• State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 23 subscribers
  • Views 743 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

How to Start a Windows Service via Alert Action ONLY if the Startup Type is Automatic

xtraspecialj

So I'm tasked with setting up an alert in Orion that will Start a Down Windows Service but only if the Startup Type of that Service is set to Automatic.

I know how to setup a PowerShell script that I can call from the Alert Action and pass the parameters necessary to Start the service.  That isn't my problem.  My problem is how to first query for the Startup Type of that service.  It doesn't look like the standard Windows Component Monitor in SAM captures Startup Type of Services.  I know the Service Control Manager feature does, but I don't know how to tap into that via the API.

The possible solutions I can think of are as follows:

- (Least Desired) Create a WMI Script monitor that fetches the startup type of all monitored services on a Windows Node.  I could then query this data for a component via a SWQL query when executing my script.  This would be a total pain, especially considering we have almost a thousand Windows nodes I'd have to apply this to (yeah, I can do it with the new automatic templates assigned to Groups feature, but I really don't want that many more Component Monitors in our environment, we already have SO many.)

- (Also not Desired) Create a library of possible Windows Credentials in my script and call the appropriate one based on what credential is used by the Component Monitor or Node.  This is not ideal because I don't want to have to store all of my credentials in a script, even if I do encrypt the password.

- (Most Desired) Somehow call the Credential object from the SWIS API and pass that to my Get-Service cmdlet.  Not sure if this is possible, but that'd be great if it is.

- (This'll Do) Have my script call the same program that the "Service Control Manager" does in the Orion Web Console and fetch the Startup Type value for the matching service.  Don't know if this is possible either, but this would also be great if it was...

Can anybody (especially tdanner maybe emoticons_wink.png) let me know if the bottom two solutions are possible, or maybe if there is another better solution I can't think of?  I really don't want to use my first two options if I can help it.

  • 0

    It's getting late in the day here, so this will be a quick post....

    To get the service start up type try:

    $result = Get-Service <Name>

    Write-Host $result.StartType

    FYI:

    $result | Get-Member      --- will show you all the other options available

    If I get time tomorrow, I will try wrapping this into a PowerShell SWIS script.

  • 0 in reply to yaquaholic

    Well yeah, I know how to use all that stuff.  My question isn't about that.  My question is if there is a way to use the Credential object for that component to pass to the Get-Service cmdlet, or, if not, then is there a way to call their program that drives the Service Control Manager feature in the Orion Web Console and get the Startup Type value from it, since that program gets the Startup Type.  How to actually write the script as it relates to using Get-Service and starting/stopping services I'm completely fine with, it's just the credential issue I'm trying to overcome.

  • 0

    Yup you're right, identifying the IDs isn't too hard, but I cannot see any way extracting the credentials and re-using them.

    Possibly there is some way to extract to the password to New-Object System.Security.SecureString, tdanner is the man, if anyone knows.

    Though I am scratching my head about a local script (on the managed device), invoked remotely from the Orion alert action, if you can send the Service Name sent as a parameter.

    The script could check the startup configuration with ease.

    Invoke-Command -ComputerName ${N=SwisEntity;M=Caption} -ArgumentList <Service Name> -FilePath C:\Scripts\RestartService.ps1

    The script can check for start up type and would then inherit the node's credentials.

    But at this hour of the evening, I can't work out how to pass the Service Name back as a variable...

  • 0

    Invoke-Command relies on PS Remoting though, doesn't it?  We don't have that setup on any of our Windows servers (except for the AppInsight for IIS/Exchange boxes of course).  It looks like the Password in the SQL table CredentialSettings uses RSA encryption via their Self-Signed certificate, so I'm wondering if I can use the certificate and the Convert SecureString cmdlets to decrypt it and create a Credential object out of it.  If not then I'll just have to break down and setup a little credential library of my own and call it based on what cred the node uses. 

  • 0

    I don't think SAM will be able to help you here other than through component monitors. The monitoring credentials are encrypted in the database and not exposed through the API. SAM's Service Control Manager feature lacks an API.

  • 0 in reply to tdanner

    So my idea of using the certificate to decrypt the password won't work you think?

  • 0 in reply to xtraspecialj

    You are welcome to try it, but I can't really endorse that.

  • 0 in reply to tdanner

    Oh, yeah, good point...   Sorry about that.

    I'm thinking that it probably won't work anyways, but I figured I'd give it a shot.  I guess I'll not reply whether it worked or not as either confirming or denying that isn't a good idea.


    Thanks for replying anyways.

    I know a few feature requests already exist for Credential management support in the API, so I hope that becomes a thing.  I see that there is Service Control support in the API, I think it would be nice though if we could also tap into the Service Info that the real time service manager gets as well.  Or, even better, if the Windows Service Monitor component just gathered some additional data like the Startup Type as well as the extended Service State info that WMI gets.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.