Sc command

Updated: 11/12/2023 by Computer Hope
sc command

SC is a command line program used for communicating with services and the Service Control Manager.

Availability

SC is an external command that is available for the following Microsoft operating systems.

Sc syntax

sc <server> [command] [service name] <option1> <option2>...

The option <server> has the form "\\ServerName"

Commands

query Queries the status for a service, or enumerates the status for types of services.
queryex Queries the extended status for a service, or enumerates the status for types of services.
start Starts a service.

Usage:

sc <server> start [service name] <arg1> <arg2> ...
pause Sends a PAUSE control request to a service.

Usage:

sc <server> pause [service name]
interrogate Sends an INTERROGATE control request to a service.

Usage:

sc <server> interrogate [service name]
continue Sends a CONTINUE control request to a service.

Usage:

sc <server> continue [service name]
stop Sends a STOP request to a service.

Usage:

sc <server> stop [service name] <reason> <comment>

<reason> = Optional reason code number for service stop formed with the following elements in the format:

Flag:Major reason:Minor reason

[E.g., 1:2:8 means Hardware: Disk (Unplanned)]

Flag
------------------
1 - Unplanned
2 - Custom
4 - Planned

Major reason
------------------
1 - Other
2 - Hardware
3 - Operating System
4 - Software
5 - Application
64-255 - Custom

Minor reason
------------------
1 - Other
2 - Maintenance
3 - Installation
4 - Upgrade
5 - Reconfiguration
6 - Hung
7 - Unstable
8 - Disk
9 - Network Card
10 - Environment
11 - Hardware Driver
12 - Other Driver
13 - Service Pack
14 - Software Update
15 - Security Fix
16 - Security
17 - Network Connectivity
18 - WMI
19 - Service Pack Uninstall
20 - Software Update Uninstall
22 - Security Fix Uninstall
23 - MMC
256-65535 - Custom

<comment> = Optional comment for the reason above (127 character maximum)
config Changes the configuration of a service (persistent).

Usage:

sc <server> config [service name] <option1> <option2>...

Note: the option names below include the equal sign. A space is required between the equal sign and the value.

Options:

type= <own|share|interact|kernel|filesys|rec|adapt|userown|usershare>
start= <boot|system|auto|demand|disabled|delayed-auto>
error= <normal|severe|critical|ignore>
binPath= <BinaryPathName to the .exe file>
group= <LoadOrderGroup>
tag= <yes|no>
depend= <Dependencies(separated by / (forward slash))>
obj= <AccountName|ObjectName>
DisplayName= <display name>
password= <password>
description Changes the description of a service.

Usage:

sc <server> description [service name] [description]

failure Changes the actions taken by a service upon failure.

Usage:

sc <server> failure [service name] <option1> <option2>...

Options:

reset= <Length of period of no failures (in seconds) after which to reset the failure count to 0 (may be INFINITE)>

(Must be used in conjunction with actions= )
reboot= <Message broadcast before rebooting on failure>
command= <Command line to be run on failure>
actions= <Failure actions and their delay time (in milliseconds), separated by / (forward slash) -- e.g., run/5000/reboot/800
Valid actions are <run|restart|reboot> >
(Must be used in conjunction with the reset= option)
failureflag Changes the failure actions flag setting of a service. If this setting is 0 (default), the SCM (Service Control Manager) enables configured failure actions on the service only if the service process terminates with the service in a state other than SERVICE_STOPPED. If this setting is 1, the SCM enables configured failure actions on the service if the service enters the SERVICE_STOPPED state with a Win32 exit code other than 0 in addition to the service process termination as above. This setting is ignored if the service does not have any failure actions configured.

Usage:

sc <server> failureflag [service name] [flag]
sidtype Changes the SID (service security identifier) type setting of a service.

If this setting is "unrestricted," the SCM will add this service's SID to the service process token when the service process starts the next time due to the first service in the process being started. This setting is valid only for Win32 user mode services.

If this setting is "restricted," the SCM will add this service's SID to the service process token when the service process starts the next time due to the first service in the process being started. Also, this service's SID is added to the restricting SID list in the process token. The process token will be a restricted token. See MSDN for details on a restricted token. This setting is valid only for Win32 user mode services. Also, for a share process service, all services cohosted in the process must have this SID type set for this to take effect.

If this setting is "none," the SCM will not add the service's SID to the service process token.

Usage:

sc <server> sidtype [service name] [type]

Options:

type <none|unrestricted|restricted>
privs Changes the required privileges setting of a service. The privilege settings take effect when the service process starts due to the first service in the process being started. At that time, the SCM (Service Control Manager) computes the union of all privileges required by all services that will be hosted in the same process and then creates the process with those privileges. An absence of this setting is taken to imply that the service requires all the privileges that the security subsystem allows for the process running in the service's configured account.

