44r0n7/privacy.sexy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

win: improve disabling update healing #272

Browse Source 
This commit strengthens user control over the Windows Update Medic
Service (`WaaSMedicSvc`) and related components. These changes aim to
provide users with more control over Windows updates and telemetry data
shared with Microsoft, addressing privacy concerns.

Updates include:

- Soft deletion of various Windows Update Medic Service files and
  remediation files to prevent automatic re-enabling of Windows updates.
- Termination of `upfc.exe` to stop it from reactivating Windows Update
  Medic Service, thereby allowing users to maintain their desired update
  settings.
- Improving documentation with cautionary notes to guide users through
  poential impacts of these changes on system stability and update
  integrity.
- Including rationale behind the exclusion of `sedsvc`.
- Better documentation and output messages of `DisableService` function.
This commit is contained in:
undergroundwires
2023-12-09 19:30:33 +01:00
parent c72f9f5016
commit 47b4823bc5
1 changed files with 246 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files

352
src/application/collections/windows.yaml
View File

@@ -7238,10 +7238,16 @@ actions:
Disabling these update services is also a privacy measure. Some updates can change privacy settings or add features that Disabling these update services is also a privacy measure. Some updates can change privacy settings or add features that
collect user data. By controlling update services, users can review and approve any changes before they take effect. collect user data. By controlling update services, users can review and approve any changes before they take effect.
> **Caution**: Disabling Windows update services may lead to missed critical security patches and feature updates.
> Consider the balance between maintaining privacy and ensuring system security and stability.
children: children:
# Tips:
# - Related services can be seen in `%WINDIR%\WaaS\services` folder.
# Excluding: # Excluding:
# - Background Intelligent Transfer Service (BITS): Not exclusive to disabling automatic Windows updates, may break third-party apps # - Background Intelligent Transfer Service (BITS): Not exclusive to disabling automatic Windows updates, may break third-party apps
# - Delivery Optimization (DoSvc): Not exclusive to disabling automatic Windows updates, breaks Microsoft Store downloads. # - Delivery Optimization (DoSvc): Not exclusive to disabling automatic Windows updates, breaks Microsoft Store downloads.
# - Windows Remediation Service (sedsvc): Seems to exist in legacy versions on Windows, does not exist since Windows 10 22H2 and Windows 11 23H2
- -
name: Disable "Windows Update" (`wuauserv`) service name: Disable "Windows Update" (`wuauserv`) service
docs: |- docs: |-
@@ -7259,6 +7265,10 @@ actions:
other software on your computer won't be able to access the functionalities provided by the Windows Update Agent, other software on your computer won't be able to access the functionalities provided by the Windows Update Agent,
commonly known as WUA API [5]. commonly known as WUA API [5].
> **Caution:** This script stops Windows Update Agent's ability to check for and manage system updates. This means your system
> won't automatically receive important updates, which could leave it vulnerable to specific security risks and performance issues
> over time.
[1]: https://web.archive.org/web/20230902020255/https://learn.microsoft.com/en-us/troubleshoot/windows-client/deployment/additional-resources-for-windows-update "Additional resources for Windows Update - Windows Client | Microsoft Learn | learn.microsoft.com" [1]: https://web.archive.org/web/20230902020255/https://learn.microsoft.com/en-us/troubleshoot/windows-client/deployment/additional-resources-for-windows-update "Additional resources for Windows Update - Windows Client | Microsoft Learn | learn.microsoft.com"
[2]: https://web.archive.org/web/20231027190503/https://learn.microsoft.com/en-us/troubleshoot/mem/configmgr/update-management/troubleshoot-software-update-scan-failures "Troubleshoot software update scan failures - Configuration Manager | Microsoft Learn | learn.microsoft.com" [2]: https://web.archive.org/web/20231027190503/https://learn.microsoft.com/en-us/troubleshoot/mem/configmgr/update-management/troubleshoot-software-update-scan-failures "Troubleshoot software update scan failures - Configuration Manager | Microsoft Learn | learn.microsoft.com"
[3]: https://web.archive.org/web/20230905120348/https://learn.microsoft.com/en-us/troubleshoot/windows-client/performance/windows-devices-fail-boot-after-installing-kb4041676-kb4041691 "Windows devices may fail to boot after installing October 10 version of KB 4041676 or 4041691 that contained a publishing issue - Windows Client | Microsoft Learn" [3]: https://web.archive.org/web/20230905120348/https://learn.microsoft.com/en-us/troubleshoot/windows-client/performance/windows-devices-fail-boot-after-installing-kb4041676-kb4041691 "Windows devices may fail to boot after installing October 10 version of KB 4041676 or 4041691 that contained a publishing issue - Windows Client | Microsoft Learn"
@@ -7285,6 +7295,10 @@ actions:
Turning off this service can affect the update process and might cause issues like freezing during update scanning [3]. Turning off this service can affect the update process and might cause issues like freezing during update scanning [3].
