Stopping services, restarting services(safemode)
Moderator: DosItHelp
-
- Posts: 20
- Joined: 25 May 2012 12:34
Stopping services, restarting services(safemode)
Ocassionally I get hijacked services and few program can detect them or stop them. They also don't show themselves until you stop the services. Plus I like to run something similar to safe mode but still be able to do check desk and install all my programs. THUS I have created this little batch utility that shuts all the servies down (with the help of other bath people).
here is my snippet;
::--------------------------------
:stop
::stopping services
for /f "tokens=*" %%a in ('net start') do echo y|net stop "%%a" /y
pause
This is a two part question
1. How can I change this to skip the first service, which isn't a service but the heading and says it failed.
2. How can I put in a service(s) that I want to skip?
here is my snippet;
::--------------------------------
:stop
::stopping services
for /f "tokens=*" %%a in ('net start') do echo y|net stop "%%a" /y
pause
This is a two part question
1. How can I change this to skip the first service, which isn't a service but the heading and says it failed.
2. How can I put in a service(s) that I want to skip?
Re: Stopping services, restarting services(safemode)
Question 1. Skip the first line
Use the "skip" option in FOR /F.
Question 2. "Put in a service to skip"
I'll ask you to be a little bit more specific.
Use the "skip" option in FOR /F.
Code: Select all
for /f "skip=1 delims=" %a in ('net start') do @echo %a
Question 2. "Put in a service to skip"
I'll ask you to be a little bit more specific.
-
- Posts: 20
- Joined: 25 May 2012 12:34
Re: Stopping services, restarting services(safemode)
If you run this piece of code you will see it lists all the services. Lists only not stops. Run it and you will see the first service listed isn't a service at all. I used the skip and it worked well.
dcom service won't be turned off because others are dependant on it. I just wondered if I could put the names of a few names to skip.
for /f "skip=1 delims=" %a in ('net start') (if %a=="dcom" skip
do @echo %a
)
I have no clue. I can't do any do's in for loops. Just wondering if it were possible to add several services to skip. The routine waits a while when trying to shut down services that have dependencies.
I also want to disable all services that aren't default.
I would have to make a list of services and a routine like;
if service neq to anything in this list, disable.
Thanks for your help!
dcom service won't be turned off because others are dependant on it. I just wondered if I could put the names of a few names to skip.
for /f "skip=1 delims=" %a in ('net start') (if %a=="dcom" skip
do @echo %a
)
I have no clue. I can't do any do's in for loops. Just wondering if it were possible to add several services to skip. The routine waits a while when trying to shut down services that have dependencies.
I also want to disable all services that aren't default.
I would have to make a list of services and a routine like;
if service neq to anything in this list, disable.
Thanks for your help!
Last edited by crobertson on 06 Aug 2012 20:28, edited 1 time in total.
Re: Stopping services, restarting services(safemode)
There must be an easier way to do this, but all I can think right now is a nested FOR loop.
Which list would be bigger, one containing names of services to DISABLE, or one containing names of services to keep?
You can create a .txt file with the services names you want to disable OR keep, and then run something like this:
and then you replace "EQU" with "NEQ", depending on your listing option (keep or disable).
Which list would be bigger, one containing names of services to DISABLE, or one containing names of services to keep?
You can create a .txt file with the services names you want to disable OR keep, and then run something like this:
Code: Select all
@echo off
for /f "skip=1 delims=" %%a in ('net start') do ^
for /f "delims=" %%b in (listOfServices.txt) do (
if /i "%%a" EQU "%%b" net stop "%%a"
)
and then you replace "EQU" with "NEQ", depending on your listing option (keep or disable).
-
- Posts: 20
- Joined: 25 May 2012 12:34
Re: Stopping services, restarting services(safemode)
It won't matter which list is bigger, but the keepers IS shorter. The ones you want to shut off are unknown services. Some are valid and some are trojans or fake services. I'll try this out tomorrow. Thanks!
Is it possible to do the same thing with processes? I don't want to turn off svchost (we've just turned off all unwanted services) lsass, system and a few others. then turn off all programs
Is it possible to do the same thing with processes? I don't want to turn off svchost (we've just turned off all unwanted services) lsass, system and a few others. then turn off all programs
-
- Posts: 20
- Joined: 25 May 2012 12:34
Re: Stopping services, restarting services(safemode)
I tried your code for disabling services and couldn't get it to work. I saw a black screen then it went off.
It is difficult to troubleshoot.
I want to have a list of services to keep.
What is 'net start' referring to?
It is difficult to troubleshoot.
I want to have a list of services to keep.
What is 'net start' referring to?
Re: Stopping services, restarting services(safemode)
That can happen if you (manage to) turn off a service which is essential to the system.crobertson wrote:I tried your code for disabling services and couldn't get it to work. I saw a black screen then it went off.
There is no such "safe" list. The next service pack or software upgrade may bring in a new service you don't know about, that might well black screen once shut off. Which is exactly why it's a bad idea to have a "whitelist" of services to begin with - if anything, better blacklist what you know about, and leave the rest alone. Even better, do it using Windows' and other programs' config options, rather than brute force.crobertson wrote:I want to have a list of services to keep.
Open a cmd prompt, type 'net start', press Enter. It becomes self explanatory at that point.crobertson wrote:What is 'net start' referring to?
Liviu
-
- Posts: 20
- Joined: 25 May 2012 12:34
Re: Stopping services, restarting services(safemode)
This discussion is with Fawers. No the program isn't turning any services off. It's stopping before it does anything.
I know what net starts is. I've never seen it referenced to as though it was a file.
Yes there is a safe list found here http://www.blackviper.com/
I already have registry entry that sets the windows services to Auto manual or disabled, and some batch files that do the same using the net services.