Usage:

sc <server> privs [service name] [privileges]

Options:

privileges <Privileges(separated by / (forward slash))>
[E.g., SeBackupPrivilege/SeRestorePrivilege]
managedaccount Changes whether the account in which the service runs uses a managed password.

If this setting is "true", the SCM will request the account password from NetLogon when starting the service.

If this setting is "false", the SCM will use the configured account password.

Usage:

sc <server> managedaccount [service name] [type]

Options:

type <true|false>
qc Queries the configuration information for a service.

Usage:

sc <server> qc [service name] <bufferSize>
qdescription Queries the description for a service.

Usage:

sc <server> qdescription [service name] <bufferSize>
qfailure Queries the actions taken by a service upon failure.

Usage:

sc <server> qfailure [service name] <bufferSize>
qfailureflag Retrieves the failure actions flag setting of a service. If this setting is 0 (default), the SCM (Service Control Manager) enables configured failure actions on the service only if the service process terminates with the service in a state other than SERVICE_STOPPED. If this setting is 1, the SCM enables configured failure actions on the service if the service enters the SERVICE_STOPPED state with a Win32 exit code other than 0 in addition to the service process termination as above. This setting is ignored if the service does not have any failure actions configured.

Usage:

sc <server> qfailureflag [service name]
qsidtype Queries the SID (service security identifier) type setting of a service.

If this setting is "unrestricted," the SCM (Service Control Manager) will add this service's SID to the service process token when the service process starts the next time due to the first service in the process being started. This setting is valid only for Win32 user mode services.

If this setting is "restricted," the SCM will add this service's SID to the service process token when the service process starts the next time due to the first service in the process being started. Also, this service's SID is added to the restricting SID list in the process token. The process token will be a restricted token. See MSDN for details on a restricted token. This setting is valid only for Win32 user mode services. Also, for a share process service, all services cohosted in the process must have this SID type set for this to take effect.

If this setting is "none," the SCM will not add the service's SID to the service process token.

Usage:

sc <server> qsidtype [service name]
qprivs Queries the required privileges setting for a service. The privilege settings take effect when the service process starts due to the first service in the process being started. At that time, the SCM computes the union of all privileges required by all services that will be hosted in the same process and then creates the process with those privileges. An absence of this setting is taken to imply that the service requires all the privileges that the security subsystem allows for a process running in the service's configured account.

Usage:

sc <server> qprivs [service name] <bufferSize>
qtriggerinfo Queries the trigger parameters of a service.

Usage:

sc <server> qtriggerinfo [service name] <bufferSize>
qpreferrednode Queries the preferred NUMA node for a Win32 service. This setting is valid only for its own process services. If the service has no preferred node setting, then the query will fail.

Usage:

sc <server> qpreferrednode [service name]
qmanagedaccount Queries whether a service uses an account with a password managed by LSA.

Usage:

sc <server> qmanagedaccount [service name]
qprotection Queries whether the service is marked to start in a protected process. Note that this setting cannot be changed.

Usage:

sc <server> qprotection [service name]
quserservice Queries for a user service instance for the current user in the same session created from the user service template specified.

Usage:

sc quserservice <service template name>
delete Deletes a service entry from the Registry. If the service is running, or another process has an open handle to the service, the service is marked for deletion.

Usage:

sc <server> delete [service name]
create Creates a service entry in the Registry and Service Database.

Usage:

sc <server> create [service name] [binPath= ] <option1> <option2>...

Note: The option names below include the equal sign. A space is required between the equal sign and the value.

Options:

type= <own|share|interact|kernel|filesys|rec|userown|usershare>
(default = own)
start= <boot|system|auto|demand|disabled|delayed-auto>
(default = demand)
error= <normal|severe|critical|ignore>
(default = normal)
binPath= <BinaryPathName to the .exe file>
group= <LoadOrderGroup>
tag= <yes|no>
depend= <Dependencies(separated by / (forward slash))>
obj= <AccountName|ObjectName>
(default = LocalSystem)
DisplayName= <display name>
password= <password>
control Sends a control to a service.

Usage:

sc <server> control [service name] <value>
<value> = user-defined control code
<value> = <paramchange| netbindadd|netbindremove| netbindenable|netbinddisable>

See also sc stop, sc pause, etc.
sdshow Displays a service's security descriptor.

Usage:

sc <server> sdshow <service name> <showrights>
sdset Sets a service's security descriptor.

Usge:

sc <server> sdset <service name> <SD in SDDL format>
showsid Displays the service SID string corresponding to an arbitrary name. The name can be that of an existing or non-existent service.