> **Caution**: This script directly affects the orchestration and scheduling of Windows updates. This can lead to
> irregularities in receiving updates, potentially causing delays or failures in obtaining critical security patches and
> feature updates specific to Windows functionalities.
[1]: https://web.archive.org/web/20231004161147/https://learn.microsoft.com/en-us/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server "Security guidelines for system services in Windows Server 2016 | Microsoft Learn" [1]: https://web.archive.org/web/20231004161147/https://learn.microsoft.com/en-us/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server "Security guidelines for system services in Windows Server 2016 | Microsoft Learn"
[2]: https://web.archive.org/web/20230905120348/https://learn.microsoft.com/en-us/troubleshoot/windows-client/performance/windows-devices-fail-boot-after-installing-kb4041676-kb4041691 "Windows devices may fail to boot after installing October 10 version of KB 4041676 or 4041691 that contained a publishing issue - Windows Client | Microsoft Learn" [2]: https://web.archive.org/web/20230905120348/https://learn.microsoft.com/en-us/troubleshoot/windows-client/performance/windows-devices-fail-boot-after-installing-kb4041676-kb4041691 "Windows devices may fail to boot after installing October 10 version of KB 4041676 or 4041691 that contained a publishing issue - Windows Client | Microsoft Learn"
[3]: https://web.archive.org/web/20231001150100/https://learn.microsoft.com/en-us/windows/deployment/update/prepare-deploy-windows "Prepare to deploy Windows - Windows Deployment | Microsoft Learn" [3]: https://web.archive.org/web/20231001150100/https://learn.microsoft.com/en-us/windows/deployment/update/prepare-deploy-windows "Prepare to deploy Windows - Windows Deployment | Microsoft Learn"
@@ -7299,27 +7313,142 @@ actions:
This script disables the Windows Update Medic Service. This service runs quietly in the background [1], This script disables the Windows Update Medic Service. This service runs quietly in the background [1],
making sure that parts related to Windows updates are working as they should [1] [2]. making sure that parts related to Windows updates are working as they should [1] [2].
By default, the service is enabled and its startup setting is set to manual [3].
This service can undo any adjustments you've made to your Windows Update settings without your consent. This service can undo any adjustments you've made to your Windows Update settings without your consent.
For example, it can re-enable automatic Windows updates [4]. For example, it can re-enable automatic Windows updates [3].
That can interfere if you've tailored these settings for better privacy or security. That can interfere if you've tailored these settings for better privacy or security.
When you disable this service using our script, you're taking back control. You get to choose how your system By default, the service is enabled and its startup setting is set to manual [4] [5]. It executes
handles updates and data transfers, ensuring that your privacy settings stay as you intended. This is a reliable `%SYSTEMROOT%\System32\WaaSMedicSvc.dll` [5], known as "WaasMedic Service Dll" [6]. It stores remediation
way to strengthen both your privacy and your control over your computer. configuration such as registry keys, tasks and services at `%WINDIR%\WaaS\` folder [7] [8] [9].
Other related files include:
| Path | Description | Windows 10 22H2 | Windows 11 23H2 |
| ---- |:-----------:|:---------------:|:---------------:|
| `%SYSTEMROOT%\System32\WaaSMedicAgent.exe` | WaasMedic Agent Exe | ✅ Exists | ❌ Missing |
| `%SYSTEMROOT%\System32\WaaSMedicCapsule.dll` | WaasMedic Capsule Exe | ✅ Exists | ❌ Missing |
| `%SYSTEMROOT%\System32\WaaSMedicPS.dll` | WaaS Medic Proxy Stub library | ✅ Exists | ✅ Exists |
| `%SYSTEMROOT%\System32\WaaSAssessment.dll` | WaaS Assessment | ✅ Exists | ✅ Exists |
| `%SYSTEMROOT%\System32\Windows.Internal.WaaSMedicDocked.dll` | WaaS Assessment | ❌ Missing | ✅ Exists |
| `%WINDIR%\UUS\amd64\WaaSMedicSvcImpl.dll` | WaaS Assessment | ❌ Missing | ✅ Exists |
> **Caution:** While this script provides greater control over Windows Update operations and enhances user
> privacy by limiting unsolicited data transmission to Microsoft, it's important to be aware of the potential
> impacts on system stability and update integrity. Disabling the Windows Update Medic Service prevents the
> self-healing capability of Windows Updates, favoring the maintenance of user-defined update preferences.
