Vista Services.docx
- 文档编号:8837468
- 上传时间:2023-05-15
- 格式:DOCX
- 页数:24
- 大小:30.50KB
Vista Services.docx
《Vista Services.docx》由会员分享,可在线阅读,更多相关《Vista Services.docx(24页珍藏版)》请在冰点文库上搜索。
VistaServices
ServicesinWindows Vista
November30,2009
Abstract
ThispaperprovidesinformationaboutchangestoWindows®servicesthatwereintroducedinWindows Vista®.Italsoprovidessomebest-practicesguidelinesfordeveloperswhointendtoimplementservicesfortheseversionsofWindows.
Thisinformationappliestothefollowingoperatingsystems:
Windows 7
WindowsServer®2008R2
WindowsServer2008
WindowsVista
Referencesandresourcesdiscussedherearelistedattheendofthispaper.
ThecurrentversionofthispaperismaintainedontheWebat:
Disclaimer:
TheinformationcontainedinthisdocumentrepresentsthecurrentviewofMicrosoftCorporationontheissuesdiscussedasofthedateofpublication.BecauseMicrosoftmustrespondtochangingmarketconditions,itshouldnotbeinterpretedtobeacommitmentonthepartofMicrosoft,andMicrosoftcannotguaranteetheaccuracyofanyinformationpresentedafterthedateofpublication.
ThisWhitePaperisforinformationalpurposesonly.MICROSOFTMAKESNOWARRANTIES,EXPRESS,IMPLIEDORSTATUTORY,ASTOTHEINFORMATIONINTHISDOCUMENT.
Complyingwithallapplicablecopyrightlawsistheresponsibilityoftheuser.Withoutlimitingtherightsundercopyright,nopartofthisdocumentmaybereproduced,storedinorintroducedintoaretrievalsystem,ortransmittedinanyformorbyanymeans(electronic,mechanical,photocopying,recording,orotherwise),orforanypurpose,withouttheexpresswrittenpermissionofMicrosoftCorporation.
Microsoftmayhavepatents,patentapplications,trademarks,copyrights,orotherintellectualpropertyrightscoveringsubjectmatterinthisdocument.ExceptasexpresslyprovidedinanywrittenlicenseagreementfromMicrosoft,thefurnishingofthisdocumentdoesnotgiveyouanylicensetothesepatents,trademarks,copyrights,orotherintellectualproperty.
Unlessotherwisenoted,theexamplecompanies,organizations,products,domainnames,e-mailaddresses,logos,people,placesandeventsdepictedhereinarefictitious,andnoassociationwithanyrealcompany,organization,product,domainname,emailaddress,logo,person,placeoreventisintendedorshouldbeinferred.
©2009MicrosoftCorporation.Allrightsreserved.
Microsoft,MSDN,VisualBasic,Windows,andWindowsVistaareeitherregisteredtrademarksortrademarksofMicrosoftCorporationintheUnitedStatesand/orothercountries.
Thenamesofactualcompaniesandproductsmentionedhereinmaybethetrademarksoftheirrespectiveowners.
DocumentHistory
Date
Change
November30,2009
UpdatedUIrequirementsandremovedunimplementedSCcommands.
August15,2006
Firstpublication
Contents
OverviewofWindowsServices3
HowServicesWork3
ChangestotheWindowsServicesModel4
SecurityEnhancements5
RunningwithLeastPrivilege5
ServiceIsolation7
RestrictedNetworkAccess10
Session 0Isolation11
PerformanceEnhancements12
DelayedAuto-Start12
ServiceStateChangeNotifications13
OtherEnhancements14
PreshutdownNotificationsandShutdownOrdering14
FailureDetectionandRecovery16
Resources18
OverviewofWindowsServices
Windows®servicesareapplicationsthattypicallystartwhenthecomputerisbootedandrunquietlyinthebackgrounduntilitisshutdown.Strictlyspeaking,aserviceisanyWindowsapplicationthatisimplementedwiththeservicesAPI.However,servicesnormallyhandlelow-leveltasksthatrequirelittleornouserinteraction.
Althoughservicesareofteneffectivelyinvisibletousers,Windowscannotfunctionnormallywithoutthem.Anumberofessentialoperatingsystemfunctionsarehandledbyservices,includingthefollowing:
∙Networking.Anumberofsystemservicessupportnetworking.Forexample,theDynamicHostConfigurationProtocol(DHCP)clientservicemanagesnetworkconfigurationbyregisteringandupdatingInternetProtocol(IP)addressesforthesystem.
∙Hardware.ThePlugandPlayserviceenablesacomputertorecognizeandrespondtochangesinitshardwareconfiguration,suchasauseraddingorremovinghardware.
∙Remoteaccess.TerminalServicesallowuserstologontoacomputerfromaremotelocation.
InadditiontoservicesthatarepartofWindows,mostcomputersalsohaveseveralthird-partyapplicationsthatrunpartlyorwhollyasservices.Commonexamplesofthird-partyservicesincludefirewallsandantivirusapplications.
