I'm trying to set a windows process called "GbpSv" to disabled and although my user is administrator, all the commands are disabled.
Ex:
C:\Users\Andre>sc config "GbpSv" start=disabled
[SC] OpenService FAILED 5:
Access is denied.
C:\Users\Andre>net stop "GbpSv"
The requested pause, continue, or stop is not valid for this service
I'm using Windows 8.1.
Trying to kill the process:
C:\Program Files (x86)\GbPlugin>tasklist | FindStr Gbp
GbpSv.exe 104 Services 0 16.520 K
GbpSv.exe 5324 Console 1 13.448 K
C:\Program Files (x86)\GbPlugin>taskkill /pid 104
ERROR: The process with PID 104 could not be terminated.
Reason: This process can only be terminated forcefully (with /F option).
C:\Program Files (x86)\GbPlugin>taskkill /f /pid 104
ERROR: The process with PID 104 could not be terminated.
Reason: Access is denied.
You can't merely stop it like that. You'll have to purge it completely from your machine because it's a security plugin that some banks provide in order to secure your access to their internet banking services. Therefore it's very well protected from malicious removal by rogue apps.
Here's how you can remove it:
First you'll have to delete the Program files\Gbplugin folder. I deleted it by booting into Linux (you could use an Ubuntu live CD), mounting the Windows partition and deleting it. Logging in as a Windows administrator or into Secure Mode should do the trick as well.
But in order to get rid of the Gpb Service, Gbplugin and Warsaw (its companion app, written by "Gas Tecnologia"), you'll have to delete all of their entries on the Regedit. Just open regedit, press ctrl+f, look for "Gpb", "Gbplugin", "Gpbsv" and "Warsaw" and delete the entries. Be careful not to delete unrelated stuff!
You can uninstall Warsaw from the Control Panel. Make sure you delete the DLLs left on your local folder (you can easily find them with the Windows Explorer Search).
On the next reboot the service should be disabled.
If you don't uninstall it and delete the Regedit entries mentioned above, it will keep reinstalling Gpb silently over and over again. So leave no stone unturned.
Obs: To reboot into secure mode using Windows 8.1, hold the Shift key while choosing the restart option from the "Power Options".
Related
I'm trying to set up a Windows service with the following requirements:
Runs as a domain account - this account has access to other shares that the process will touch
Has full administrative rights on the machine, past UAC - specifically needs to be able to take ownership of folders
The problem is that the process needs to take ownership of folders at some points, which is done by calling takeown /A /F <file>. This works on the command line, but only when it's explicitly Run as Administrator - being a local admin on the machine does not give full admin rights, and the account still has to go through the UAC prompt, so when running as a service we just get ERROR: The current logged on user does not have administrative privileges.. It seems like the standard way to get around UAC for a service account is to use the Local System account, but that isn't an option because then we can't access the other servers.
Is there any way to set up the service and say "Run as this account, in the context of a full administrator on the machine"? As another potential solution, is there a way to exclude a domain account from UAC on a machine? Any other solution could work as long as it runs as a service, can set folder ownership, and using a domain account. Ideally this is done without opening up big security holes, like fully disabling UAC on the machine.
I am not able to reproduce your problem. Here is how I tested.
Part 1: Create sample directory with non-administrator owner
Create directory C:\TestDir
Disable permission inheritance and copy inherited permissions into explicit permissions
Grant NT SERVICE\TrustedInstaller full control access
Set owner of directory to NT SERVICE\TrustedInstaller
Set Administrators and SYSTEM accounts to have read access
Remove access for all other accounts
After complete, verify that, logged on as elevated administrator, I am not able to create a file in that directory.
