Microsoft sc command

Updated: 09/15/2017 by Computer Hope

About sc

SC is a command line program used for communicating with the Service Control Manager and services.

Availability

The sc command is an external command and is available in the below Microsoft operating systems.

Windows Vista
Windows 7
Windows 8
Windows 10

Sc syntax

sc <server> [command] [service name] <option1> <option2>...

The option <server> has the form "\\ServerName"

Commands:

queryex Queries the extended status for a service, or enumerates the status for types of services.
start

Starts a service.

Usage:

sc <server> start [service name] <arg1> <arg2> ...

pause

Sends a PAUSE control request to a service.

Usage:

sc <server> pause [service name]

interrogate

Sends an INTERROGATE control request to a service.

Usage:

sc <server> interrogate [service name]

continue

Sends a CONTINUE control request to a service.

Usage:

sc <server> continue [service name]

stop

Sends a STOP request to a service.

Usage:

sc <server> stop [service name] <reason> <comment>
<reason> = Optional reason code number for service stop formed with the following elements in the format:

Flag:Major reason:Minor reason

[E.g., 1:2:8 means Hardware: Disk (Unplanned)]

Flag
------------------
1 - Unplanned
2 - Custom
4 - Planned

Major reason
------------------
1 - Other
2 - Hardware
3 - Operating System
4 - Software
5 - Application
64-255 - Custom

Minor reason
------------------
1 - Other
2 - Maintenance
3 - Installation
4 - Upgrade
5 - Reconfiguration
6 - Hung
7 - Unstable
8 - Disk
9 - Network Card
10 - Environment
11 - Hardware Driver
12 - Other Driver
13 - Service Pack
14 - Software Update
15 - Security Fix
16 - Security
17 - Network Connectivity
18 - WMI
19 - Service Pack Uninstall
20 - Software Update Uninstall
22 - Security Fix Uninstall
23 - MMC
256-65535 - Custom

<comment> = Optional comment for the reason above (127 characters maximum)

config

Changes the configuration of a service (persistent).

Usage:

sc <server> config [service name] <option1> <option2>...

Options:

Note: The option name includes the equal sign. A space is required between the equal sign and the value.

type= <own|share|interact|kernel|filesys|rec|adapt|userown|usershare>
start= <boot|system|auto|demand|disabled|delayed-auto>
error= <normal|severe|critical|ignore>
binPath= <BinaryPathName to the .exe file>
group= <LoadOrderGroup>
tag= <yes|no>
depend= <Dependencies(separated by / (forward slash))>
obj= <AccountName|ObjectName>
DisplayName= <display name>
password= <password>
description

Changes the description of a service.

Usage:

sc <server> description [service name] [description]

failure

Changes the actions taken by a service upon failure.

Usage:

sc <server> failure [service name] <option1> <option2>...

Options:

reset=

<Length of period of no failures (in seconds) after which to reset the failure count to 0 (may be INFINITE)>

(Must be used in conjunction with actions= )

reboot= <Message broadcast before rebooting on failure>
command= <Command line to be run on failure>
actions= <Failure actions and their delay time (in milliseconds), separated by / (forward slash) -- e.g., run/5000/reboot/800
Valid actions are <run|restart|reboot> >
(Must be used in conjunction with the reset= option)
failureflag

Changes the failure actions flag setting of a service. If this setting is 0 (default), the Service Control Manager
(SCM) enables configured failure actions on the service only if the service process terminates with the service in
a state other than SERVICE_STOPPED. If this setting is 1, the SCM enables configured failure actions on the service if the service enters the SERVICE_STOPPED state with a Win32 exit code other than 0 in addition to the service process termination as above. This setting is ignored if the service does not have any failure actions configured.

Usage:

sc <server> failureflag [service name] [flag]

sidtype

Changes the service security identifier (SID) type setting of a service.

If this setting is "unrestricted", the Service Control Manager (SCM) will add this service's SID to the service process token when the service process starts the next time due to the first service in the process being started. This setting is valid only for Win32 user mode services.

If this setting is "restricted", the Service Control Manager (SCM) will add this service's SID to the service process token when the service process starts the next time due to the first service in the process being started. Also, this service's SID is added to the restricting SID list in the process token. The process token will be a restricted token. See MSDN for details on restricted token. This setting is valid only for Win32 user mode services. Also, for a share process service, all services cohosted in the process must have this SID type set for this to take effect.

If this setting is "none", the SCM will not add the service's SID to the service process token.

Usage:

sc <server> sidtype [service name] [type]

Options:

type

<none|unrestricted|restricted>

privs

Changes the required privileges setting of a service. The privilege settings take effect when the service process starts due to the first service in the process being started. At that time, the Service Control Manager (SCM) computes the union of all privileges required by all services that will be hosted in the same process and then creates the process with those privileges. An absence of this setting is taken to imply that the service requires all the privileges that the security subsystem allows for the process running in the service's configured account.

Usage:

sc <server> privs [service name] [privileges]

Options:

privileges

<Privileges(separated by / (forward slash))>
[E.g., SeBackupPrivilege/SeRestorePrivilege]

managedaccount

Changes whether the account in which the service runs uses a managed password.

If this setting is "true", the Service Control Manager (SCM) will request the account password from NetLogon when starting the service.

If this setting is "false", the SCM will use the configured account password.

Usage:

sc <server> managedaccount [service name] [type]

Options:

type <true|false>
qc

Queries the configuration information for a service.

Usage:

sc <server> qc [service name] <bufferSize>

qdescription

Queries the description for a service.

Usage:

sc <server> qdescription [service name] <bufferSize>

qfailure

Queries the actions taken by a service upon failure.

Usage:

sc <server> qfailure [service name] <bufferSize>

qfailureflag

Retrieves the failure actions flag setting of a service. If this setting is 0 (default), the Service Control Manager (SCM) enables configured failure actions on the service only if the service process terminates with the service in a state other than SERVICE_STOPPED. If this setting is 1, the SCM enables configured failure actions on the service if the service enters the SERVICE_STOPPED state with a Win32 exit code other than 0 in addition to the service process termination as above. This setting is ignored if the service does not have any failure actions configured.

Usage:

sc <server> qfailureflag [service name]

qsidtype

Queries the service security identifier (SID) type setting of a service.

If this setting is "unrestricted", the Service Control Manager (SCM) will add this service's SID to the service process token when the service process starts the next time due to the first service in the process being started. This setting is valid only for Win32 user mode services.

If this setting is "restricted", the Service Control Manager (SCM) will add this service's SID to the service process token when the service process starts the next time due to the first service in the process being started. Also, this service's SID is added to the restricting SID list in the process token. The process token will be a restricted token. See MSDN for details on restricted token. This setting is valid only for Win32 user mode services. Also, for a share process service, all services cohosted in the process must have this SID type set for this to take effect.

If this setting is "none", the SCM will not add the service's SID to the service process token.

Usage:

sc <server> qsidtype [service name]

qprivs

Queries the required privileges setting for a service. The privilege settings take effect when the service process starts due to the first service in the process being started. At that time, the Service Control Manager (SCM) computes the union of all privileges required by all services that will be hosted in the same process and then creates the process with those privileges. An absence of this setting is taken to imply that the service requires all the privileges that the security subsystem allows for a process running in the service's configured account.

Usage:

sc <server> qprivs [service name] <bufferSize>

qtriggerinfo

Queries the trigger parameters of a service.

Usage:

sc <server> qtriggerinfo [service name] <bufferSize>

qpreferrednode

Queries the preferred NUMA node for a Win32 service. This setting is valid only for own process services. If the service has no preferred node setting, then the query will fail.

Usage:

sc <server> qpreferrednode [service name]

qmanagedaccount

Queries whether a services uses an account with a password managed by LSA.

Usage:

sc <server> qmanagedaccount [service name]

qprotection

Queries whether the service is marked to start in a protected process. Note that this setting cannot be changed.

Usage:

sc <server> qprotection [service name]

quserservice

Queries for a user service instance for the current user in the same session created from the user service template specified.

Usage:

sc quserservice <service template name>

delete

Deletes a service entry from the Registry. If the service is running, or another process has an open handle to the service, the service is marked for deletion.

Usage:

sc <server> delete [service name]

create

Creates a service entry in the Registry and Service Database.

Usage:

sc <server> create [service name] [binPath= ] <option1> <option2>...

Options:

NOTE: The option name includes the equal sign. A space is required between the equal sign and the value.

type= <own|share|interact|kernel|filesys|rec|userown|usershare>
(default = own)
start= <boot|system|auto|demand|disabled|delayed-auto>
(default = demand)
error= <normal|severe|critical|ignore>
(default = normal)
binPath= <BinaryPathName to the .exe file>
group= <LoadOrderGroup>
tag= <yes|no>
depend= <Dependencies(separated by / (forward slash))>
obj= <AccountName|ObjectName>
(default = LocalSystem)
DisplayName= <display name>
password= <password>
control

Sends a control to a service.

Usage:

sc <server> control [service name] <value>
<value> = user-defined control code
<value> = <paramchange| netbindadd|netbindremove| netbindenable|netbinddisable>

See also sc stop, sc pause, etc.

sdshow

Displays a service's security descriptor.

Usage:

sc <server> sdshow <service name> <showrights>

sdset

Sets a service's security descriptor.

Usge:

sc <server> sdset <service name> <SD in SDDL format>

showsid

Displays the service SID string corresponding to an arbitrary name. The name can be that of an existing or non-existent service.

Usage:

sc showsid [name]

triggerinfo

Configures the trigger parameters of a service.

Usage:

sc <server> triggerinfo [service name] <option1> <option2>...

Options:

start/device/UUID/HwId1/... <Start the service on arrival of the specified device interface class UUID string with one or more hardware ID strings or compatible ID strings>
start/custom/UUID/data0/.. <Start the service on arrival of an event from the specified custom ETW provider UUID string with one or more binary data items in hexadecimal string format such as ABCDABCD to set 4 byte data>
stop/custom/UUID/data0/... <Stop the service on arrival of an event from the specified custom ETW provider UUID string with one or more binary data items in hexadecimal string format such as ABCDABCD to set 4 byte data>
start/strcustom/UUID/data0/.. <Start the service on arrival of an event from the specified custom ETW provider UUID string with one or more optional string data items>
stop/strcustom/UUID/data0/.. <Stop the service on arrival of an event from the specified custom ETW provider UUID string with one or more optional string data items>
start/lvlcustom/UUID/data0/.. <Start the service on arrival of an event from the specified custom ETW provider UUID string with level higher or equal to the data items in hexadecimal number format such as 0x01>
stop/lvlcustom/UUID/data0/.. <Stop the service on arrival of an event from the specified custom ETW provider UUID string with level higher or equal to the data items in hexadecimal number format such as 0x01>
start/kwanycustom/UUID/data0/.. <Start the service on arrival of an event from the specified custom ETW provider UUID string with keyword that matches any of the bits in the data items in hexadecimal number format such as 0x0A03>
stop/kwanycustom/UUID/data0/.. <Stop the service on arrival of an event from the specified custom ETW provider UUID string with keyword that matches any of the bits in the data items in hexadecimal number format such as 0x0A03>
start/kwallcustom/UUID/data0/.. <Start the service on arrival of an event from the specified custom ETW provider UUID string with keyword that matches all of the bits in the data items in hexadecimal number format such as 0x0A03>
stop/kwallcustom/UUID/data0/.. <Stop the service on arrival of an event from the specified custom ETW provider UUID string with keyword that matches all of the bits in the data items in hexadecimal number format such as 0x0A03>
start/networkon <Start the service on first IP address>
stop/networkoff <Stop the service on zero IP addresses>
start/domainjoin <Start the service on domain join>
stop/domainleave <Stop the service on domain leave>
start/portopen/parameter <Start the service on the opening of a network port. The parameter is of the semi-colon delimited form portnumber;protocolname;imagepath; servicename>
stop/portclose/parameter <Stop the service on the closing of a network port. The parameter is of the semi-colon delimited form portnumber;protocolname;imagepath; servicename>
start/machinepolicy <Start the service when machine group policy changes or is present at boot>
start/userpolicy <Start the service when user group policy changes or is present at boot>
start/rpcinterface/UUID <Start the service when a request arrives at the RPC Endpoint Mapper for the given interface>
start/namedpipe/pipename <Start the service when a request arrives for the specified named pipe. Do not include the "\\.\pipe\" portion of the pipe's name>
delete <Delete the existing trigger parameters>
preferrednode

Changes the preferred NUMA node for a Win32 service. This setting is valid only for own process services. To delete an existing setting, set the node number as -1. If an invalid preferred node number is supplied, then the change request will fail.

Usage:

sc <server> preferrednode [service name] [node number]

GetDisplayName

Gets the DisplayName for a service.

Usage:

sc <server> GetDisplayName <service key name> <bufsize>

GetKeyName

Gets the key name associated with a particular service, using the display name as input.

Usage:

sc <server> GetKeyName <service display name> <bufsize>

EnumDepend

Enumerates Service Dependencies.

Usage:

sc <server> EnumDepend <service name> <bufsize>

The following commands don't require a service name:
sc <server> <command> <option>

boot (ok | bad) Indicates whether the last boot should be saved as the last-known-good boot configuration
Lock Locks the Service Database
QueryLock Queries the LockStatus for the SCManager Database

QUERY and QUERYEX OPTIONS:

If the query command is followed by a service name, the status for that service is returned. Further options do not apply in this case. If the query command is followed by nothing or one of the options listed below, the services are enumerated.

type= Type of services to enumerate (driver, service, userservice, all)
(default = service)
state= State of services to enumerate (inactive, all)
(default = active)
bufsize= The size (in bytes) of the enumeration buffer
(default = 4096)
ri= The resume index number at which to begin the enumeration
(default = 0)
group= Service group to enumerate
(default = all groups)

Sc examples

st start hope

If the "hope" service existed would start the hope service.

sc query

Enumerates the status for active services & drivers.

sc query eventlog

Displays the status for the eventlog service.