[1]: https://web.archive.org/web/20230905120805/https://support.microsoft.com/en-us/topic/kb5005322-some-devices-cannot-install-new-updates-after-installing-kb5003214-may-25-2021-and-kb5003690-june-21-2021-66edf7cf-5d3c-401f-bd32-49865343144f "KB5005322—Some devices cannot install new updates after installing KB5003214 (May 25, 2021) and KB5003690 (June 21, 2021) - Microsoft Support" [1]: https://web.archive.org/web/20230905120805/https://support.microsoft.com/en-us/topic/kb5005322-some-devices-cannot-install-new-updates-after-installing-kb5003214-may-25-2021-and-kb5003690-june-21-2021-66edf7cf-5d3c-401f-bd32-49865343144f "KB5005322—Some devices cannot install new updates after installing KB5003214 (May 25, 2021) and KB5003690 (June 21, 2021) - Microsoft Support"
[2]: https://web.archive.org/web/20231001150100/https://learn.microsoft.com/en-us/windows/deployment/update/prepare-deploy-windows "Prepare to deploy Windows - Windows Deployment | Microsoft Learn" [2]: https://web.archive.org/web/20231001150100/https://learn.microsoft.com/en-us/windows/deployment/update/prepare-deploy-windows "Prepare to deploy Windows - Windows Deployment | Microsoft Learn"
[3]: https://web.archive.org/web/20230905120815/https://learn.microsoft.com/en-us/windows/iot/iot-enterprise/optimize/services "Guidance on disabling system services on Windows IoT Enterprise | Microsoft Learn" [3]: https://github.com/undergroundwires/privacy.sexy/issues/252 "Disable automatic Updates · Issue #252 · undergroundwires/privacy.sexy | github.com/undergroundwires/privacy.sexy"
[4]: https://github.com/undergroundwires/privacy.sexy/issues/252 [4]: https://web.archive.org/web/20230905120815/https://learn.microsoft.com/en-us/windows/iot/iot-enterprise/optimize/services "Guidance on disabling system services on Windows IoT Enterprise | Microsoft Learn"
[5]: https://web.archive.org/web/20231129202405/https://batcmd.com/windows/10/services/waasmedicsvc/ "Windows Update Medic Service - Windows 10 Service | batcmd.com"
[6]: https://web.archive.org/web/20231129202715/https://strontic.github.io/xcyclopedia/library/WaaSMedicSvc.dll-4064770B860EF19D55B9DAE32F1B300A.html "WaaSMedicSvc.dll | WaasMedic Service Dll | STRONTIC | strontic.github.io"
[7]: https://github.com/undergroundwires/privacy.sexy/issues/272#issuecomment-1821728182 "[BUG]: Windows automatically re-enables Update after 4-5 days · Issue #272 · undergroundwires/privacy.sexy | github.com/undergroundwires"
[8]: https://web.archive.org/web/20231127032408/https://www.acepace.net/2019-03-29-upfc/ "What the bleep is UPFC.exe? | www.acepace.net"
[9]: https://web.archive.org/web/20231129203543/https://call4cloud.nl/2022/03/before-we-wipe/ "KB5011487 | KB5011493 | 2022-03 | Windows.old wipe Issue | call4cloud.nl"
call: call:
function: DisableServiceInRegistry -
# Since Windows 10 21H2 and Windows 11 21H2: function: DisableServiceInRegistry
# - ❗️ Using `sc config` results in "Access in denied", so registry should be used to disable the service. # Since Windows 10 21H2 and Windows 11 21H2:
parameters: # - ❗️ Using `sc config` results in "Access in denied", so registry should be used to disable the service.
