How do you configure Windows to start/stop a service when opening/closing an application?

fatryan

[H]ard|Gawd
Joined
Feb 19, 2004
Messages
1,275
My company uses Palo Alto Networks Global Protect for RDC for us working at home. I've found that Global Protect will continue to run in the background after disconnecting and will restart after I force close it, neither of which I like. At present, I've set the service to manual start, but in order to start it I need to go into to task manager. Launching the app does work for opening the app, but i cannot start the service until i manually start it in task manager.

This is getting annoying, and it still doesn't prevent me from forgetting to disconnect the service. I just found it's been running for 2 days. I don't want all my internet traffic getting filtered through my company's firewall.

So i was hoping to find a way to auto-start the service when I launch the RDC app and auto-stop the service when closing the RDC app. I was looking at task scheduler, but I'm not really sure how to configure it in there. I was trying to set the RDC app as the trigger, but there are multiple RDC options to choose from. I also have no clue what to put for event ID. It looks like I would need 2 tasks, 1 to start the service and 1 to stop it, is that right? Is there a better and/or easier way to do this?
 

Farva

Shens!
Joined
Feb 3, 2004
Messages
36,024
Is this your personal device or a company device?

Have you contacted support to report the issue?
 

auntjemima

Supreme [H]ardness
Joined
Mar 1, 2014
Messages
6,135
I would make a batch file for the opening, but unsure on the closing. Probably able to be done the same way, but I don't know the commands.
 

fatryan

[H]ard|Gawd
Joined
Feb 19, 2004
Messages
1,275
Is this your personal device or a company device?

Have you contacted support to report the issue?
Jesus that was a fast reply! Lol

This is my personal device, to which i have full access.

I did not contact my IT dept. because frankly I don't think it's their concern.
 

fatryan

[H]ard|Gawd
Joined
Feb 19, 2004
Messages
1,275
I would make a batch file for the opening, but unsure on the closing. Probably able to be done the same way, but I don't know the commands.
A batch file to launch both? That could work. But the disconnect is really the critical part ha ha
 

Farva

Shens!
Joined
Feb 3, 2004
Messages
36,024
Jesus that was a fast reply! Lol

This is my personal device, to which i have full access.

I did not contact my IT dept. because frankly I don't think it's their concern.
It is their concern. Your personal device connecting to their network. Their app running on your pc. If the app shouldn't be running while it is not connected, perhaps they can configure it to do so.
 

fatryan

[H]ard|Gawd
Joined
Feb 19, 2004
Messages
1,275
It is their concern. Your personal device connecting to their network. Their app running on your pc. If the app shouldn't be running while it is not connected, perhaps they can configure it to do so.
Well they can't even figure out the simplest of issues on my machine at the office, so I'm not expecting that they can solve this issue. My company probably wants to spy on us anyway.
 

fatryan

[H]ard|Gawd
Joined
Feb 19, 2004
Messages
1,275
If this was me I would virtualize another instance of Windows on your machine and run it within the virtualized instance. My work gets no access to my personal devices, efffffff that.
Yeah i know nothing about VMs, so that's way more work than I could handle now lol
 

fatryan

[H]ard|Gawd
Joined
Feb 19, 2004
Messages
1,275
Batch file

start service
start app
stop service

exit
That would just immediately stop the service, no? The service still needs to run while I'm on RDC. I just don't want it to run when I'm not on RDC. I tried creating 2 batch files to start/stop, but i can't seem to figure out the syntax. I keep getting access denied errors. I'm basically just running the following:

net stop PanGPS.exe
pause

And:

net stop PanGPS
pause

Also tried:

sc stop PanGPS
pause

And other variations with and without file extension and path. The path is to Program Files, and the service runs at the SYSTEM level... Not sure if either of those matter. My user has read and execute privileges, so that should be sufficient, no?
 

fatryan

[H]ard|Gawd
Joined
Feb 19, 2004
Messages
1,275
Dude, virtualbox is free and stupid easy to use. I promise you'd figure it out in like 5 mins.
I have another ongoing thread discussing the use of VMs for running either FreeNAS or Unraid to handle redudancy of my Plex storage. So I've been trying to get info on exactly how it all works but so far have been reluctant to experiment given the fact that this is a workstation I use regularly.
 

ryan_975

[H]F Junkie
Joined
Feb 6, 2006
Messages
14,735
That would just immediately stop the service, no? The service still needs to run while I'm on RDC. I just don't want it to run when I'm not on RDC. I tried creating 2 batch files to start/stop, but i can't seem to figure out the syntax. I keep getting access denied errors. I'm basically just running the following:

net stop PanGPS.exe
pause

And:

net stop PanGPS
pause

Also tried:

sc stop PanGPS
pause

And other variations with and without file extension and path. The path is to Program Files, and the service runs at the SYSTEM level... Not sure if either of those matter. My user has read and execute privileges, so that should be sufficient, no?
Having the app between the start and stop commands for the service forces the batch file to wait until the app exits before moving on to the stop service command.