Part 2: Create a service that takes ownership of the directory
I did this using nssm (https://nssm.cc):
Create a short batch file, C:\scripts\TestService.cmd, containing the takeown command:
takeown /F C:\TestDir /A
Run nssm install and specify:
Application path: C:\Windows\System32\cmd.exe
Arguments: /C C:\scripts\TestService.cmd
Restart action: Stop service (oneshot mode)
Log on: Specify username and password of an account that's a member of the local Administrators group
stdout redirection: C:\scripts\TestService-stdout.log
stderr redirection: C:\scripts\TestService-stderr.log
I started the service, which executed the C:\scripts\TestService.cmd batch file. (The service stopped immediately after starting, which is expected in this case.) The standard output file C:\scripts\TestService-stdout.log contained the following lines:
C:\Windows\System32>takeown /F C:\TestDir /A
SUCCESS: The file (or folder): "C:\TestDir" now owned by the administrators group.
This experiment demonstrates that a service running using an account that's a member of the local Administrators group runs elevated (i.e., with full administrative privileges).
I've installed TFS2018 Express. It appears to have completely installed.
When I attempt to access its website component, I get the Win32 0x80004005 Access is Denied error. The stack trace references a csc.exe program in a roslyn sub-sub directory. The failing command mentions a file in another directory.
I've seen other threads that say not to run TFS in 32-bit mode. The installer didn't ask me and I don't know how to tell it to act in 64-bit mode.
Other threads say I need to add read and execute permissions to the directory. Which directory/directories? I've added it to the whole website directory and its children plus the referenced file directory.
It seems pretty darn silly for the product to install itself with inadequate permissions and not tell us which permissions are needed.
The error message tells me what command was failing.
[Win32Exception (0x80004005): Access is denied]
[ExternalException (0x80004005): Cannot execute a program. The command being executed was:
"d:\Program Files\Microsoft Team Foundation Server 2018\Application Tier\Web Services\bin\roslyn\csc.exe" /shared /keepalive:"10" /noconfig /fullpaths #"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\tfs\af7cc5\244hjudj.cmdline"
Just for testing, after fighting it for some time, I gave full control over the roslyn directory and to the TFS (and child) directories to domain users where the cmdline file was mentioned. No change in the error message.
I put the above command into the command line and ran it. I get this error message:
error CS2011: Error opening response file 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\tfs\af7cc5\244hjudj.cmdline'
warning CS2008: No source files specified
error CS1562: Outputs without source must have the /out option specified.
Any ideas?
See https://developercommunity.visualstudio.com/content/problem/165639/0x80004005-access-is-denied-on-new-install-of-tfs2.html# for an answer that worked for me.
Key elements are that the program was installed via the iso installer and it apparently caused the website to run in 32bit mode, when 64bit mode is needed.
This caused the website to recompile to 64bit mode:
Files under C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary
ASP.NET Files are created by ASP.NET compiler. It is very strange that
error message mentions
C:\Windows\Microsoft.NET\Framework\v4.0.30319 instead of
C:\Windows\Microsoft.NET\Framework64\v4.0.30319
since TFS must be running in 64-bit Application Pool. Could you make
sure that "Microsoft Team Foundation Server Application Pool" and
"Microsoft Team Foundation Server Message Queue Application Pool"
application pools are configured to run in 64 bit processes?
To do this you can do the following:
1) Open IIS Manager (inetmgr.exe)
2) Select Application Pools page
3) Select "Microsoft Team Foundation Server Application Pool" click on
"Advanced Settings..." link on the right pane.
4) Make sure that Enable 32-bit Applications is set to False.
5) Repeat steps 3 and 4 for the "Microsoft Team Foundation Server
Message Queue Application Pool"
Once you verified that application pools are configured to run in 64
bit processes, open Sites page in the IIS manager and find out ID of
the Team Foundation Server site (second column). Usually it is 1 or 2.
After that, execute the following from the elevated command prompt:
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
-errorstack -m /LM/W3SVC/1/root/tfs
Replace bold 1 with ID of your Team Foundation Server site.
Does it report any errors?
In my case, the 32bit settings on the application pools were correct, and the aspnet_compiler.exe command caused the website to switch to 64bit mode. After that, all was well.
When I try to install a Windows service:
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\installutil
I get, what looks to be, some success messages and some failure messages. Part way down:
An exception occurred during the Install phase.
System.ComponentModel.Win32Exception: The specified service has been marked for deletion
At the end:
The Rollback phase completed successfully.
