What’s the problem?
Occasionally we will hear of a situation where PsExec is not able to properly clean itself up on target computers. Under normal circumstances when PsExec runs, it installs a service on the remote computer, temporarily, in order to run the desired application/script/command. Then when it completes the action, the service is removed. However, in some rare cases PsExec fails to function properly (there are multiple reasons why PsExec can fail), and in those cases we usually find that the target computer will be left with an orphaned service that was not successfully removed during the cleanup process.
While the default remote service name that PsExec creates/installs is titled PSEXESVC, PsExec also supports the use of a -r switch, which enables the user to specify a custom name to be used for the remote service. In BatchPatch the -r switch value is configurable under ‘Tools > Settings > Remote Execution > Use PsExec -r switch to specify remote service name‘. There is additionally a setting to ‘Append random string to remote service name for each process execution‘. In the case where you have the ‘Append random string‘ option enabled AND also are experiencing a problem where PsExec is unable to remove the service successfully from a target computer, you’ll end up with a separate orphaned service for each attempt that BatchPatch made to execute an action on that particular target computer. To avoid a continual build-up of orphaned processes, the first thing we recommend doing is disabling the ‘Append random string‘ setting, so that instead of getting a new orphaned service with each BatchPatch action attempt, instead you’ll only have a single service that gets re-used with each action/command.
Disable the ‘Append random string’ option
After you have disabled the ‘Append random string‘ setting, you’ll then want to remove any orphaned services from the affected target computer. You may have something like this showing in your Services console on the affected target computer. You can view the Services console by going typing ‘services.msc’ at the ‘Run’ command of the Start menu (‘Start > run > services.msc‘).
Standard syntax for deleting a service at the cmd prompt
The normal syntax for deleting a service that you can use at the command line (cmd prompt) is:
sc.exe delete ServiceNameGoesHere |
Syntax for viewing list of all orphaned services by name matching
However, if you have numerous orphaned services on a given machine, you might want to delete them all with a single command. The easiest way to do this is with PowerShell. For example, if you want to list out the orphaned services, you can use a wildcard search to show all services that contain ‘BatchPatchExeSvc’ in their name:
get-service '*BatchPatchExeSvc*' |
Syntax for deleting all orphaned services by name matching
You can then use the following command to delete all the services that contain the name ‘BatchPatchExeSvc’:
get-service '*BatchPatchExeSvc*' | ForEach-object{ cmd /c sc delete $_.Name} |
Now, if you want to execute this task from within BatchPatch, use a ‘Remote command (logged output)’ with the following syntax:
powershell.exe -ExecutionPolicy Bypass -command "get-service '*BatchPatchExeSvc*' | ForEach-object{ cmd /c sc delete $_.Name}" |