You have to run with admin privileges to avoid the access denied error.
 

fatryan

[H]ard|Gawd
Joined
Feb 19, 2004
Messages
1,275
Having the app between the start and stop commands for the service forces the batch file to wait until the app exits before moving on to the stop service command.

You have to run with admin privileges to avoid the access denied error.
Is that unique to services? Cause I use batch processing for some things at work, and if I do not create some kind of artificial delay like pinging a non-existent server x-amount of times it'll just open all instances of the application simultaneously.

I tried running with admin privileges, but that also did not work. What is the correct syntax for the service name? Am I supposed to include the file extension or filepath?

Edit: Nevermind, now its working. No idea what happened before. Is there a command I can add to bypass UAC?
 
Last edited:

fatryan

[H]ard|Gawd
Joined
Feb 19, 2004
Messages
1,275
Having the app between the start and stop commands for the service forces the batch file to wait until the app exits before moving on to the stop service command.

You have to run with admin privileges to avoid the access denied error.
I set the batch file up as you stated, and it does in fact execute the stop command immediately. So thats not going to work for a single batch file.
 

fatryan

[H]ard|Gawd
Joined
Feb 19, 2004
Messages
1,275
For some reason launching the service via batch file doesn't automatically connect the VPN, but doing it manually does. Ugh, this is just getting more annoying.
 

fatryan

[H]ard|Gawd
Joined
Feb 19, 2004
Messages
1,275
How are you calling the application?
Code:
@echo off
net start PanGPS
start mstsc.exe
net stop PanGPS
if ERRORLEVEL 1 goto error
echo Global Protect service started succefully
pause
exit
:error
echo There was a problem starting Global Protect service
pause
RDC opens fine

Edit: Sorry, I had removed the stop command. I just added it back in exactly how I originally had it. I had also tried both start/stop calls to PanGPS without "net", as you originally showed it.
 
Last edited:

ryan_975

[H]F Junkie
Joined
Feb 6, 2006
Messages
14,735
Code:
@echo off
net start PanGPS
start mstsc.exe
net stop PanGPS
if ERRORLEVEL 1 goto error
echo Global Protect service started succefully
pause
exit
:error
echo There was a problem starting Global Protect service
pause
RDC opens fine

Edit: Sorry, I had removed the stop command. I just added it back in exactly how I originally had it. I had also tried both start/stop calls to PanGPS without "net", as you originally showed it.
Add a /WAIT between start and mstsc
 

fatryan

[H]ard|Gawd
Joined
Feb 19, 2004
Messages
1,275
Add a /WAIT between start and mstsc
OK that seems to have worked for the stop command, but I still cannot get the client to automatically connect as it does when I manually start through task manager. This is what I'm currently working with:
Code:
@echo off
start /d "C:\Program Files\Palo Alto Networks\GlobalProtect" PanGPA.exe
net start PanGPS
start /wait mstsc.exe
net stop PanGPS
pause
 

B00nie

[H]F Junkie
Joined
Nov 1, 2012
Messages
8,332
My company uses Palo Alto Networks Global Protect for RDC for us working at home. I've found that Global Protect will continue to run in the background after disconnecting and will restart after I force close it, neither of which I like. At present, I've set the service to manual start, but in order to start it I need to go into to task manager. Launching the app does work for opening the app, but i cannot start the service until i manually start it in task manager.

This is getting annoying, and it still doesn't prevent me from forgetting to disconnect the service. I just found it's been running for 2 days. I don't want all my internet traffic getting filtered through my company's firewall.

So i was hoping to find a way to auto-start the service when I launch the RDC app and auto-stop the service when closing the RDC app. I was looking at task scheduler, but I'm not really sure how to configure it in there. I was trying to set the RDC app as the trigger, but there are multiple RDC options to choose from. I also have no clue what to put for event ID. It looks like I would need 2 tasks, 1 to start the service and 1 to stop it, is that right? Is there a better and/or easier way to do this?
Rule of thumb nr 1: You don't do private business on the computer you do your company work with. Problem solved.
 

fatryan

[H]ard|Gawd
Joined
Feb 19, 2004
Messages
1,275
Rule of thumb nr 1: You don't do private business on the computer you do your company work with. Problem solved.
Don't really have a choice with the pandemic. We're being forced into an alternating office schedule, and they don't have enough company laptops for everyone.
 

B00nie

[H]F Junkie
Joined
Nov 1, 2012
Messages
8,332
Don't really have a choice with the pandemic. We're being forced into an alternating office schedule, and they don't have enough company laptops for everyone.
Sounds like inept management in that case. Too bad you had to mess up your own gear.
 

fatryan

[H]ard|Gawd
Joined
Feb 19, 2004
Messages
1,275
Sounds like inept management in that case. Too bad you had to mess up your own gear.
Yeah, well I've got my beefs with the company, but honestly this is industry standard. I work in the transportation industry, where budgets are always super tight and clients are pretty old school. There are several mainstream software packages we use that still run on Windows command line. Even the highest end and most popular software packages are riddled with issues. Software development is at a snail's pace. There's just no money for the infrastructure and it makes scheduling difficult since we also do a lot of field work. So work-from-home is not at all common in our industry. This is my third job, and every place is the same.

