How do you configure Windows to start/stop a service when opening/closing an application?

fatryan

[H]ard|Gawd
Joined
Feb 19, 2004
Messages
1,402
My company uses Palo Alto Networks Global Protect for RDC for us working at home. I've found that Global Protect will continue to run in the background after disconnecting and will restart after I force close it, neither of which I like. At present, I've set the service to manual start, but in order to start it I need to go into to task manager. Launching the app does work for opening the app, but i cannot start the service until i manually start it in task manager.

This is getting annoying, and it still doesn't prevent me from forgetting to disconnect the service. I just found it's been running for 2 days. I don't want all my internet traffic getting filtered through my company's firewall.

So i was hoping to find a way to auto-start the service when I launch the RDC app and auto-stop the service when closing the RDC app. I was looking at task scheduler, but I'm not really sure how to configure it in there. I was trying to set the RDC app as the trigger, but there are multiple RDC options to choose from. I also have no clue what to put for event ID. It looks like I would need 2 tasks, 1 to start the service and 1 to stop it, is that right? Is there a better and/or easier way to do this?
 
Is this your personal device or a company device?

Have you contacted support to report the issue?
 
I would make a batch file for the opening, but unsure on the closing. Probably able to be done the same way, but I don't know the commands.
 
Is this your personal device or a company device?

Have you contacted support to report the issue?
Jesus that was a fast reply! Lol

This is my personal device, to which i have full access.

I did not contact my IT dept. because frankly I don't think it's their concern.
 
I would make a batch file for the opening, but unsure on the closing. Probably able to be done the same way, but I don't know the commands.
A batch file to launch both? That could work. But the disconnect is really the critical part ha ha
 
Jesus that was a fast reply! Lol

This is my personal device, to which i have full access.

I did not contact my IT dept. because frankly I don't think it's their concern.
It is their concern. Your personal device connecting to their network. Their app running on your pc. If the app shouldn't be running while it is not connected, perhaps they can configure it to do so.
 
It is their concern. Your personal device connecting to their network. Their app running on your pc. If the app shouldn't be running while it is not connected, perhaps they can configure it to do so.
Well they can't even figure out the simplest of issues on my machine at the office, so I'm not expecting that they can solve this issue. My company probably wants to spy on us anyway.
 
If this was me I would virtualize another instance of Windows on your machine and run it within the virtualized instance. My work gets no access to my personal devices, efffffff that.
Yeah i know nothing about VMs, so that's way more work than I could handle now lol
 
Batch file

start service
start app
stop service

exit
That would just immediately stop the service, no? The service still needs to run while I'm on RDC. I just don't want it to run when I'm not on RDC. I tried creating 2 batch files to start/stop, but i can't seem to figure out the syntax. I keep getting access denied errors. I'm basically just running the following:

net stop PanGPS.exe
pause

And:

net stop PanGPS
pause

Also tried:

sc stop PanGPS
pause

And other variations with and without file extension and path. The path is to Program Files, and the service runs at the SYSTEM level... Not sure if either of those matter. My user has read and execute privileges, so that should be sufficient, no?
 
Dude, virtualbox is free and stupid easy to use. I promise you'd figure it out in like 5 mins.
I have another ongoing thread discussing the use of VMs for running either FreeNAS or Unraid to handle redudancy of my Plex storage. So I've been trying to get info on exactly how it all works but so far have been reluctant to experiment given the fact that this is a workstation I use regularly.
 
That would just immediately stop the service, no? The service still needs to run while I'm on RDC. I just don't want it to run when I'm not on RDC. I tried creating 2 batch files to start/stop, but i can't seem to figure out the syntax. I keep getting access denied errors. I'm basically just running the following:

net stop PanGPS.exe
pause

And:

net stop PanGPS
pause

Also tried:

sc stop PanGPS
pause

And other variations with and without file extension and path. The path is to Program Files, and the service runs at the SYSTEM level... Not sure if either of those matter. My user has read and execute privileges, so that should be sufficient, no?
Having the app between the start and stop commands for the service forces the batch file to wait until the app exits before moving on to the stop service command.

You have to run with admin privileges to avoid the access denied error.
 
Having the app between the start and stop commands for the service forces the batch file to wait until the app exits before moving on to the stop service command.

You have to run with admin privileges to avoid the access denied error.
Is that unique to services? Cause I use batch processing for some things at work, and if I do not create some kind of artificial delay like pinging a non-existent server x-amount of times it'll just open all instances of the application simultaneously.

I tried running with admin privileges, but that also did not work. What is the correct syntax for the service name? Am I supposed to include the file extension or filepath?

Edit: Nevermind, now its working. No idea what happened before. Is there a command I can add to bypass UAC?
 
Last edited:
Having the app between the start and stop commands for the service forces the batch file to wait until the app exits before moving on to the stop service command.

You have to run with admin privileges to avoid the access denied error.
I set the batch file up as you stated, and it does in fact execute the stop command immediately. So thats not going to work for a single batch file.
 
For some reason launching the service via batch file doesn't automatically connect the VPN, but doing it manually does. Ugh, this is just getting more annoying.
 
