PowerShell | Windows Service Startup Mode
Manage Services Startup Mode: Windows Services Security and Availability
Managing the startup mode of Windows services is a critical aspect of system administration that directly impacts both security and availability. Proper configuration ensures that essential services are available when needed, while unnecessary or potentially harmful services are disabled, thereby protecting the system from security threats and performance issues.
​
1. Ensuring System Availability.
Key Points:
-
Automatic Startup: Essential services that are required for the normal operation of the system should be set to start automatically. This ensures that critical functionality is available immediately upon system boot.
-
Reduced Downtime: Proper management of service startup modes can minimize system downtime. By ensuring that necessary services start automatically, you reduce the need for manual intervention after reboots or system crashes.
-
Dependencies: Some services depend on others to function correctly. Properly configuring the startup mode ensures that these dependencies are met, preventing service failures.
​
Example: Setting the "SQL Server" service to start automatically ensures that
database-dependent applications are available immediately after a server reboot.
2. Enhancing System Security
Key Points:
-
Disabling Unnecessary Services: Unnecessary services can introduce security vulnerabilities. Disabling these services reduces the attack surface of the system.
-
Mitigating Risks: Some services might run with high privileges and can be exploited by attackers if not properly managed. By disabling or setting these services to manual startup, you mitigate potential risks.
-
Controlled Startup: Setting non-essential services to manual startup ensures they are only running when needed, reducing the risk of exploitation through service vulnerabilities.
​
Example: Disabling the "Remote Registry" service can prevent unauthorized remote access to the system's registry, enhancing security.
​
3. Improving System Performance
Key Points:
-
Resource Management: Services consume system resources such as CPU, memory, and disk I/O. By disabling or setting non-essential services to manual, you free up these resources for more critical tasks.
-
Boot Time: Reducing the number of services that start automatically can significantly improve the system’s boot time, leading to faster availability of the system for use.
​
Example: Setting the "Windows Search" service to manual on a server where search functionality is not required can save resources and improve performance.
Using the Services Management Console (services.msc)
-
Press Win + R, type services.msc, and press Enter.
-
In the Services window, find the service you want to configure.
-
Right-click the service and select Properties.
-
In the Properties dialog, under the General tab, find the Startup type dropdown.
-
Select the appropriate startup type (Automatic, Manual, or Disabled).
-
Click Apply and OK.
​
Using PowerShell
PowerShell provides a powerful way to manage service startup modes, especially for bulk or automated changes.
PowerShell Script - Update Startup Attribute
-
Identify the Service Name: Choose the name of the service you want to check and potentially modify.
-
Check Current Startup Type: Use PowerShell's Get-Service cmdlet to retrieve information about the service. Specifically, you'll look at the StartType property to see how the service is currently configured.
-
Condition to Set to Automatic: Verify if the service is not already set to Automatic startup. If it's not, then proceed to change it.
-
Set Service to Automatic: Use Set-Service cmdlet to change the startup type of the service to Automatic.
-
Output: Provide appropriate messages or logging to indicate the actions taken.
Set Serivce Startup to Automatic
​#Input from File List of Computers
$MyComputers = Get-Content 'C:\temp\MyComps.txt'
#====================
#Instantiate Array
#===================
$MyArray = @()
$MyFails = @()
#===============================
#Check Access to Each Computer
#===============================
Foreach ($Comp in $MyComputers) {
If ((Invoke-Command -ErrorAction SilentlyContinue –ComputerName $comp –ScriptBlock { 1 }) –eq 1) {
$MyArray += $Comp
}
Else {
$MyFails += $Comp
}
}
#---------------------------------------------
# Main Command to Execute on Remote Systems
#---------------------------------------------
$MyCommand = {
#For Storing Results
$StartupResultsArray = @()
#Create List of Services
$ListofServicestoCheck = @('RemoteRegistry', 'WinRM', 'mpssvc')
#==================Loop Through Services to Set Startmode to Automatic===================
Foreach ($service in $ListofServicestoCheck) {
#Get Service Info
$WMI = Get-WMIObject -class win32_service -namespace root\cimv2 | where-object { $_.name -eq $service }
#Check if Service Already Set to Auto Start
If ($WMI.StartMode -ne "Auto") {
#If Not Set to Auto, Change it
$Return = $WMI.changestartmode("Automatic")
#Check to See if Error Returned
if ($Return.returnvalue -eq 0) {
$StartupResultsArray += "$Service `t StartMode Success"
}
Else {
$StartupResultsArray += "$Service `t StartMode Failure"
}
}
Else {
#Message if Service Already in Automatic Startup Mode
$StartupResultsArray += "$Service `t StartMode Already Set"
}
}
Return $StartupResultsArray
} #End Main Command
#Execute Main Command And Export Results to Screen
Invoke-Command -ComputerName $MyArray -ScriptBlock $MyCommand
Set Service Startup Mode to Delayed Start
<#
Summary:
Get list of computers from file
Loop and test connection
Set services to delayed start
Author: Scott Head
Date: 02/09/2022
Version: 1.0
#>
#Get input from file
$Computers = Get-Content C:\temp\Comp-Input.txt
$ArrayPing=@()
#Loop through computer and test connection
Foreach($Computer in $Computers){
$Checker=Test-Connection $Computer.Trim() -Count 1 -Quiet
If($Checker){$ArrayPing+=$Computer}
Write-Host $Computer
}
#Use SC.exe Tool to change services startup
ForEach ($Comp In $ArrayPing){
Write-Host "`n $Comp"
SC.EXE \\$Comp Config GGSMGR Start= Delayed-Auto
SC.EXE \\$Comp Config d7a_sshd Start= Delayed-Auto
SC.EXE \\$Comp Config MySQL Start= Delayed-Auto
}