'******************************************************************************* ' Script Name - QueryServiceStatus ' ' Version - 1.1 (15-sep-2003) ' ' Purpose - Determines the state of the specified NT service and raises ' the appropriate event if it's not configured to be suppressed. ' ' Events - 1000 = "The service is RUNNING" (Information) ' 1001 = "The service is STOPPED" (Warning) ' 1002 = "The service is PAUSED" (Warning) ' 1003 = "The service is potentially hung in the START PENDING status" (Error) ' 1004 = "The service is potentially hung in the STOP PENDING status" (Error) ' 1005 = "The service is potentially hung in the CONTINUE PENDING status" (Error) ' 1006 = "The service is potentially hung in the PAUSE PENDING status" (Error) ' 1007 = "The service could NOT be found as an INSTALLED service" (Error) ' 1008 = "The service has an UNKNOWN STATUS" (Error) ' 1009 = "The service could NOT be UNIQUELY IDENTIFIED (multiple instances ' with identical names found)" (Error) ' ' Parameters - IncludeComputers = List of computers that should be allowed to run the script. ' Leave blank to allow all. Seperate multiple values by ";". ' ExcludeComputers = List of computers that should NOT be allowed to run the script. ' Exclude overrule Include. Seperate multiple values by ";". ' ServiceNames = Names of the services to query for status. ' Seperate multiple values by ";". ' MaxAttempts = Maximum number of times the script will attempt to retrieve the status. ' Defaults to 3 if left blank. ' RetryInterval = Interval in seconds between each retry attempt. ' Defaults to 5 seconds if left blank. ' SuppressEvents = List of events to suppress. Seperate multiple values by ";". ' (Fx. "1000;1007;1008") ' ' Comments - ServiceNames should contain the short names of the services, NOT the display names ' (Fx. "Spooler" and NOT "Print Spooler"). ' ' ' '************************************************************************* Option Explicit ' --- Define Constants --- ' Event types Const Event_Type_Success = 0 Const Event_Type_Error = 1 Const Event_Type_Warning = 2 Const Event_Type_Info = 4 Const Event_Type_Audit_Success = 8 Const Event_Type_Audit_Failure = 16 ' Event property-IDs Const Event_Service_Running = 0 Const Event_Service_Stopped = 1 Const Event_Service_Paused = 2 Const Event_Service_Start_Pending = 3 Const Event_Service_Stop_Pending = 4 Const Event_Service_Continue_Pending = 5 Const Event_Service_Pause_Pending = 6 Const Event_Service_Not_Installed = 7 Const Event_Service_Status_Unknown = 8 Const Event_Service_Multiple_Instances = 9 ' Default values Const Default_Retry_Interval = 5 Const Default_Retry_Attempts = 3 Const Servicename_Not_Specified = "SERVICENAME NOT SPECIFIED" ' --- Define variables --- ' Integers Dim intCurrentServiceStatus, intLastServiceStatus, intCurrentAttempt, intRetryAttempts Dim intRetryInterval, intEventMsg, intEventID, intEventSeverity ' Strings Dim strComputer, strServiceNames, strServiceName, strEventMsg, strEventID, strEventType Dim strExcludeComputers, strIncludeComputers, strIncludeComputerName, strExcludeComputerName Dim strSuppressEvents, strSuppressEvent, strLocalComputerName ' Arrays Dim arrServiceNames, arrEventInfo(9), arrIncludeComputers, arrExcludeComputers, arrSuppressEvents ' Objects Dim objWMIService, objService, objParams, objUtil ' Collections Dim colServices ' Booleans Dim bolExcludeComputer, bolExecuteOnComputer, bolSuppressEvents InitVars SetEventProperties GetParameters ParseParameters CreateObjects CheckIfExecute ' Start main routine if script is allowed to run on the local agent computer If bolExecuteOnComputer = True Then ' --- Check each service in the list --- For Each strServiceName In arrServiceNames ' Reset counter variables ResetCounterVars ' Get service status intCurrentServiceStatus = GetServiceStatus(strServiceName) ' If status <> running/stopped/paused retry to see if service is trapped ' in a pending state or if status cant be read If (intCurrentServiceStatus <> Event_Service_Running) And _ (intCurrentServiceStatus <> Event_Service_Stopped) And _ (intCurrentServiceStatus <> Event_Service_Paused) Then ' Retry until max attempts is reached Do ' Increment attempt intCurrentAttempt = intCurrentAttempt + 1 ' Get service status intCurrentServiceStatus = GetServiceStatus(strServiceName) ' If service is running/stopped/paused then exit loop else check again (continue loop) If (intCurrentServiceStatus = Event_Service_Running) Or _ (intCurrentServiceStatus = Event_Service_Stopped) Or _ (intCurrentServiceStatus = Event_Service_Paused) Then Exit Do End If ' Sleep for number of seconds specified in RetryInterval ObjUtil.Sleep intRetryInterval ' Continue loop until MaxAttempts is reached Loop While intCurrentAttempt < intRetryAttempts End If ' Build event-message strEventMsg = "The NT service '" & strServiceName & "' on '" & strLocalComputerName & "'" ' Get event properties from array strEventID = arrEventInfo(intCurrentServiceStatus)(0) strEventMsg = strEventMsg & arrEventInfo(intCurrentServiceStatus)(1) strEventType = arrEventInfo(intCurrentServiceStatus)(2) ' Create and submit event If Not CheckSuppressEvent(strEventID) Then CreateSubmitEvent strEventMsg, strEventID, strEventType End If Next End If DeleteObjects ' -------------------- Functions and subs -------------------- ' Function : CheckSuppressEvent(intEventID) ' Parameters : intEventID = The eventID that should be checked for suppression ' Description : Check if a eventID should be suppressed (specified in the parameters) Function CheckSuppressEvent(intEventID) If bolSuppressEvents = True Then For Each strSuppressEvent In arrSuppressEvents If CInt(strSuppressEvent) = CInt(intEventID) Then CheckSuppressEvent = True End If Next Else CheckSuppressEvent = False End If End Function ' Function : GetServiceStatus(colServices) ' Parameters : strServiceName = Name of service to get the status of ' Description : Get the status of a service Function GetServiceStatus(strServiceName) Set colServices = objWMIService.ExecQuery ("Select * from Win32_Service Where Name='" & strServiceName & "'") Select Case colServices.Count Case 0 GetServiceStatus = Event_Service_Not_Installed Case 1 For Each objService in colServices Select Case objService.State Case "Running" GetServiceStatus = Event_Service_Running Case "Stopped" GetServiceStatus = Event_Service_Stopped Case "Paused" GetServiceStatus = Event_Service_Paused Case "Start Pending" GetServiceStatus = Event_Service_Start_Pending Case "Stop Pending" GetServiceStatus = Event_Service_Stop_Pending Case "Continue Pending" GetServiceStatus = Event_Service_Continue_Pending Case "Pause Pending" GetServiceStatus = Event_Service_Pause_Pending Case "Unknown" GetServiceStatus = Event_Service_Status_Unknown Case Else GetServiceStatus = Event_Service_Status_Unknown End Select Next Case Else GetServiceStatus = Event_Service_Multiple_Instances End Select ' Delete collection object Set colServices = Nothing End Function ' Function : GetLocalComputerName() ' Parameters : None ' Description : Gets the name of the local computer Function GetLocalComputerName() Dim objNetwork Set objNetwork = CreateObject("WScript.Network") GetLocalComputerName = objNetwork.ComputerName Set objNetwork = Nothing End Function ' Sub : CreateObjects ' Parameters : None ' Description : Creates objects used by the script Sub CreateObjects Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set objUtil = CreateObject("OpScrUtil.Utility") End Sub ' Sub : DeleteObjects ' Parameters : None ' Description : Deletes objects used by the script Sub DeleteObjects Set objWMIService = Nothing End Sub ' Sub : GetParameters ' Parameters : None ' Description : Retrieves the parameters used in the script Sub GetParameters ' Create parameter object Set objParams = ScriptContext.Parameters strServiceNames = objParams.get("ServiceNames") 'intRetryInterval = CInt(objParams.get("RetryInterval")) 'intRetryAttempts = CInt(objParams.get("MaxAttempts")) strIncludeComputers = LCase(objParams.get("IncludeComputers")) ' Always lowercase strExcludeComputers = LCase(objParams.get("ExcludeComputers")) ' Always lowercase strSuppressEvents = objParams.get("SuppressEvents") Set objParams = Nothing End