ThiswhitepaperprovidesanoverviewofthechangestotheservicesmodelbeginningwithWindows Vista®.Italsoprovidessomebest-practicesguidelinesfordeveloperswhointendtoimplementservicesfortheseversionsofWindows.Fortheconvenienceofreaderswhomightnotbefamiliarwithservices,theremainderofthissectionprovidesabriefoverviewofhowservicesworkandhowtheyareimplemented.Formorecompleteinformation,seetheWindowsServicesdocumentationintheMSDN®Library.
HowServicesWork
TheprimarydifferencebetweenservicesandnormalapplicationsisthatservicesaremanagedbytheServiceControlManager(SCM).ServicesareimplementedwiththeservicesAPI,whichhandlestheinteractionbetweentheSCMandservices.TheSCMmaintainsadatabaseofinstalledservicesandprovidesaunifiedwaytocontrolthem,including:
∙Startingandstoppingservices.
∙Managingrunningservices.
∙Maintainingservice-relatedstateinformation.
Servicesexistinoneofthreestates:
started,stopped,orpaused.
∙Startedisthenormalrunningstateforaservice.
∙Astoppedservicehasbeencompletelyshutdownandmustgothroughanormalstartupproceduretoenterthestartedstateagain.
∙Apausedservicesuspendsnormalprocessing,butremainsinmemoryandcontinuestorespondtocontrolrequests.Pausedservicescanthereforereturntothestartedstatewithoutgoingthroughthestartupprocedure.
Akeycharacteristicofaserviceishowitisstarted.TheSCMhasadatabasethatincludesinformationonhoweachserviceshouldbestarted.Thefollowingaretheservicestartuptypes:
∙Automatic.TheSCMautomaticallystartstheseservicesduringthesystem'sbootprocess.Theyareoftencalledauto-startservices.
∙Manual.TheseservicesmustbestartedmanuallywiththeControlPanelAdministrativeToolsapplication,withthesc.execommand-linetool,orprogrammaticallywiththeStartServicefunction.Theyareoftencalleddemand-startservices.Windows 7introducestrigger-startservices.Formoreinformation,see“DevelopingEfficientBackgroundProcessesforWindows”ontheWHDCWebsite.
∙Disabled.Theseservicescannotbestarted.Tostartadisabledservice,theusermustfirstchangethestartuptypetoautomaticormanual.
Afteraservicehasstarted,theSCMusescontrolrequeststomanagetheservice'sstate.Forexample,theSCMsendscontrolrequeststonotifyaservicethatitispausing,isresumingoperation,orshouldbepreparingtoshutdown.TheSCM'sdatabasealsocontainsthesecuritysettingsforeachservice.Thesesettingscontrolhowmuchaccessaservicehastosystemresourcesandenablesystemadministratorstocontrolaccesstoeachservice.
ChangestotheWindowsServicesModel
ServiceshavebeenanessentialpartofWindowsformanyyears.Theyenabledeveloperstocreatelong-runningexecutableapplicationsthat:
∙Canbeautomaticallystartedwhenthecomputerstarts.
∙Canbepausedandrestarted.
∙Canfunctionwhetherornotaninteractiveuserisloggedon.
∙Canruninthecontextofauseraccountthatisdifferentfromeitherthelogged-onuserorthedefaultcomputeraccount.
Thesefeaturesmakeservicesidealforscenarioswherethereisaneedforlong-runningfunctionalitythatdoesnotinterferewithuserswhoareworkingonthecomputer.However,sinceserviceswereintroduced,theenvironmentinwhichtheyfunctionhaschangedsubstantially.Thesechangeshavecreatedvariousissueswithsecurity,reliability,performance,management,andadministration.
ThissectiondiscussesenhancementsthatweremadetoWindows Vistatoaddressservice-relatedissues.
SecurityEnhancements
Inrecentyears,serviceshavebeenanattractivetargetforviruswriterswhowanttoattackWindows.RecentexamplesincludeBlaster,Sasser,andCodeRed.Thissituationoccursforanumberofreasons:
∙Servicesaretypicallylongrunning.Often,theystartwhenthesystembootsupandstopwhenitshutsdown.
∙Servicesareoftennetworkfacing,whichmakesthemespeciallyvulnerabletoremoteattacks.
∙Servicestypicallyruninahigh-privilegeaccountsuchasLocalSystem.
ThissectiondiscussestheenhancementsthatweremadetoWindows Vistatomitigatethesecurityissuesthatareassociatedwithservices.Thesechangesaddresstwoimportantgoals:
∙Limitingaccesstoservicesbyuserapplications.Session 0isolationrequiresservicesanduserapplicationstoruninseparatesessions.
∙”Hardening”servicestolimittheabilityofacompromisedservicetodamageasystem.Therearetwocomplementarywaystoaccomplishthisgoal:
Runningwithleastprivilegeallowsservicestorunwithonlythoseprivilegesthattheyneed,andnothingmore.
Serviceisolationallowsservicestoisolatethemselvesfromotherservicesorapplicationsbyusingauniqueserviceidentity.Aservicecanusethisidentitytorestrictaccesstoitsresourcesbyotherservicesorapplications.Aservicecanalsouseitsidentitytorestricttheservice'saccesstotheresourcesofotherservicesorapplications.Forexample,serviceisolationallowsanantivirusservicetomaintainexclusiveaccesstoitssignaturedefinitionfiles.
RunningwithLeastPrivilege
WindowsservicescommonlyrunintheLocalSystemaccount,themostp
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- Vista Services