I agree that we shouldn't technically be expected to use our personal devices. That's why i removed work email from my phone. They wanted to install some Microsoft suite that required drive encryption and gave them essentially unlimited control over my phone. Not gonna happen. That's also why i want this VPN service terminating the second I close the RDC. They don't need to see what I do in my free time. But the alternative is to not work at all or possibly to just come to the office every single day, but my company is exceptionally old school so I also don't want to discourage advancements in workplace technology such as this. We just got business casual dress a couple years ago for Christ's sake!
 

tporter

Weaksauce
Joined
Mar 7, 2013
Messages
79
For the stop service section of batch, I would suggest running a while loop (with a sleep time) to check the connected status of the virtual NIC the software creates. When it sees the nic disconnected (from stopping the vpn) it would stop the service.
 

fatryan

[H]ard|Gawd
Joined
Feb 19, 2004
Messages
1,275
For the stop service section of batch, I would suggest running a while loop (with a sleep time) to check the connected status of the virtual NIC the software creates. When it sees the nic disconnected (from stopping the vpn) it would stop the service.
I'm now considering setting up a VM as others have suggested. That way i don't really care if it runs or not. Or rather, i can just shut down the VM and it should shut down the service, right? It would only be for working from home, so I'd want it to be fairly lightweight.
 

Col_Temp

n00b
Joined
Jun 1, 2020
Messages
31
Don't really have a choice with the pandemic. We're being forced into an alternating office schedule, and they don't have enough company laptops for everyone.
This is fairly easily solved if your company was using one of the remote access programs. That way you use your computer from home to remote access the computer at work. Then you run your programs etc... on company hardware as if you were sitting at the desk at work and not at home.

This is so simple I'm surprised your company isn't doing it that way!
I have multiple customers using the remote management and access tool to access their PC's at work from home due to the Virus closures. It's so simple and cheap I've been throwing it in with as part of the MSP fee I charge them. I even have several accountants that work remotely on the accounting computer to do the books. Skip the mess you are having with the batch files and use an RMM solution like my customers.
 

ryan_975

[H]F Junkie
Joined
Feb 6, 2006
Messages
14,735
This is fairly easily solved if your company was using one of the remote access programs. That way you use your computer from home to remote access the computer at work. Then you run your programs etc... on company hardware as if you were sitting at the desk at work and not at home.

This is so simple I'm surprised your company isn't doing it that way!
I have multiple customers using the remote management and access tool to access their PC's at work from home due to the Virus closures. It's so simple and cheap I've been throwing it in with as part of the MSP fee I charge them. I even have several accountants that work remotely on the accounting computer to do the books. Skip the mess you are having with the batch files and use an RMM solution like my customers.
That sounds exactly like what's being done by the OP's company, but to get access to his work PC he has to get through the company's firewall using whatever VPN service they've set up. The OP doesn't want that VPN service running all the time directing his browsing habits into the hands of his employer.
 

Col_Temp

n00b
Joined
Jun 1, 2020
Messages
31
That sounds exactly like what's being done by the OP's company, but to get access to his work PC he has to get through the company's firewall using whatever VPN service they've set up. The OP doesn't want that VPN service running all the time directing his browsing habits into the hands of his employer.
Yep but the company is handling things in house. The other RMM solutions like I use work differently. You actually use the software to remote into a machine at work like using RDP except you are using remote desktop from a cloud based location instead of within the network. When he uses VPN his home desktop is now running as if its at work. I get he has issues getting the VPN to drop correctly. And he should be concerned with the company tracking his every move when not on the clock.

My point is there are solutions out there that don't cost much that take the personal computer out of the equation. When you are connected via an RMM your personal computer is only involved in handling the communications not running on the network. If the company is not going to pony up the equipment like it should then that IT department needs to fix this not the end user..
 

fatryan

[H]ard|Gawd
Joined
Feb 19, 2004
Messages
1,275
Yep but the company is handling things in house. The other RMM solutions like I use work differently. You actually use the software to remote into a machine at work like using RDP except you are using remote desktop from a cloud based location instead of within the network. When he uses VPN his home desktop is now running as if its at work. I get he has issues getting the VPN to drop correctly. And he should be concerned with the company tracking his every move when not on the clock.

My point is there are solutions out there that don't cost much that take the personal computer out of the equation. When you are connected via an RMM your personal computer is only involved in handling the communications not running on the network. If the company is not going to pony up the equipment like it should then that IT department needs to fix this not the end user..
Honestly, any discussion about what my company 'should' do it's basically pointless. As with any company, they're not going to change policy based on one person. Maybe in a small 5-10 person situation, but this is a 600+ employee engineering firm... not a chance am i convincing them to change.

To your original point, I'm not sure i understand the difference between what your suggesting and the RDC setup we're using. I'm not using my local system resources to process, say, CADD let alone any computationally intensive design software. While my workstation might handle those tasks just fine, my laptop would blow up trying to process those tasks. But my laptop works (almost) just as well as my desktop. So it must be doing all the work on the i7-7700, AMD GPU, and nvme os drive on my work machine.
 
Top