Vista Services.docx

1、Vista ServicesServices in WindowsVistaNovember 30, 2009AbstractThis paper provides information about changes to Windows services that were introduced in WindowsVista. It also provides some best-practices guidelines for developers who intend to implement services for these versions of Windows.This in

2、formation applies to the following operating systems: Windows7 Windows Server 2008 R2 Windows Server 2008 Windows VistaReferences and resources discussed here are listed at the end of this paper.The current version of this paper is maintained on the Web at: Disclaimer: The information contained in t

3、his document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy

4、 of any information presented after the date of publication.This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.Complying with all applicable copyright laws is the responsibility of the user. Withou

5、t limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission o

6、f Microsoft Corporation.Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give

7、 you any license to these patents, trademarks, copyrights, or other intellectual property.Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company,

8、 organization, product, domain name, email address, logo, person, place or event is intended or should be inferred. 2009 Microsoft Corporation. All rights reserved.Microsoft, MSDN, Visual Basic, Windows, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the

9、 United States and/or other countries.The names of actual companies and products mentioned herein may be the trademarks of their respective owners.Document HistoryDateChangeNovember 30, 2009Updated UI requirements and removed unimplemented SC commands.August 15, 2006First publicationContentsOverview

10、 of Windows Services 3How Services Work 3Changes to the Windows Services Model 4Security Enhancements 5Running with Least Privilege 5Service Isolation 7Restricted Network Access 10Session0 Isolation 11Performance Enhancements 12Delayed Auto-Start 12Service State Change Notifications 13Other Enhancem

11、ents 14Preshutdown Notifications and Shutdown Ordering 14Failure Detection and Recovery 16Resources 18Overview of Windows ServicesWindows services are applications that typically start when the computer is booted and run quietly in the background until it is shut down. Strictly speaking, a service i

12、s any Windows application that is implemented with the services API. However, services normally handle low-level tasks that require little or no user interaction.Although services are often effectively invisible to users, Windows cannot function normally without them. A number of essential operating

13、 system functions are handled by services, including the following: Networking. A number of system services support networking. For example, the Dynamic Host Configuration Protocol (DHCP) client service manages network configuration by registering and updating Internet Protocol (IP) addresses for th

14、e system. Hardware. The Plug and Play service enables a computer to recognize and respond to changes in its hardware configuration, such as a user adding or removing hardware. Remote access. Terminal Services allow users to log on to a computer from a remote location.In addition to services that are

15、 part of Windows, most computers also have several third-party applications that run partly or wholly as services. Common examples of third-party services include firewalls and antivirus applications.This white paper provides an overview of the changes to the services model beginning with WindowsVis

16、ta. It also provides some best-practices guidelines for developers who intend to implement services for these versions of Windows. For the convenience of readers who might not be familiar with services, the remainder of this section provides a brief overview of how services work and how they are imp

17、lemented. For more complete information, see the Windows Services documentation in the MSDN Library.How Services WorkThe primary difference between services and normal applications is that services are managed by the Service Control Manager (SCM). Services are implemented with the services API, whic

18、h handles the interaction between the SCM and services. The SCM maintains a database of installed services and provides a unified way to control them, including: Starting and stopping services. Managing running services. Maintaining service-related state information.Services exist in one of three st

19、ates: started, stopped, or paused. Started is the normal running state for a service. A stopped service has been completely shut down and must go through a normal startup procedure to enter the started state again. A paused service suspends normal processing, but remains in memory and continues to r

20、espond to control requests. Paused services can therefore return to the started state without going through the startup procedure.A key characteristic of a service is how it is started. The SCM has a database that includes information on how each service should be started. The following are the serv

21、ice startup types: Automatic. The SCM automatically starts these services during the systems boot process. They are often called auto-start services. Manual. These services must be started manually with the Control Panel Administrative Tools application, with the sc.exe command-line tool, or program

22、matically with the StartService function. They are often called demand-start services. Windows7 introduces trigger-start services. For more information, see “Developing Efficient Background Processes for Windows” on the WHDC Web site. Disabled. These services cannot be started. To start a disabled s

23、ervice, the user must first change the startup type to automatic or manual.After a service has started, the SCM uses control requests to manage the services state. For example, the SCM sends control requests to notify a service that it is pausing, is resuming operation, or should be preparing to shu

24、t down. The SCMs database also contains the security settings for each service. These settings control how much access a service has to system resources and enable system administrators to control access to each service.Changes to the Windows Services ModelServices have been an essential part of Win

25、dows for many years. They enable developers to create long-running executable applications that: Can be automatically started when the computer starts. Can be paused and restarted. Can function whether or not an interactive user is logged on. Can run in the context of a user account that is differen

26、t from either the logged-on user or the default computer account.These features make services ideal for scenarios where there is a need for long-running functionality that does not interfere with users who are working on the computer. However, since services were introduced, the environment in which

27、 they function has changed substantially. These changes have created various issues with security, reliability, performance, management, and administration.This section discusses enhancements that were made to WindowsVista to address service-related issues.Security EnhancementsIn recent years, servi

28、ces have been an attractive target for virus writers who want to attack Windows. Recent examples include Blaster, Sasser, and Code Red. This situation occurs for a number of reasons: Services are typically long running. Often, they start when the system boots up and stop when it shuts down. Services

29、 are often network facing, which makes them especially vulnerable to remote attacks. Services typically run in a high-privilege account such as LocalSystem.This section discusses the enhancements that were made to WindowsVista to mitigate the security issues that are associated with services. These

30、changes address two important goals: Limiting access to services by user applications. Session0 isolation requires services and user applications to run in separate sessions. ”Hardening” services to limit the ability of a compromised service to damage a system. There are two complementary ways to ac

31、complish this goal:Running with least privilege allows services to run with only those privileges that they need, and nothing more.Service isolation allows services to isolate themselves from other services or applications by using a unique service identity. A service can use this identity to restri

32、ct access to its resources by other services or applications. A service can also use its identity to restrict the services access to the resources of other services or applications. For example, service isolation allows an antivirus service to maintain exclusive access to its signature definition files.Running with Least PrivilegeWindows services commonly run in the LocalSystem account, the most p