I'm not having a debate about services. I do this about 10 times a day with great sucess. I'm discussing code right now.
I know what net starts is. I've never seen it referenced to as though it was a file.
Yes there is a safe list found here http://www.blackviper.com/
I already have registry entry that sets the windows services to Auto manual or disabled, and some batch files that do the same using the net services.
I'm not having a debate about services. I do this about 10 times a day with great sucess. I'm discussing code right now.
-
- Posts: 20
- Joined: 25 May 2012 12:34
Re: Stopping services, restarting services(safemode)
Fawers,
I added this bit of code before to list the services running so I would have them all listed, then turn off those. I get a message that the specified service does not exist.
@echo off
color 0A
MODE CON: COLS=90 LINES=50
title List services
:list
::list services currently installed
for /f "skip=1 tokens=*" %%a in ('net start') do echo %%a>>services.txt
start services.txt
pause
:disable
::disable those not in list
for /f "skip=1 delims=" %%a in ('net start') do ^
for /f "delims=" %%b in (Services.txt) do (
if /i "%%a" NEQ "%%b" net stop "%%a"
)
I added this bit of code before to list the services running so I would have them all listed, then turn off those. I get a message that the specified service does not exist.
@echo off
color 0A
MODE CON: COLS=90 LINES=50
title List services
:list
::list services currently installed
for /f "skip=1 tokens=*" %%a in ('net start') do echo %%a>>services.txt
start services.txt
pause
:disable
::disable those not in list
for /f "skip=1 delims=" %%a in ('net start') do ^
for /f "delims=" %%b in (Services.txt) do (
if /i "%%a" NEQ "%%b" net stop "%%a"
)
-
- Posts: 20
- Joined: 25 May 2012 12:34
Re: Stopping services, restarting services(safemode)
Also, is there a way to skip the last line when writing to a text file or reading from one? These all include the line "comman completed sucessfully"
I though after tokens you add -1, but it did not work.
I though after tokens you add -1, but it did not work.
Re: Stopping services, restarting services(safemode)
crobertson wrote:Also, is there a way to skip the last line when writing to a text file or reading from one? These all include the line "comman completed sucessfully"
I though after tokens you add -1, but it did not work.
If the line always says completed successfully then do a check for it by piping the output to the findstr command and then redirecting to a file.
Re: Stopping services, restarting services(safemode)
Sorry, didn't realize this was a private chatroom Don't worry, I won't intrude again. Besides, you seem bent on blackviper wisdom and registry hacking (instead of the builtin command line service control), so there's isn't much to add.crobertson wrote:This discussion is with Fawers.
-
- Posts: 20
- Joined: 25 May 2012 12:34
Re: Stopping services, restarting services(safemode)
Didn't mean to sound like your not welcome to discuss the code, but fawers was on target with the code. Just needs some tweaking. I'm not discussing the practicallity of what I'm doing. It works great for me, and have had great sucess in all our satellite offices. Just automating what I am doing now.
Thank you squashman, I will try that. I had been told of a quick way to skip last entry.
I will post completed code.
Thank you squashman, I will try that. I had been told of a quick way to skip last entry.
I will post completed code.
Re: Stopping services, restarting services(safemode)
@crobertson, well, flashing black screens are not necessarily signs of a great succes.
@Fawers, here is a variation on your idea, using 'sc /query' instead of 'net start' - slight advantage being that it doesn't waste time on trying to stop "unstoppable" services (which is not to say that the rest are safe to stop, but I won't go there again). The snippet below assumes there is a "svc-ok.txt" file in the current directory, with a list of services to keep, one per line, using the display name. The brave of heart may compile their own "svc-ok.txt" whitelist and remove the @rem from the next-to-last line.
Liviu
@Fawers, here is a variation on your idea, using 'sc /query' instead of 'net start' - slight advantage being that it doesn't waste time on trying to stop "unstoppable" services (which is not to say that the rest are safe to stop, but I won't go there again). The snippet below assumes there is a "svc-ok.txt" file in the current directory, with a list of services to keep, one per line, using the display name. The brave of heart may compile their own "svc-ok.txt" whitelist and remove the @rem from the next-to-last line.
Code: Select all
@echo off
setlocal disabledelayedexpansion
set "svc="
for /f "delims=" %%x in ('sc query state^= all') do call :svcs %%x
goto :eof
:svcs
for /f "tokens=1,2* delims=:() " %%u in ("%*") do (
if not defined svc (
if "%%u"=="SERVICE_NAME" (
if "%%w"=="" (set "svc=%%v") else (set "svc=%%v %%w")
set "svcex="
) ) else if not defined svcex (
if "%%u"=="DISPLAY_NAME" (
if "%%w"=="" (set "svcex=%%v") else (set "svcex=%%v %%w")
set "stat="
) ) else if not defined stat (
if "%%u"=="STATE" (
set "stat=%%w"
set "statex="
) ) else (
set "statex=%%u"
call :svc
)
)
goto :eof
:svc
if not "%stat%"=="STOPPED" (
if not "%statex:NOT_STOPPABLE=%"=="%statex%" (
echo ... not stoppable - "%svcex%"
) else (
call :stop
) )
set "svc="
goto :eof
:stop
for /f "delims=" %%z in (svc-ok.txt) do (
if /i "%%z"=="%svcex%" (
echo --- whitelisted - "%svcex%"
goto :eof
) )
echo *** to be stopped - "%svcex%"
@rem net stop "%svcex%"
goto :eof
Liviu
Re: Stopping services, restarting services(safemode)
Liviu wrote:(which is not to say that the rest are safe to stop, but I won't go there again)
I think it has to be made clear in this thread that stopping services willy nilly is unwise and is likely to cause problems on machines.
@crobertson - if you do this at work then I think this is a particularly unwise course to take, on machines that are needed to run a business