our computer uses. This can be dangerous for laptops, and could decrease battery life from four hours to three hours.
Third, having non-productive software run all the time may lead to memory leaks and overall system instability. This can lead to application crashes and in the end computer crashes.
Last, but not smallest amount, if a service is running 24x7, and this services is well recognized (any popular application might have one – like the PDF Reader), it provides a larger attack surface. A hacker might use the knowledge that a certain popular request installs a service that runs 24x7, and try to hack into that service to gain privileged access to the computer.
Given all of the above, it makes you wonder why so many developers configure their services to run all the time when there is other option. Even before Windows 7, there were quite a few service start-up options:
- Disabled totally disable the repair and prevent it and its dependency from running—this means that the user must start the repair physically from the Control Panel or the command line
- Manual starts a service as necessary (defined by dependencies to other services) or when called from an application using the relevant API as shown later in this post
- Automatic starts the services at system logon
- Automatic Delayed is a newer startup type introduced in Windows Vista that starts the service after the system has finished booting and after initial demanding operations have completed, so that the system boots up faster
Unfortunately, many ISVs (Microsoft included) still decide to configure their services to Automatic (or Automatic Delayed) because it is the easy solution for everyone. A service simply runs 24x7 and is forever available, get rid of the require to check any dependency or corroborate that the service is running.
There are many examples of obtainable services that can turn out to be more resource welcoming and more protected by not running 24x7. For example, think of an update service that checks for new request updates. If the computer is not associated to a network and has no IP available, why be supposed to the update service run? It can't turn up at anywhere, so why run a program that does nothing? Think about a policy management service that is invoke when a group policy change or when the computer joins or leaves a domain, but right now the computer is associated to my home network and again the service works in vain.
Introducing Windows 7 Trigger Start Services
The solution for the above troubles is to move the service out of its “forever running state” into other types of backdrop action, such as listed tasks or trigger-start services. This post focus on Windows 7 Trigger Start Services. Windows 7 Scheduled Tasks include a lot of expensive information that we will describe in one more post.
Trigger-start services are new to Windows7. A trigger-start service is a usual service that you can configure to run (or stop running) only when it is triggered, that is, only when certain criteria and conditions that you define are met (for example, when the first network IP address become obtainable, or when the last network IP is lost). Here is a list of the obtainable triggers that you can use to configure the Start-Up mode of a given service:
- Device interface arrival or departure
- Joining or leaving a domain
- Opening or closing a firewall port
- Group policy change
- First IP address obtainable/ last IP address leaving
- Custom event – Event Tracing for Windows (ETW)
The last item in the list represents the extendibility point. As a developer, you can configure any ETW event as a trigger for services, which gives you a very high-quality tool to fine-tune your control over starting and stopping services from your request.
So what precisely is a trigger?
A trigger consists of:
- A trigger event type
- A trigger event subtype
- The deed to be taken in reply to the trigger event
- One or more trigger-specific data items (for sure trigger event types)
The subtype and the trigger-specific data items jointly identify the conditions for notifying the service of the event. The format of a data item depends on the trigger event type; a data item can be made up of binary data, a string, or a militating.
Working with Trigger Start Services
Unluckily, Windows 7 Services MMC UI does not take in a graphical symbol of the trigger start services. However, you have two options. You can still use the old and good sc.exe (Service Configuration command line tool), or you can use the WIN32 ChangeServiceConfig2 process to configure the service start option programmatically as demonstrated in this post.
Using SC.exe to Query Service Trigger Information
It's time to start have some fun. First, let’s start with just extract some configuration information from a few services. The general form for using the service configuration is:
sc <server> [command] [service name] <option1> <option2>...
Where server is not obligatory and by defaulting you works with the local computer:
- command is the process you wish to perform like querying trigger information
- service name is the name of the service you wish to work with
- options are the different values (options) you can pass to configure the service
Let’s start by querying a precise service for its trigger start configuration. To do so you need to launch a Windows Shell window:
- Open the start menu.
- Type CMD in the search box.
- Choose cmd.exe.
This will open a Windows Shell window. - Type sc qtriggerinfo w32time and press enter
As you can see, we query the trigger information of the W32time service, which is configured to start when the computer is joined to a domain and stop when the computer foliage the domain.
Microsoft updated the sc.exe command-line tool for Windows 7 to hold up configuring and query a service for supported triggers. Type sc triggerinfo in the Windows shell window and press enter. The effect looks like the box below, and lists all the dissimilar triggers and how to configure a service to use trigger start services.