Sc
Jump to navigation
Jump to search
Description
sc is a command line based tool to communicate with the NT Service Controller and services.
Usage
Syntax
sc <server> [command] [service name] <option1> <option2>...
The option <server> has the form \\ServerName
Options
- query
- Queries the status for a service, or enumerates the status for types of services.
- queryex
- Queries the extended status for a service, or enumerates the status for types of services.
- start
- Starts a service.
- pause
- Sends a PAUSE control request to a service.
- interrogate
- Sends an INTERROGATE control request to a service.
- continue
- Sends a CONTINUE control request to a service.
- stop
- Sends a STOP request to a service.
- config
- Changes the configuration of a service (persistant).
- description
- Changes the description of a service.
- failure
- Changes the actions taken by a service upon failure.
- sidtype
- Changes the service SID type of a service.
- qc
- Queries the configuration information for a service.
- qdescription
- Queries the description for a service.
- qfailure
- Queries the actions taken by a service upon failure.
- qsidtype
- Queries the service SID type of a service.
- delete
- Deletes a service (from the registry).
- create
- Creates a service. (adds it to the registry).
- control
- Sends a control to a service.
- sdshow
- Displays a service's security descriptor.
- sdset
- Sets a service's security descriptor.
- showsid
- Displays the service SID string corresponding to an arbitrary name.
- GetDisplayName
- Gets the DisplayName for a service.
- GetKeyName
- Gets the ServiceKeyName for a service.
- EnumDepend
- Enumerates Service Dependencies.
- boot
- Doesn't require a service name
- Possible values: ok, bad
- Indicates whether the last boot should be saved as the last-known-good boot configuration
- Lock
- Doesn't require a service name
- Locks the Service Database
- QueryLock
- Doesn't require a service name
- Queries the LockStatus for the SCManager Database
Examples
Remotely stop a process
In this example, we first check whether the process named HitmanProScheduler is running on host 192.168.1.12:
C:\Users\unknown>sc \\192.168.1.12 query HitmanProScheduler
SERVICE_NAME: HitmanProScheduler
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
We remotely stop the process. The status is now indicating STOP_PENDING:
C:\Users\unknown>sc \\192.168.1.12 stop HitmanProScheduler
SERVICE_NAME: HitmanProScheduler
TYPE : 10 WIN32_OWN_PROCESS
STATE : 3 STOP_PENDING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
A few seconds later, we check whether the service has been successfully stopped:
C:\Users\unknown>sc \\192.168.1.12 query HitmanProScheduler
SERVICE_NAME: HitmanProScheduler
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
Query configuration information
The services information are stored in the registry database under the HKLM\SYSTEM\CurrentControlSet\Services key:
Using the sc tool, it is possible to request the same information and display it in a more convenient way:
C:\>sc qc AdobeFlashPlayerUpdateSvc
[SC] GetServiceConfig SUCCESS
SERVICE_NAME: AdobeFlashPlayerUpdateSvc
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Adobe Flash Player Update Service
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem