Somehow someone at Microsoft had decided to end switches with the equals sign. In order to comply with their way of doing things I have copied this behavior in all the switches that are "inherited" from the original program. In the implementation of the ACL I did not follow this methodology, instead I chose to implement this the same way it has been implemented in the other programs from SteelWerX. So do not forget them.

An example of a valid command line is SWSC query type= service type= interact. Note the equal sign and the space!

Also I did not implement the various ways of entering buffersizes. My reasoning behind this is that you want an answer, and not to be told that the buffer is too small!

Unless otherwise specified every commandline switch expects a servicename. Otherwise it cannot be executed.

Queries the status for services on the machine. The difference between QUERY and QUERYEX is the return of the extended status. This means that next to the data returned by QUERY you will also get the ProcessID and the Process flags of the service.

You can further refine what is enumerated by the use of the following switches (the default is italicized):

• type= Type of services to enumerate (driver, service, all)
• state= State of services to enumerate (active, inactive, all)
• ri= The resume index number at which to begin the enumeration. The default value is 0
• group= Service group to enumerate. The default is to enumerate all groups
• options= Some extra options to show in the output.(descriptions, config)
  descriptions will show service descriptions as well, while config will show configuration parameters.
  These two options show the same information as (QDESCRIPTION and QC respectively)

If the query command is followed by a service name, the status for that service is returned. Further options do not apply in this case, and will be ignored.

Starts a service. You can extend the command line with the various parameters that are needed to start the particular service.

Pauses a service.

Interrogates a service. This will result in an refreshed status.

Restarts a service.

Stops a service.

Changes the configuration of a service. The following items can be changed with this command:

• type= Type of service (own, share, interact, kernel, filesys, rec, adapt)
• start= Startuptype (boot, system, auto, demand, disabled)
• error= The way errorhandling should be handled (normal, severe, critical, ignore)
• binPath= Path to the executable that will be executed as service
• group= The group the service is used in
• tag= Yes if the service is tagged, no if not
• depend= The services this service depends on to be running. If there are multiple services they should be separated by a forward slash (/)
• obj= the accountname the service is running under
• DisplayName= The displayname of the service
• password= The password to the account that will start the service

To change a service's configuration you have to be logged in as an Administrator.

Changes the description of a service. To change a service description you will have to be logged in as Administrator.

Changes the actions taken by a service upon failure. You will need Administrator access to use this command.

Options to set for failure actions are:

• reset= The length of time in seconds after which the failure count is reset to 0. This may be INFINITE.
  note: this must be used in conjunction with the switch actions=
• reboot= The message broadcast before rebooting on failure. If you use this switch and not specify a message, it will delete the current reboot message
• command= Command to execute in case of failure. Not specifying a commandline will result in deletion of the current commandline
• actions= The failure actions to be taken and their delay time in milliseconds. These are separated by a forward slash (/), for example: run/5000/reboot/800.
  Valid actions are:
  • run Run the command specified by the command= switch
  • restart Restart the service
  • reboot Restart the computer
  This switch must be used in conjunction with the reset= option, and will clear the current list if not specified

Queries the configuration information for a service.

Queries the description for a service.

Queries the actions taken by a service upon failure.

Deletes a service (from the registry).

Creates a service. To create a service you need to enter the path in binPath= and a servicename.

The other possible switches are optional, and can be (the defaults are italicized):

• type= The type of service. This can be (own, share, interact, kernel, filesys, rec)
• start= Startuptype (boot, system, auto, demand, disabled)
• error= Errorhandling for the service (normal,severe,critical,ignore)
• group= A group of services that this service is part of
• tag= Yes or no. You can use a tag to order the loading of the service within its group.
• depend= Services that should be running before this service can be loaded. If you specify more than one separate the with a forward slash (/)
• obj= The accountname that will startup the service. If not specified the service will be started by the LocalSystem
• DisplayName= The displayname of the service
• password= The password that is associated with the account that starts the service.

Sends a controlcode to a service. Controlcodes are defined by the service itself, consult the service's documentation to find which Controlcodes are available for the service.

Displays a service's Security Descriptor in SDDL (Security Descriptor Definition Language). SC.EXE only shows the Access Control List of the service, but SWSC.EXE shows the complete Security Descriptor.

Changes a service's Security Descriptor. As the Security Descriptor Definition Language can be quite difficult, search for documentation first or alternatively use the ACL switch.

SWSC ACL ServiceName [[/G user:GUI;Spec/Inh] [/GX:GUI;Spec/Inh] [...]]
  [/P | /E] [[/D user:GUI;Spec/Inh] [/DX:GUI;Spec/Inh] [...]]
  [[/R user] [/RX] [...]]
  [/L filename] [/Q]
  [[/O user]| /OA | /OM ] [/VERBOSE]

This command will manipulate the permissions of a service. Since the manipulation of permissions is the same as with files I refer to the documentation of SWXCACLS to find the deeper meaning of the various switches. The differences between these two programs I will explain now.

• Services don't inherit or pass on permissions from other services. So the possibilities to manipulate inheritance have been deleted

• The GUI permissions are changed. Taken away from the list are M (Modify) and L (List folder contents) as they are not applicable to services. The four remaining GUI permissions are documented, but in my experience not really useful.

  In addition to these, there are also the default permissions granted to certain Usergroups.

  • U  LocalSystem/Power Users
  • A  Administrators/System Operators
  • S  Authenticated Users/LocalService/NetworkService
• Since Registry keys are slightly different in behavior to files and folders. The Specific rights that can be granted are the following:
  • E  Synchronize
  • D  Take Ownership
  • C  Change Permissions
  • B  Read Permissions
  • A  Delete
  • 9  User Defined Control
  • 8  Interrogate
  • 7  Pause/Continue
  • 6  Stop
  • 5  Start
  • 4  Enumerate Dependent Services
  • 3  Query Status
  • 2  Change Config
  • 1  Query Config
• The following predefined groups are available for use in the "shortcut versions" of the Grant/Deny/Revoke switches:
  • A: Administrators
  • U: (Limited) Users
  • G: Guests
  • O: Owner
  • P: (Power) Users
  • R: Restricted
  • S: Local System
  • E: Everyone
  • Y: System Operators
  • T: Authenticated Users
  • L: LocalService
  • N: NetworkService
  • M: Current User

Gets the displayname for a service.

Gets the Register key for a service.

Shows the services that depend on this service.

Indicates whether the last boot should be saved as the LastKnownGoodBoot configuration. In normal use this switch has no meaning, as the LastKnownGoodBoot is automatically set once the computer has started successfully.

You have to be a member of the Administrators Group to use set the LastKnownGoodBoot status.

This function does not need a servicename.

Locks the service database. Only Administrators can lock the service database.

This function does not need a servicename.

Gets the status of the service database's lock.

This function does not need a servicename.