The transacted install has completed.
The installation failed, and the rollback has been performed.
The service is given an entry in the Services applet, but it is marked as "Disabled". When I attempt to change it to another state, I get a "marked for deletion" error message.
There are no messages in the Event Log. There is nothing useful in the log file created by installutil.exe (I believe it's written to the current working directory).
I have no direction to go with this. What do I do?
It turns out that the install might, or probably will, fail if that service is highlighted in the Services applet. It's safest to just close the Services applet, install the service, and then re-open the Services applet. It's really stupid.
Also, make sure to run the console as admin.
I experienced the same and the issue for me was that a service with the same name was already installed. So in order to install the new service I had to uninstall the older services. I am learning how to create and setup windows services and thus the naming conflicting. Tried uninstalling the service first through:
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\installutil -u servicename.exe
Once this statement executes successfully, install your service and it should succeed without any rollbacks.
Right Click on Command Prompt and choose RUN AS ADMINISTRATOR
Then copy and paste in: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe C:\TestService\bin\Debug\TestService.exe
Result in TestService.InstallLog is:
Installing service TestService...
Service TestService has been successfully installed.
Some times this happens due to permission issues.
Run the "Developer Command Prompt for VS 2012" as Administrator.
Then it will work.
Adding few more check's and points to solve this above issue.
Build service in release mode and take release folder files and kept in different path
Copy that path and go to visual studio command prompt window and run this bellow sample command to install the service.
Please close services.msc window if its opened , then run C:Program Files (x86)\Microsoft Visual Studio 11.0>InstallUtil.exe C:\RunLocationServices\TestService.exe
Go services.msc and select that service and click on start ,if it changed to "started" then your service running fine.
Still if issue exists then
Another Checkpoint & SOLUTION
When a service starts, the service communicates to the Service Control Manager how long the service must have to start (the time-out period for the service).
If the Service Control Manager does not receive a "service started" notice from the service within this time-out period,
the Service Control Manager terminates the process that hosts the service.
This time-out period is typically less than 30 seconds.
If you do not adjust this time-out period, the Service Control Manager ends the process.
To adjust this time-out period, follow these steps:
1.Go to Start > Run > and type regedit
2.Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
With the control folder selected, right click in the pane on the right and select new DWORD Value
3.Name the new DWORD: ServicesPipeTimeout
4.Right-click ServicesPipeTimeout, and then click Modify
Click Decimal, type '180000', and then click OK
5.Restart the computer
Still if issue exists then problem in your service code ,infinate loop may occur due to your methods/classes of service calling. Do code review of each line.
This problem is due to security, you'd better open developer command prompt for VS 2012:
RUN AS ADMINISTRATOR
and install your service. It will surely fix your problem.
I tried and the issue was resolved.
I used following command to stop the HTTP service
net stop http /y
And I got following error message:
The service is starting or stopping. Please try again later.
Now the HTTP service is in a in-between state. Its neither stopped nor starting. What should i do?
I read some similar issues but they are not helping.
Can't stop IIS in windows 7
You should be able to kill it via the Task Manager.
Right-click on taskbar -> Start Task Manager Go to Process tab
If you can find the service under the Processes tab:
Right click and select "End Process"
If you don't see it under Processes (or don't know which is the process for the service you want to kill),
While on the Processes tab
Check "Show processes from all users" in the lower left
Then "View" menu and choose "Select Columns"
Check "PID" and hit OK
Go to the services tab to find the PID of the service you want to kill
Go back to Processes tab and Right-click -> End Processstrong text
Copied the answer from the https://superuser.com/questions/489949/force-windows-7-service-to-stop
and it worked for me.
There are probably some processes that have open handles to \Device\Http\*.
You need close these handles or processes (e.g. in Process Explorer) to let the HTTP service stop.
I did this (on Windows 10) and can be done on Windows 7 (see below):
Turn on the windows feature the IIS Management Console.
