Identify Windows Services Issues
Novell Cool Solutions: Tip
By Bryan Keadle
Posted: 2 Nov 2005
Have you ever tried to troubleshoot a Windows machine's SERVICES by trying to identify what services may have been added (spyware, non-standard software), or services that have changed from their normal status? This can be a tedious and frustrating task....especially since there are so many services to look through.
I discovered a neat little trick that helps me easily identify services that are in a different state than what they should be.
When you open SERVICES.MSC, you typically find a screen like this:
Instead, re-arrange your columns (click-and-drag column headings) to be in this order:
Name | Startup Type | Status | Description
Now, you can sort by Startup Type by clicking on the column header.
So, this is a different view of your services, but how does this help to identify what's "normal" for a given service? By editing the description for each service with a naming convention that identifies what the Startup Type and Status of each service is supposed to be, you can then choose to sort by *DESCRIPTION*, like this:
My naming convention is:
For example, look at the Workstation Service above.
Startup_Type_Value = 2 (the value in the registry),
Startup_Type = (A)utomatic
Status = Started
So the resulting "combined" descriptions reads:
2)_A_RUNNING Creates and maintains client network connections...
Now, at a glance, you can easily tell which service(s) is in a different state than what the description field indicates that it should be. For example, look at this print screen and see if you can tell which service(s) is "non-standard":
If new services were to be added, then the descriptions wouldn't have the naming convention, so those would be easily identified if you sort by the description column.
How cool is that?!?!
But wait, does that mean you have to MANUALLY edit each and every service? What a pain that would be! That's where this utility, SERVICEDESCRIPTIONS.EXE comes in. Simply run SERVICEDESCRIPTIONS on a machine that's configured (service-wise) the way you want/expect it to be, and it will go through and change the Service Descriptions for you! Handy. You can just as easily remove these modified descriptions to put it back the way it was, or reset the descriptions so as to "snapshot" your new standard service statuses.
I have this incorporated into my corporate standard load. If I find myself needing to troubleshoot a workstation, one place I'll look is to see whether any of the services are in a state other than what our standard load dictates them to be, or if a new service has been added (like spyware/malware can have a tendency of doing).
If you have any questions, feel free to email me at firstname.lastname@example.org
SERVICEDESCRIPTIONS - Modify Service Descriptions to reflect Service Status
SYNTAX: SERVICEDESCRIPTIONS (REMOVE | RESET | EXPORT | IMPORT)
REMOVE - Remove Service Description modifications
RESET - Reset Service Descriptions according to current status
EXPORT - Export Descriptions to specified .REG file
IMPORT - Import Descriptions from specified .REG file
Download servicedescriptions.zip tool.