Sub ' Sub : ParseParameters ' Parameters : None ' Description : Parses the parameters used in the script Sub ParseParameters ' Default to value of constant Servicename_Not_Specified if nothing is specified in the parameters (ServiceNames) If strServiceNames = "" Then strServiceNames = Servicename_Not_Specified ' Split servicenames into array arrServiceNames = Split(strServiceNames, ";") ' Set to default value if nothing is specified in the parameters (RetryInterval) If intRetryInterval = "" Then intRetryInterval = Default_Retry_Interval ' Set to default value if nothing is specified in the parameters (RetryAttempts) If intRetryAttempts = "" Then intRetryAttempts = Default_Retry_Attempts ' Set strIncludeComputer to local computername if it is not specified in the parameters ' and split names into array if multiple computernames are specified. If strIncludeComputers = "" Then strIncludeComputers = GetLocalComputerName() arrIncludeComputers = Split(strIncludeComputers, ";", -1, 1) If strSuppressEvents <> "" Then bolSuppressEvents = True arrSuppressEvents = Split(strSuppressEvents, ";", -1, 1) End If ' If any computernames are specified in the parameters to be excluded split names into array If strExcludeComputers <> "" Then bolExcludeComputer = True arrExcludeComputers = Split(strExcludeComputers, ";", -1, 1) End If End Sub ' Sub : InitVars ' Parameters : None ' Description : Inits the variables used in the script Sub InitVars ' Always query WMI on the local machine (".") strComputer = "." bolExcludeComputer = False bolExecuteOnComputer = False bolSuppressEvents = False End Sub ' Sub : ResetCounterVars ' Parameters : None ' Description : Reset the counter variables used in the script Sub ResetCounterVars intCurrentAttempt = 0 End Sub ' Sub : CreateSubmitEvent ' Parameters : None ' Description : Create and submit an event Sub CreateSubmitEvent(varEventMsg, varEventID, varEventType) Dim objNewEvent Set objNewEvent = ScriptContext.CreateEvent objNewEvent.Message = varEventMsg objNewEvent.EventNumber = varEventID objNewEvent.EventType = varEventType ScriptContext.Submit(objNewEvent) Set objNewEvent = Nothing End Sub ' Sub : CheckIfExecute ' Parameters : None ' Description : Check if the local computername matches one of those specified in ' the parameters. This prevents the script from running on other agent ' computers if otherwise is specified in the parameters. Sub CheckIfExecute ' Get local computername strLocalComputerName = LCase(GetLocalComputerName()) ' Check is the local computername is specified in the parameter IncludeComputer For Each strIncludeComputerName In arrIncludeComputers If LCase(strIncludeComputerName) = strLocalComputerName Then bolExecuteOnComputer = True Next ' Check if the local computername is specified in the parameter ExcludeComputer If bolExcludeComputer = True Then For Each strExcludeComputerName In arrExcludeComputers If LCase(strExcludeComputerName) = strLocalComputerName Then bolExecuteOnComputer = False Next End If End Sub ' Sub : SetEventProperties ' Parameters : None ' Description : Sets the properties of the events returned Sub SetEventProperties arrEventInfo(0) = Array(1000, " is RUNNING.", Event_Type_Success) arrEventInfo(1) = Array(1001, " is STOPPED.", Event_Type_Warning) arrEventInfo(2) = Array(1002, " is PAUSED.", Event_Type_Warning) arrEventInfo(3) = Array(1003, " is potentially hung in the START PENDING status.", Event_Type_Error) arrEventInfo(4) = Array(1004, " is potentially hung in the STOP PENDING status.", Event_Type_Error) arrEventInfo(5) = Array(1005, " is potentially hung in the CONTINUE PENDING status.", Event_Type_Error) arrEventInfo(6) = Array(1006, " is potentially hung in the PAUSE PENDING status.", Event_Type_Error) arrEventInfo(7) = Array(1007, " could NOT be found as an INSTALLED service.", Event_Type_Error) arrEventInfo(8) = Array(1008, " has an UNKNOWN STATUS.", Event_Type_Error) arrEventInfo(9) = Array(1009, " could NOT be UNIQUELY IDENTIFIED (multiple instances with identical names found).", Event_Type_Error) End Sub ' -------------------- END SCRIPT --------------------1