Windows search for "IIS Manager"
From the Manage Server Menu on the right, select "Stop"
it worked. (e.g. free up the port 80 )
I checked that the same can be done on Windows 7 : https://learn.microsoft.com/en-us/iis/install/installing-iis-7/installing-iis-on-windows-vista-and-windows-7
What worked for me (I am using Windows 10):
Restarted the PC - It reset the "starting and stopping state" and started Http service - Irrespective of OS worth trying
Opened command prompt in the administrator mode
Http Service is running by default, can check using command -> Net Start HTTP
Run command -> Net Stop HTTP
Following message is displayed
The following services depend on the HTTP Service service.
Stopping the HTTP Service service also stops these services.
WWW Publishing Service
W3C Logging Service
SSDP search
Feature Search Resource Release
Function Search Provider Host
Upon entering 'Y', HTTP Service stops
I have created a windows service and in the service in control panel -> administrative tools -> services, its status is starting.
I want to stop this service, but the stop option is grayed out.
How can I start/stop the service?
Every time I restart, then it becomes stopped and I can delete it.
If you run the command:
sc queryex <service name>
where is the the name of the service, not the display name (spooler, not Print Spooler), at the cmd prompt it will return the PID of the process the service is running as. Take that PID and run
taskkill /F /PID <Service PID>
to force the PID to stop. Sometimes if the process hangs while stopping the GUI won't let you do anything with the service.
You could do it in one line (useful for ci-environments):
taskkill /fi "Services eq SERVICE_NAME" /F
Filter -> Services -> ServiceName equals SERVICE_NAMES -> Force
Source: https://technet.microsoft.com/en-us/library/bb491009.aspx
If the stop option is greyed out then your service did not indicate that it was accepting SERVICE_ACCEPT_STOP when it last called SetServiceStatus. If you're using .NET, then you need to set the CanStop property in ServiceBase.
Of course, if you're accepting stop requests, then you'd better make sure that your service can safely handle those requests, especially if your service is still progressing through its startup code.
As Aaron mentioned above, some services do not accept SERVICE_ACCEPT_STOP messages, by the time it was developed. And that is hard coded into the executable. Period. A workaroud would be not to have it started, and as you cannot change its properties, forcibly do the following:
Boot into safe mode (Windows 10 users might need msconfig > boot > safe boot)
Regedit into HKLM > System > ControlSet001 > Services
Locate your service entry
Change 'Start' key to 3 (manual startup) or 4 (disabled)
If you cannot change the entry, right-click on your service name on the left pane, select 'Permissions', check that 'Everyone' has full access and try step 4 again.
Don't forget to disable safe boot from msconfig again, and reboot !
Open command prompt with admin access and type the following commands there .
a)
tasklist
it displays list of all available services . There you can see the service you want to stop/start/restart . Remember PID value of the service you want to force stop.
b) Now type
taskkill /f /PID [PID value of the service]
and press enter. On success you will get the message
“SUCCESS: The process with PID has been terminated”.
Ex : taskkill /f /PID 5088
This will forcibly kill the frozen service. You can now return to Server Manager and restart the service.
sc queryex <service name>
taskkill /F /PID <Service PID>
eg
I solved the problem with the following steps:
Open "services.msc" from command / Windows RUN.
Find the service (which is greyed out).
Double click on that service and go to the "Recovery" tab.
Ensure that
First Failure action is selected as "Take No action".
Second Failure action is selected as "Take No action".
Subsequent Failures action is selected as "Take No action".
and Press OK.
Now, the service will not try to restart and you can able to delete the greyed out service from services list (i.e. greyed out will be gone).
Here's a simple method to kill a service you can't stop directly, if that service has dependencies.
Open the service's properties window & click on dependencies tab
See what it needs to run
Stop one of those if possible, being sure that it won't also crash Windows
For example, stopping "network store interface service" aka nsi will kill an unkillable dnscache service. It will also kill all network capabilities & may require restarting Windows to get them back. I've had to do this to edit the hosts file, sometimes dnscache refuses to let go & you can't update hosts without killing it first but you can't do it directly.
The crucial thing that a lot of the suggestions dont make clear is that you must 'start command window as administrator' even if your already logged in as an administrator.