Protect
/ Defend Windows Services
Managing services via CLI
1.
List services and append to txt file:
sc query >> services.txt
2.
Set service to disabled on system
startup:
sc config dhcp start=
disabled
Note valid options for the start= parameter
are:
a.
boot
- The service will start during the operating system boot process. Only very
essential services are typically set to this.
b.
system
- The service will start during OS initialization, but after the
"boot" services.
c.
auto
- The service will automatically start when the system starts up. Most crucial
services that need to run without user intervention are set to this.
d.
demand or manual
- The service won't start automatically during system startup, but it can be
started manually by a user or application.
e.
disabled
- The service cannot be started either automatically or manually. You'd use
this option if you want to ensure the service doesn't run at all.
3.
Stop a running service:
sc stop spooler
4.
Disable service using wmic:
wmic server where name=spooler call ChangeStartmode Disabled
NOTE: ^ This did not work in my environment.
Managing Services with PowerShell
1.
List all Services and append to text
file:
Get-Service >> services.ps.txt
2.
Get Information about a specific
Service:
Get-Service -Name Spooler
3.
Stop a Service
Stop-Service -Name Spooler
4.
Start a Service
Start-Service -Name Spooler
5.
Restart a Service
Restart-Service -Name Spooler
6.
Disable a Service
Set-Service -Name Spooler -StartupType Disabled