serviceName: WaaSMedicSvc # Check: (Get-Service -Name 'WaaSMedicSvc').StartType parameters:
defaultStartupMode: Manual # Allowed values: Automatic | Manual serviceName: WaaSMedicSvc # Check: (Get-Service -Name 'WaaSMedicSvc').StartType
defaultStartupMode: Manual # Allowed values: Automatic | Manual
-
function: SoftDeleteFiles
parameters:
fileGlob: '%SYSTEMROOT%\System32\WaaSMedicSvc.dll'
grantPermissions: true # 🔒️ Protected on Windows 10 since 22H2 | 🔒️ Protected on Windows 11 since 23H2
-
function: TerminateExecutableOnLaunch
parameters:
executableNameWithExtension: WaaSMedicAgent.exe
-
function: SoftDeleteFiles
parameters:
fileGlob: '%SYSTEMROOT%\System32\WaaSMedicAgent.exe'
grantPermissions: true # 🔒️ Protected on Windows 10 since 22H2 | 🔍 Missing on Windows 11 since 23H2
-
function: SoftDeleteFiles
parameters:
fileGlob: '%SYSTEMROOT%\System32\WaaSMedicCapsule.dll'
grantPermissions: true # 🔒️ Protected on Windows 10 since 22H2 | 🔍 Missing on Windows 11 since 23H2
-
function: SoftDeleteFiles
parameters:
fileGlob: '%SYSTEMROOT%\System32\WaaSMedicPS.dll'
grantPermissions: true # 🔒️ Protected on Windows 10 since 22H2 | 🔒️ Protected on Windows 11 since 23H2
-
function: SoftDeleteFiles
parameters:
fileGlob: '%SYSTEMROOT%\System32\WaaSAssessment.dll'
grantPermissions: true # 🔒️ Protected on Windows 10 since 22H2 | 🔒️ Protected on Windows 11 since 23H2
-
function: SoftDeleteFiles
parameters:
fileGlob: '%SYSTEMROOT%\System32\Windows.Internal.WaaSMedicDocked.dll'
grantPermissions: true # 🔍 Missing on Windows 10 since 22H2 | 🔒️ Protected on Windows 11 since 23H2
-
function: SoftDeleteFiles
parameters:
fileGlob: '%WINDIR%\UUS\amd64\WaaSMedicSvcImpl.dll'
grantPermissions: true # 🔍 Missing on Windows 10 since 22H2 | 🔒️ Protected on Windows 11 since 23H2
-
function: SoftDeleteFiles
parameters:
fileGlob: '%WINDIR%\WaaS\*' # Includes `services` and `tasks` folders that defines the desired state configuration on remediation.
grantPermissions: true # 🔒️ Protected on Windows 10 since 22H2 | 🔒️ Protected on Windows 11 since 23H2
recurse: true
-
name: Disable automatically enabling Windows Update Medic Service
recommend: strict
docs: |-
This script disables the `upfc.exe` process, preventing it from automatically re-enabling Windows updates [5].
`upfc.exe` is found at `%SYSTEMROOT%\System32\upfc.exe` [1] [2].
This executable is identified by Microsoft as "Updateability From SCM" [1] [2].
SCM refers to the "Service Control Manager (SCM)", a special system process also known as `services.exe` [3].
`upfc.exe` is automatically launched by SCM during system startup [4].
It is part of the Windows Update self-healing mechanism [1].
It recovers Windows Update Medic Service (`WaaSMedicSvc`) once disabled [1] [5].
`upfc.exe` operates early in the boot process and performs several functions [1]:
1. It checks the details of the `WaaSMedicSvc` against a configuration file, ensuring the service's settings match those listed [1].
2. If discrepancies are found, such as invalid registry settings, `upfc.exe` recreates the service according to the XML configuration file [1].
However, `upfc.exe` also sends data about its operations to Microsoft [1] [5], including details about discrepancies found and any corrective
actions taken [1] [5]. This data is part of the telemetry Microsoft collects [1], which raises privacy concerns.
This script will skip some of its disabling logic on older Windows versions due to community reports of disabling this service causing
BSOD (blue screen of death) [5] [6].
> **Caution:** By disabling `upfc.exe`, this script enhances user privacy by stopping the automatic sending of operational data to Microsoft.
> However, it's important to note that this might impact the integrity and security of the Windows Update process. Users should weigh the
> privacy benefits against potential security risks before using this script.