Usage:

sc showsid [name]
triggerinfo Configures the trigger parameters of a service.

Usage:

sc <server> triggerinfo [service name] <option1> <option2>...

Options:

start/device/UUID/HwId1/... <Start the service on arrival of the specified device interface class UUID string with one or more hardware ID strings or compatible ID strings>
start/custom/UUID/data0/.. <Start the service on arrival of an event from the specified custom ETW provider UUID string with one or more binary data items in hexadecimal string format such as ABCDABCD to set 4-byte data>
stop/custom/UUID/data0/... <Stop the service on arrival of an event from the specified custom ETW provider UUID string with one or more binary data items in hexadecimal string format such as ABCDABCD to set 4-byte data>
start/strcustom/UUID/data0/.. <Start the service on arrival of an event from the specified custom ETW provider UUID string with one or more optional string data items>
stop/strcustom/UUID/data0/.. <Stop the service on arrival of an event from the specified custom ETW provider UUID string with one or more optional string data items>
start/lvlcustom/UUID/data0/.. <Start the service on arrival of an event from the specified custom ETW provider UUID string with a level higher or equal to the data items in hexadecimal number format such as 0x01>
stop/lvlcustom/UUID/data0/.. <Stop the service on arrival of an event from the specified custom ETW provider UUID string with a level higher or equal to the data items in hexadecimal number format such as 0x01>
start/kwanycustom/UUID/data0/.. <Start the service on arrival of an event from the specified custom ETW provider UUID string with a keyword that matches any of the bits in the data items in hexadecimal number format such as 0x0A03>
stop/kwanycustom/UUID/data0/.. <Stop the service on arrival of an event from the specified custom ETW provider UUID string with a keyword that matches any of the bits in the data items in hexadecimal number format such as 0x0A03>
start/kwallcustom/UUID/data0/.. <Start the service on arrival of an event from the specified custom ETW provider UUID string with a keyword that matches all of the bits in the data items in hexadecimal number format such as 0x0A03>
stop/kwallcustom/UUID/data0/.. <Stop the service on arrival of an event from the specified custom ETW provider UUID string with a keyword that matches all of the bits in the data items in hexadecimal number format such as 0x0A03>
start/networkon <Start the service on first IP address>
stop/networkoff <Stop the service on zero IP addresses>
start/domainjoin <Start the service on domain join>
stop/domainleave <Stop the service on domain leave>
start/portopen/parameter <Start the service on the opening of a network port. The parameter is of the semi-colon delimited form portnumber;protocolname;imagepath; servicename>
stop/portclose/parameter <Stop the service on the closing of a network port. The parameter is of the semi-colon delimited form portnumber;protocolname;imagepath; servicename>
start/machinepolicy <Start the service when machine group policy changes or is present at boot>
start/userpolicy <Start the service when user group policy changes or is present at boot>
start/rpcinterface/
UUID
<Start the service when a request arrives at the RPC Endpoint Mapper for the given interface>
start/namedpipe/pipename <Start the service when a request arrives for the specified named pipe. Do not include the "\\.\pipe\" portion of the pipe's name>
delete <Delete the existing trigger parameters>
preferrednode Changes the preferred NUMA node for a Win32 service. This setting is valid only for its own process services. To delete an existing setting, set the node number as -1. If an invalid preferred node number is supplied, then the change request will fail.

Usage:

sc <server> preferrednode [service name] [node number]
GetDisplayName Gets the DisplayName for a service.

Usage:

sc <server> GetDisplayName <service key name> <bufsize>
GetKeyName Gets the key name associated with a particular service, using the display name as input.

Usage:

sc <server> GetKeyName <service display name> <bufsize>
EnumDepend Enumerates Service Dependencies.

Usage:

sc <server> EnumDepend <service name> <bufsize>

The following commands don't require a service name:

sc <server> <command> <option>

boot (ok | bad) Indicates whether the last boot should be saved as the last-known-good boot configuration
Lock Locks the Service Database
QueryLock Queries the LockStatus for the SCManager Database

Query and queryex options

If the query command is followed by a service name, the status for that service is returned. Further options do not apply. If the query command is followed by nothing or one of the options listed below, the services are enumerated.

type= Type of services to enumerate (driver, service, userservice, all)
(default = service)
state= State of services to enumerate (inactive, all)
(default = active)
bufsize= The size (in bytes) of the enumeration buffer
(default = 4096)
ri= The resume index number at which to begin the enumeration
(default = 0)
group= Service group to enumerate
(default = all groups)

Sc examples

st start hope

If the "hope" service existed, this code would start it.

sc query

Enumerates the status for active services & drivers.

sc query eventlog

Displays the status for the eventlog service.