The Core Technologies Blog

Professional Software for Windows Services / 24×7 Operation

ServiceTray 5.1: Improvements to Help you Control any Windows Service from a Taskbar Icon

Posted on April 15, 2024
ServiceTray 5.1: Improvements to Help you Control any Windows Service from a Taskbar Icon

ServiceTray 5.1 is out!

This release includes several enhancements requested by folks using the software to control their Windows Services. Here’s a quick rundown of what’s new:

You’ve got three more taskbar icons to choose from

One of the most common requests was for more taskbar icons. To fulfill that need, we added 3 more, bringing the total available to 9.

You can see the new icons in this screenshot:

3 new taskbar icons are available

You can choose a different icon for each state of the service

Previous versions of ServiceTray displayed a single icon on the taskbar. The color of the icon would indicate the state of the service — green for running, red for stopped and yellow for anything else.

That visual system works well for most folks but relying on color as the differentiator falls short if you’re color blind. Indeed, if you’re one of the 300 million affected, you may not be able to tell when your service is running and when it has stopped!

To address our oversight, ServiceTray 5.1 allows you choose different icons/shapes for the states of the service. When creating a shortcut, just click the Customize button and select the icons you want to see:

Select an icon for each service state

After clicking OK, you’ll see your choices on the main window:

Multiple taskbar icons chosen

Note that you can click the Reset link to clear your selection or click the Customize button to change them.

You can easily see CPU usage, uptime, and other service information

Want to see how your service is doing? ServiceTray can help there too.

Select Service Information from the menu:

DbxSvc tray icon: Select Service Information

The Service Information window will come up to show you:

  • The process identifier (PID) of the application launched by the service;

  • How much CPU the service is consuming;

  • The service’s memory footprint;

  • The time when the service started;

  • How long the service has been running (uptime).

For example, here’s what ServiceTray tells us about the Dropbox Service (DbxSvc) running on our test server:

DbxSvc Service Information

Other fixes & improvements

  • For improved clarity, the name of the Windows Service is mentioned in the tray menu entries. That’s helpful when you’ve installed multiple ServiceTray icons on the taskbar.

  • If the service is not installed when ServiceTray starts, ServiceTray will report the problem and exit. If someone uninstalls the service while ServiceTray is running, ServiceTray will show the yellow icon and no service operations will be available.

  • We enlarged the text and icons on the taskbar tray menu, to improve readability. You may not need your glasses anymore. 🙂

As usual, please review the release notes for the full list of features, fixes and improvements included in ServiceTray version 5.1.

Enjoy!

You may also like...

Q&A: Why doesn't OneDrive Delete my Files when Running as a Windows Service? [RESOLVED]
Q&A: Why doesn't OneDrive Delete my Files when Running as a Windows Service? [RESOLVED]
Why doesn't my Windows Service Start at Boot?
Why doesn't my Windows Service Start at Boot?
New Version
Running Multiple Windows Services? AlwaysUp 11 is Here to Help!
Posted in ServiceTray | Tagged , , , | Leave a comment

AlwaysUp Feature Spotlight: Run your App Without Admin Rights

Posted on April 1, 2024
Run your App Without Admin Rights

Why should I run my application without admin rights?

A Windows Service typically runs in an account with extensive/elevated rights. In fact, most services run as LocalSystem — a built-in account with near total control of the computer.

But that power isn’t granted lightly. It’s actually given out of necessity.

The reality is that a service often requires broad access to your computer to tackle its complex tasks — like interrogating the network, terminating rogue processes or checking RAM levels. Unfortunately, working in a normal, non-admin context won’t cut it.

But even though it’s needed, there are serious risks when operating with so much latitude. That’s because awful things can happen if a fully-empowered service is compromised or becomes infected with malware!

Running applications without admin rights is safer

As reported by SoftPedia in 2015, almost all of the vulnerabilities detected in Windows could have been avoided by removing administrator rights from the programs involved:

Critical vulnerabilities involving admin rights

That is, running programs without administrator rights substantially reduces risk and makes your PC much safer to use.

How do I make AlwaysUp start my application with basic rights only?