[1]: https://web.archive.org/web/20231127032408/https://www.acepace.net/2019-03-29-upfc/ "What the bleep is UPFC.exe? | www.acepace.net"
[2]: https://web.archive.org/web/20231127032440/https://strontic.github.io/xcyclopedia/library/upfc.exe-299EA296575CCB9D2C1A779062535D5C.html "upfc.exe | Updateability From SCM | STRONTIC | strontic.github.io"
[3]: https://en.wikipedia.org/w/index.php?title=Service_Control_Manager&oldid=1063455957 "Service Control Manager - Wikipedia | en.wikipedia.org"
[4]: https://web.archive.org/web/20231129135553/https://blogs.windows.com/windows-insider/2018/07/31/announcing-windows-server-2019-insider-preview-build-17723/ "Announcing Windows Server 2019 Insider Preview Build 17723 | Windows Insider Blog | blogs.windows.com"
[5]: https://github.com/undergroundwires/privacy.sexy/issues/272 "[BUG]: Windows automatically re-enables Update after 4-5 days · Issue #272 · undergroundwires/privacy.sexy | github.com/undergroundwires"
[6]: https://web.archive.org/web/20231129135227/https://www.tenforums.com/windows-updates-activation/104945-stop-windows-10-updates-properly-completely-25.html "Stop Windows 10 Updates Properly and Completely Solved - Page 25 - Windows 10 Forums | www.tenforums.com"
call:
-
function: SoftDeleteFiles
parameters:
fileGlob: '%SYSTEMROOT%\System32\upfc.exe'
grantPermissions: true # 🔒️ Protected on Windows 10 since 22H2 | 🔒️ Protected on Windows 11 since 23H2
beforeIteration: |- # Skip Windows versions older than Windows 10 22H2 (build number 19045) to avoid reported blue screen issues.
$osVersion = [System.Environment]::OSVersion.Version
function Test-IsBeforeWin10Version22H2 { ($osVersion.Major -lt 10) -or (($osVersion.Major -eq 10) -and ($osVersion.Build -lt 19045)) }
if (Test-IsBeforeWin10Version22H2) {
Write-Warning 'Skipping the removal of upfc.exe on systems older Windows versions to prevent possible system crashes or errors.'
exit 0
}
-
function: TerminateExecutableOnLaunch
parameters:
executableNameWithExtension: upfc.exe
- -
category: Disable Windows update scheduled tasks category: Disable Windows update scheduled tasks
docs: |- docs: |-
@@ -12358,9 +12487,11 @@ functions:
# 3. (with `grantPermissions`:) Remove elevated script privileges. # 3. (with `grantPermissions`:) Remove elevated script privileges.
parameters: parameters:
- name: fileGlob - name: fileGlob
- name: grantPermissions - name: grantPermissions # Grants permission on the files found, and restores original permissions after modification.
optional: true optional: true
- name: recurse - name: recurse # If set, deletes all files in all directories recursively.
optional: true
- name: beforeIteration # (Iteration callback) Code to run before iteration.
optional: true optional: true
call: call:
- -
@@ -12390,6 +12521,9 @@ functions:
# } # }
# ``` # ```
beforeIteration: |- beforeIteration: |-
{{ with $beforeIteration }}
{{ . }}
{{ end }}
$renamedCount = 0 $renamedCount = 0
$skippedCount = 0 $skippedCount = 0
$failedCount = 0 $failedCount = 0
@@ -12874,7 +13008,7 @@ functions:
} else { } else {
try { try {
Set-ItemProperty $registryKey -Name Start -Value $defaultStartupRegValue -Force Set-ItemProperty $registryKey -Name Start -Value $defaultStartupRegValue -Force
Write-Host "Enabled `"$serviceName`" successfully with `"$defaultStartupMode`" start, may require restarting your computer." Write-Host "Enabled `"$serviceName`" successfully with `"$defaultStartupMode`" start, this may require restarting your computer."
