Checking for Automatic Services

Is there a way to have IEM run a task to check for Windows services that are automatic and have not started and report that and if possible start it.

The following relevance should find them

exists services whose (start type of it = "auto" and not running of it)

You would have to create a batch file from the service object result but be aware that there are always some that “start up” automatic and terminate like these on my machine

Q: services whose (start type of it = "auto" and not running of it)
A: "clr_optimization_v4.0.30319_32" "Microsoft .NET Framework NGEN v4.0.30319_X86" "Stopped"
A: "clr_optimization_v4.0.30319_64" "Microsoft .NET Framework NGEN v4.0.30319_X64" "Stopped"
1 Like

Where I work, I have an analysis that determines this and tickets are opened determining if specific services need to be started or not. It’s usually only used after patching is completed to make sure all necessary services are started.

Alan’s relevance is, more or less, what I’m using. Although I’ve gone through my results and filtered out the services that are not mandatory for the most part.

1 Like

Any chance you could provide some of the services that are universal that you are filtering out, and sample relevance?

It’s ugly and kind of messy but it looks like this:

if (name of operating system contains "Win2") then if exists service whose (start type of it contains "auto" AND state of it contains "Stopped" AND display name of it does not contain ".NET") then (display names whose (it does not contain ".NET") of it, states whose (it contains "Stopped") of it, start types whose (it contains "auto") of it) of services whose (start type of it contains "auto") as string else "All Started" else "Not Applicable"

This is a simple “.NET” application filter that applies only to severs. A list that I’ve found in my environment ignores the following:

Anything with “.NET” in the name
Software Protection
Shell Hardware Detection

Most of them are used on command from other applications so they are set to automatically start.

1 Like

It should be noted that I crafted it this way to give a kind of “True/False” flag for the systems engineers that will actually look at the list and want a simple yes or no answer to get to work.