It’s easy to make AlwaysUp launch your program with normal, unelevated rights. To do so:

  1. Edit your application in AlwaysUp (select Application > Edit/View from the menu.

  2. Move to the Logon tab.

  3. Check the Launch the application without admin rights box:

    Launch your app without admin rights

  4. Save your changes.

The next time your AlwaysUp service starts, it will launch your application with basic rights only.

What are your best tips for running my application without admin rights?

Tip #1: Test thoroughly

Are you sure that your application works properly without administrative rights? Unfortunately, not all applications do.

Be sure to test all functionality and confirm.

For example, can your application still read and write to the file system? Or will it fail because it cannot communicate with another program running in a different security context?

Tip #2: Examine your application’s security groups with Process Explorer

If you want to inspect your application’s permissions, you can open your app in Process Explorer and review the Security tab.

For example, here’s OneDrive running without admin rights. You can see that:

  1. The integrity level is Medium, indicating that the process isn’t elevated;

  2. The user has been denied access to well-known administrative groups, like “Administrators” and “Power Users”:

    OneDrive running without admin rights

Also, many of the low-level privileges are disabled.

You may also like...

Moving your AlwaysUp Applications/Services? Easily Import Them All at Once
Moving your AlwaysUp Applications/Services? Easily Import Them All at Once
Q&A: Does AlwaysUp Support Dropbox Selective Sync?
Q&A: Does AlwaysUp Support Dropbox Selective Sync?
How to Disable Automatic Updates when Running MT4 as a Windows Service
How to Disable Automatic Updates when Running MT4 as a Windows Service
Posted in AlwaysUp | Tagged , , , , | Leave a comment

Q&A: How do I make AlwaysUp run my Batch File as a Windows Service?

Posted on March 18, 2024
How do I make AlwaysUp run my Batch File as a Windows Service?
  We purchased AlwaysUp to run a batch file that runs a web front end for a database. But when we plug it in it doesn’t work. AlwaysUp tries to run the script but gives up after five tries.

The script contains a couple of commands:

cd "C:\Program Files\Simtec Viewer"
start /max simtecw.exe

Is there a way to get it to run constantly, as a service?

— Roy W.

Hi Roy, thanks purchasing AlwaysUp. We really appreciate your support!

Thanks also for including the batch file in your support request. Because of that, we were able to spot exactly what’s going wrong for you.

Let’s dig into the problem and highlight the solution.

The problem: The “start” command doesn’t wait for your application to finish

AlwaysUp has trouble because of how the batch file launches your executable — with the Windows start command.

Most importantly, the start command is non-blocking. That is, after it launches your application, it exits. It doesn’t wait for your application to complete its work and close.

With that understanding of the start command in place, here’s how things play out when you start your batch file entry in AlwaysUp:

  1. Your AlwaysUp Windows Service starts

  2. AlwaysUp launches your batch file

  3. The batch file executes

  4. The batch file runs the “cd” command, which changes the working directory to “C:\Program Files\Simtec Viewer”.

  5. The batch file runs “start /max simtecw.exe”

  6. The start command launches “simtecw.exe”

  7. The start command exits

  8. The batch file exits

  9. AlwaysUp detects that the batch file has exited

  10. AlwaysUp restarts the batch file (as configured on the Restart tab)

  11. Repeat the cycle, starting at step 3

After five attempts, AlwaysUp gives up at step 10 and shuts down the Windows Service. Your run ends in failure — all the time.

Fortunately the fix is very simple. You just need to add 6 characters to your script to make it work as desired with AlwaysUp. 🙂

The solution: Make the “start” command wait for your application to finish

The key is to get the start command to block while your main executable is running. That way the script won’t exit immediately and AlwaysUp won’t try to restart it again and again.