} catch { } catch {
Write-Error "Could not enable `"$serviceName`": $_" Write-Error "Could not enable `"$serviceName`": $_"
Exit 1 Exit 1
@@ -13031,100 +13165,106 @@ functions:
- name: serviceName - name: serviceName
- name: defaultStartupMode # Allowed values: Automatic | Manual - name: defaultStartupMode # Allowed values: Automatic | Manual
call: call:
function: RunPowerShell -
# Careful with Set-Service cmdlet: function: Comment
# 1. It exits with positive code even if service is disabled parameters:
# 2. It had breaking API change for `-StartupMode` parameter: codeComment: "Disable service(s): `{{ $serviceName }}`"
# Powershell >= 6.0 : Automatic, AutomaticDelayedStart, Disabled, InvalidValue, Manual revertCodeComment: "Restore service(s) to default state: `{{ $serviceName }}`"
# PowerShell <= 5 : Boot, System, Automatic, Manual, Disabled -
# So "Disabled", "Automatic" and "Manual" are only consistent ones. function: RunPowerShell
# Read more: # Careful with Set-Service cmdlet:
# https://github.com/PowerShell/PowerShell/blob/v7.2.0/src/Microsoft.PowerShell.Commands.Management/commands/management/Service.cs#L2966-L2978 # 1. It exits with positive code even if service is disabled
# https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/set-service?view=powershell-7.1 # 2. It had breaking API change for `-StartupMode` parameter:
parameters: # Powershell >= 6.0 : Automatic, AutomaticDelayedStart, Disabled, InvalidValue, Manual
code: |- # PowerShell <= 5 : Boot, System, Automatic, Manual, Disabled
$serviceName = '{{ $serviceName }}' # So "Disabled", "Automatic" and "Manual" are only consistent ones.
Write-Host "Disabling service: `"$serviceName`"." # Read more:
# -- 1. Skip if service does not exist # https://github.com/PowerShell/PowerShell/blob/v7.2.0/src/Microsoft.PowerShell.Commands.Management/commands/management/Service.cs#L2966-L2978
$service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue # https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/set-service?view=powershell-7.1
if(!$service) { parameters:
Write-Host "Service `"$serviceName`" could not be not found, no need to disable it." code: |-
Exit 0 $serviceName = '{{ $serviceName }}'
} Write-Host "Disabling service: `"$serviceName`"."
# -- 2. Stop if running # -- 1. Skip if service does not exist
if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue
Write-Host "`"$serviceName`" is running, stopping it." if(!$service) {
try { Write-Host "Service `"$serviceName`" could not be not found, no need to disable it."
Stop-Service -Name "$serviceName" -Force -ErrorAction Stop Exit 0
Write-Host "Stopped `"$serviceName`" successfully."
} catch {
Write-Warning "Could not stop `"$serviceName`", it will be stopped after reboot: $_"
} }
} else { # -- 2. Stop if running
Write-Host "`"$serviceName`" is not running, no need to stop." if ($service.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) {
} Write-Host "`"$serviceName`" is running, stopping it."
# -- 3. Skip if already disabled
$startupType = $service.StartType # Does not work before .NET 4.6.1
if(!$startupType) {
$startupType = (Get-WmiObject -Query "Select StartMode From Win32_Service Where Name='$serviceName'" -ErrorAction Ignore).StartMode
if(!$startupType) {
$startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "Name='$serviceName'" -ErrorAction Ignore).StartMode
}
}
if($startupType -eq 'Disabled') {
Write-Host "$serviceName is already disabled, no further action is needed"
}
# -- 4. Disable service
try {
Set-Service -Name "$serviceName" -StartupType Disabled -Confirm:$false -ErrorAction Stop
Write-Host "Disabled `"$serviceName`" successfully."
} catch {
Write-Error "Could not disable `"$serviceName`": $_"
}
revertCode: |-
$serviceName = '{{ $serviceName }}'
$defaultStartupMode = '{{ $defaultStartupMode }}'
Write-Host "Enabling service: `"$serviceName`" with `"$defaultStartupMode`" start."
# -- 1. Skip if service does not exist
$service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue
if(!$service) {
Write-Warning "Service `"$serviceName`" could not be not found, cannot enable it."
Exit 1
}
# -- 2. Enable or skip if already enabled
$startupType = $service.StartType # Does not work before .NET 4.6.1
if(!$startupType) {
$startupType = (Get-WmiObject -Query "Select StartMode From Win32_Service Where Name='$serviceName'" -ErrorAction Ignore).StartMode
if(!$startupType) {
$startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "Name='$serviceName'" -ErrorAction Ignore).StartMode
}
}
if($startupType -eq "$defaultStartupMode") {
Write-Host "`"$serviceName`" is already enabled with `"$defaultStartupMode`" start, no further action is needed."
} else {
try {
Set-Service -Name "$serviceName" -StartupType "$defaultStartupMode" -Confirm:$false -ErrorAction Stop
Write-Host "Enabled `"$serviceName`" successfully with `"$defaultStartupMode`" start, may require restarting your computer."