To get the start command to block, simply add the /wait parameter to the command line, like this:

start /max /wait simtecw.exe

And with that adjustment, a healthier pattern should unfold when you start the batch file in AlwaysUp:

  1. Your AlwaysUp Windows Service starts

  2. AlwaysUp launches your batch file

  3. The batch file executes

  4. The batch file runs the “cd” command runs which changes the working directory to “C:\Program Files\Simtec Viewer”.

  5. The batch file runs “start /max /wait simtecw.exe”

  6. The start command launches “simtecw.exe”

  7. The start command blocks waiting for “simtecw.exe” to exit

  8. “simtecw.exe” exits

  9. The start command exits

  10. The batch file exits

  11. AlwaysUp detects that the batch file has exited

  12. AlwaysUp restarts the batch file (as configured on the Restart tab)

  13. Go to step 3

The end result is that AlwaysUp will run your executable 24/7, quickly restarting it if it crashes or stops for any reason.

And you’ll be able to rest assured, knowing that AlwaysUp is on the case!

You may also like...

Q&A: How do I Eliminate Errors from my C# Console App Windows Service?
Q&A: How do I Eliminate Errors from my C# Console App Windows Service?
We're Not Affected by the December 2021 Apache Log4j Vulnerability
We're Not Affected by the December 2021 Apache Log4j Vulnerability
Winner!
AlwaysUp Wins "Best Windows Utility" Award from Windows IT Pro Magazine
Posted in AlwaysUp | Tagged , , , | Leave a comment

AlwaysUp Feature Spotlight: Capture Console Output

Posted on March 4, 2024
AlwaysUp Feature Spotlight: Capture Console Output

What is the “capture console output” feature? Why would I use it?

When you run your application as a Windows Service with AlwaysUp, your app doesn’t come up on your desktop. Instead, your program runs invisibly in the background — on the isolated Session 0 desktop.

And even though running out of sight is fine for many situations, what if you need to see your application to make sure it’s working properly? That can be tricky — especially for Windows GUI programs.

However, there’s an easy workaround if you’re running a console application.

Simply instruct AlwaysUp to capture all the text that your application prints to the console and save that text to a file. Afterwards, you can read the file to see what your program printed.

For example, here’s the text that AlwaysUp saved when running Rclone as a service:

Rclone Output File

And capturing text helps our customers running Logstash in the background as well:

Logstash Output File

When to save console output to a text file

You should consider capturing your application’s console output whenever:

  • You’re running a text-based application, like a batch file — not a GUI program;

  • You must preserve all the messages your application reports;

  • Your application is failing and you’d like to know if it’s printing an error message;

  • You’re want to keep a close eye on your application, for example when troubleshooting a problem.

How do I capture console output in AlwaysUp?

The “capture output” feature is available on the Extras tab when configuring your application in AlwaysUp.

Simply enable the Capture output to this log file option and enter the full path to the file to record the text:

Capture console output from the Extras tab

Furthermore, if your application produces lots of text, you can check the Automatically box and determine what to do when the file gets large.

What are your best tips for capturing text?

Tip #1: Set a maximum size for the text file

The output file may be difficult to work with if it gets huge. To avoid that, you should specify a reasonable limit for the text file.

We recommend capping the file at 20 MB or less. That’s room for a lot of text!

Tip #2: Decide what to do if the file grows too large

If the file reaches its maximum size, AlwaysUp can either:

  • Trim the file, discarding the oldest 25% of the contents; or

  • Rollover the file, renaming it to include the current date and starting fresh with an empty file.

Be sure to choose the option that’s most appropriate for your situation. For example, you shouldn’t trim the file if you need to preserve all the entries written to the console.

Tip #3: Avoid locking the file while your application is running

An application that locks the output file will prevent AlwaysUp from adding new text to the file. If that happens, you may miss some of the data that your application has written to the console.

You may also like...

Customer Spotlight
"AlwaysUp Powers our Mission Critical Application in Hospital Emergency Departments"
New Version
Running Multiple Windows Services? AlwaysUp 11 is Here to Help!
Q&A: How do I Protect my AlwaysUp Services from Unauthorized Changes?
Q&A: How do I Protect my AlwaysUp Services from Unauthorized Changes?
Posted in AlwaysUp | Tagged , , | Leave a comment

Essential Windows Services: Local Session Manager / LSM

Posted on February 19, 2024
Local Session Manager Service

What is the Local Session Manager (LSM) service?

The Local Session Manager is an important Windows Service that establishes a dedicated session/desktop whenever you log in to your computer. It’s involved however you sign on — to the physical console (with the keyboard and mouse) or through a remote connection technology, like RDP.

The service’s display name is Local Session Manager. It runs as LocalSystem inside the service host process, svchost.exe. By default, the service is set to start automatically at boot:

The Local Session Manager Windows Service

What happens if I stop Local Session Manager?

It’s not easy to stop the LSM service.

In fact, all the service’s operations are disabled and the action buttons are grayed out when you look at LSM in the built-in Services application:

All service operations are disabled

And the SC command confirms that the service won’t accept requests to stop:

You can't stop the LSM service

Microsoft has really locked-down the Local Session Manager!

But what about terminating the svchost.exe process behind LSM? Does that stop the service?

Surprisingly, yes.

How to stop the LSM service

First, we found the process identifier (PID) of LSM from the Services tab in Task Manager. It was 960 on our machine:

Find the LSM PID

Next, we switched to the Details tab and located the process with PID 960 in the list. From there, we right-clicked the row and chose End task from the menu.

After confirming that we really wanted to end the svchost process, Windows terminated PID 960:

Terminate the LSM process

And the LSM service stopped:

LSM service stopped

What happened after we stopped the LSM service

At first, there were no visible effects of stopping the Local Session Manager. We weren’t ejected from our RDP session and all our programs continued to operate normally. Everything was fine.

Yet, because of the tight security controls on the LSM service, we couldn’t restart it:

Unable to start the LSM service

In any case, everything was normal — until we decided to log off. When we signed out of our account, our RDP session hung with a black screen.

Afterwards, we simply couldn’t log in to our computer again. RDP connection windows appeared and quickly vanished without acknowledgement. And when we tried to log in directly on the console, Windows rejected us with a terse, unhelpful error message:

The RPC server is unavailable

We had to reboot our computer to restore access.

The behavior confirmed that:

  • LSM is critical in establishing a new login session, either via RDP or from the physical console;

  • However, once it’s established a session, LSM is not involved in the ongoing operation of that session.

So, in summary, if you stop the Local Session Manager service:

  1. Existing login sessions will be OK but no one else can log in to your computer.

  2. You may have trouble logging off your computer.

  3. You’ll have to reboot your computer to restart the service. Furthermore, holding down the power button (to kill the power to your PC) may be the only way to reboot.

Is it OK to disable the LSM service?

No — not if you want to sign on to your computer. As described above, you simply can’t log in when LSM isn’t running.

Indeed, Microsoft cautions against disabling Local Session Manager:

 Stopping or disabling this service will result in system instability.

You should heed that advice. It’s best to keep the LSM service enabled — and configured to start automatically at boot.

Questions? Problems?

If you would like to know more about the Local Session Manager service, or you have a specific problem, please feel free to get in touch. We will do our best to help you!

You may also like...

Essential Windows Services: User Profile Service / ProfSvc
Essential Windows Services: User Profile Service / ProfSvc
Q&A: I created a Windows Service with SC. Why won't it Start?
Q&A: I created a Windows Service with SC. Why won't it Start?
Essential Windows Services: Windows Update (wuauserv)
Essential Windows Services: Windows Update (wuauserv)
Posted in Windows Services | Tagged , , , , | Leave a comment
 

Products

Topics/Tags

interactive-services switch-to-session-0 q&a security windows-10 windows-11 service-security-editor troubleshooter net.exe support task-scheduler essential-windows-services service-protector windows-services google-drive new-release windows-service-auditor windows-server-2012 windows-8 dropbox automatic-delayed event-viewer essential-tools alwaysup session-0-isolation onedrive java sc.exe sanity-check services.msc

Categories

Archives

Search This Blog


Home  | Products  | Support  | Company  | Privacy Policy  | Site Map
Run Application as Windows Service  | Auto-restart Windows Services  | Srvany vs. AlwaysUp  | AlwaysUp FAQ
How to Run Popular Applications as Windows Services  | Windows Services FAQ

Copyright © 2004-2024 Core Technologies Consulting, LLC
7028-B Thornhill Drive, Oakland CA 94611, USA
Phone: +1 (510) 343-3565  |  FAX: +1 (208) 979-1109