} catch {
Write-Error "Could not enable `"$serviceName`": $_"
Exit 1
}
}
# -- 4. Start if not running (must be enabled first)
if($defaultStartupMode -eq 'Automatic') {
if ($service.Status -ne [System.ServiceProcess.ServiceControllerStatus]::Running) {
Write-Host "`"$serviceName`" is not running, starting it."
try { try {
Start-Service $serviceName -ErrorAction Stop Stop-Service -Name "$serviceName" -Force -ErrorAction Stop
Write-Host "Started `"$serviceName`" successfully." Write-Host "Stopped `"$serviceName`" successfully."
} catch { } catch {
Write-Warning "Could not start `"$serviceName`", requires restart, it will be started after reboot.`r`n$_" Write-Warning "Could not stop `"$serviceName`", it will be stopped after reboot: $_"
} }
} else { } else {
Write-Host "`"$serviceName`" is already running, no need to start." Write-Host "`"$serviceName`" is not running, no need to stop."
}
# -- 3. Skip if already disabled
$startupType = $service.StartType # Does not work before .NET 4.6.1
if(!$startupType) {
$startupType = (Get-WmiObject -Query "Select StartMode From Win32_Service Where Name='$serviceName'" -ErrorAction Ignore).StartMode
if(!$startupType) {
$startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "Name='$serviceName'" -ErrorAction Ignore).StartMode
}
}
if($startupType -eq 'Disabled') {
Write-Host "$serviceName is already disabled, no further action is needed"
}
# -- 4. Disable service
try {
Set-Service -Name "$serviceName" -StartupType Disabled -Confirm:$false -ErrorAction Stop
Write-Host "Disabled `"$serviceName`" successfully."
} catch {
Write-Error "Could not disable `"$serviceName`": $_"
}
revertCode: |-
$serviceName = '{{ $serviceName }}'
$defaultStartupMode = '{{ $defaultStartupMode }}'
Write-Host "Enabling service: `"$serviceName`" with `"$defaultStartupMode`" start."
# -- 1. Skip if service does not exist
$service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue
if(!$service) {
Write-Warning "Service `"$serviceName`" could not be not found, cannot enable it."
Exit 1
}
# -- 2. Enable or skip if already enabled
$startupType = $service.StartType # Does not work before .NET 4.6.1
if(!$startupType) {
$startupType = (Get-WmiObject -Query "Select StartMode From Win32_Service Where Name='$serviceName'" -ErrorAction Ignore).StartMode
if(!$startupType) {
$startupType = (Get-WmiObject -Class Win32_Service -Property StartMode -Filter "Name='$serviceName'" -ErrorAction Ignore).StartMode
}
}
if($startupType -eq "$defaultStartupMode") {
Write-Host "`"$serviceName`" is already enabled with `"$defaultStartupMode`" start, no further action is needed."
} else {
try {
Set-Service -Name "$serviceName" -StartupType "$defaultStartupMode" -Confirm:$false -ErrorAction Stop
Write-Host "Enabled `"$serviceName`" successfully with `"$defaultStartupMode`" start, this may require restarting your computer."
} catch {
Write-Error "Could not enable `"$serviceName`": $_"
Exit 1
}
}
# -- 4. Start if not running (must be enabled first)
if($defaultStartupMode -eq 'Automatic') {
if ($service.Status -ne [System.ServiceProcess.ServiceControllerStatus]::Running) {
Write-Host "`"$serviceName`" is not running, starting it."
try {
Start-Service $serviceName -ErrorAction Stop
Write-Host "Started `"$serviceName`" successfully."
} catch {
Write-Warning "Could not start `"$serviceName`", requires restart, it will be started after reboot.`r`n$_"
}
} else {
Write-Host "`"$serviceName`" is already running, no need to start."
}
} }
}
- -
name: ShowWarning name: ShowWarning
parameters: parameters:
@@ -13719,7 +13859,7 @@ functions:
# Use `DeleteDirectory` or `ClearDirectoryContents` to delete directories. # Use `DeleteDirectory` or `ClearDirectoryContents` to delete directories.
parameters: parameters:
- name: fileGlob # File glob pattern to delete. - name: fileGlob # File glob pattern to delete.
- name: grantPermissions # Grants permission on the files found to be able to delete them. - name: grantPermissions # Grants permission on the files found, and restores original permissions after modification.
optional: true optional: true
call: call:
- -