How are you calling the application?
Code:
@echo off
net start PanGPS
start mstsc.exe
net stop PanGPS
if ERRORLEVEL 1 goto error
echo Global Protect service started succefully
pause
exit
:error
echo There was a problem starting Global Protect service
pause

RDC opens fine

Edit: Sorry, I had removed the stop command. I just added it back in exactly how I originally had it. I had also tried both start/stop calls to PanGPS without "net", as you originally showed it.
 
Last edited:
Code:
@echo off
net start PanGPS
start mstsc.exe
net stop PanGPS
if ERRORLEVEL 1 goto error
echo Global Protect service started succefully
pause
exit
:error
echo There was a problem starting Global Protect service
pause

RDC opens fine

Edit: Sorry, I had removed the stop command. I just added it back in exactly how I originally had it. I had also tried both start/stop calls to PanGPS without "net", as you originally showed it.
Add a /WAIT between start and mstsc
 
Add a /WAIT between start and mstsc
OK that seems to have worked for the stop command, but I still cannot get the client to automatically connect as it does when I manually start through task manager. This is what I'm currently working with:
Code:
@echo off
start /d "C:\Program Files\Palo Alto Networks\GlobalProtect" PanGPA.exe
net start PanGPS
start /wait mstsc.exe
net stop PanGPS
pause
 
My company uses Palo Alto Networks Global Protect for RDC for us working at home. I've found that Global Protect will continue to run in the background after disconnecting and will restart after I force close it, neither of which I like. At present, I've set the service to manual start, but in order to start it I need to go into to task manager. Launching the app does work for opening the app, but i cannot start the service until i manually start it in task manager.

This is getting annoying, and it still doesn't prevent me from forgetting to disconnect the service. I just found it's been running for 2 days. I don't want all my internet traffic getting filtered through my company's firewall.

So i was hoping to find a way to auto-start the service when I launch the RDC app and auto-stop the service when closing the RDC app. I was looking at task scheduler, but I'm not really sure how to configure it in there. I was trying to set the RDC app as the trigger, but there are multiple RDC options to choose from. I also have no clue what to put for event ID. It looks like I would need 2 tasks, 1 to start the service and 1 to stop it, is that right? Is there a better and/or easier way to do this?
Rule of thumb nr 1: You don't do private business on the computer you do your company work with. Problem solved.
 
Rule of thumb nr 1: You don't do private business on the computer you do your company work with. Problem solved.
Don't really have a choice with the pandemic. We're being forced into an alternating office schedule, and they don't have enough company laptops for everyone.
 
Don't really have a choice with the pandemic. We're being forced into an alternating office schedule, and they don't have enough company laptops for everyone.
Sounds like inept management in that case. Too bad you had to mess up your own gear.
 
Sounds like inept management in that case. Too bad you had to mess up your own gear.
Yeah, well I've got my beefs with the company, but honestly this is industry standard. I work in the transportation industry, where budgets are always super tight and clients are pretty old school. There are several mainstream software packages we use that still run on Windows command line. Even the highest end and most popular software packages are riddled with issues. Software development is at a snail's pace. There's just no money for the infrastructure and it makes scheduling difficult since we also do a lot of field work. So work-from-home is not at all common in our industry. This is my third job, and every place is the same.

I agree that we shouldn't technically be expected to use our personal devices. That's why i removed work email from my phone. They wanted to install some Microsoft suite that required drive encryption and gave them essentially unlimited control over my phone. Not gonna happen. That's also why i want this VPN service terminating the second I close the RDC. They don't need to see what I do in my free time. But the alternative is to not work at all or possibly to just come to the office every single day, but my company is exceptionally old school so I also don't want to discourage advancements in workplace technology such as this. We just got business casual dress a couple years ago for Christ's sake!
 
For the stop service section of batch, I would suggest running a while loop (with a sleep time) to check the connected status of the virtual NIC the software creates. When it sees the nic disconnected (from stopping the vpn) it would stop the service.
 
For the stop service section of batch, I would suggest running a while loop (with a sleep time) to check the connected status of the virtual NIC the software creates. When it sees the nic disconnected (from stopping the vpn) it would stop the service.
I'm now considering setting up a VM as others have suggested. That way i don't really care if it runs or not. Or rather, i can just shut down the VM and it should shut down the service, right? It would only be for working from home, so I'd want it to be fairly lightweight.
 
Don't really have a choice with the pandemic. We're being forced into an alternating office schedule, and they don't have enough company laptops for everyone.
This is fairly easily solved if your company was using one of the remote access programs. That way you use your computer from home to remote access the computer at work. Then you run your programs etc... on company hardware as if you were sitting at the desk at work and not at home.

This is so simple I'm surprised your company isn't doing it that way!
I have multiple customers using the remote management and access tool to access their PC's at work from home due to the Virus closures. It's so simple and cheap I've been throwing it in with as part of the MSP fee I charge them. I even have several accountants that work remotely on the accounting computer to do the books. Skip the mess you are having with the batch files and use an RMM solution like my customers.
 
This is fairly easily solved if your company was using one of the remote access programs. That way you use your computer from home to remote access the computer at work. Then you run your programs etc... on company hardware as if you were sitting at the desk at work and not at home.

This is so simple I'm surprised your company isn't doing it that way!
I have multiple customers using the remote management and access tool to access their PC's at work from home due to the Virus closures. It's so simple and cheap I've been throwing it in with as part of the MSP fee I charge them. I even have several accountants that work remotely on the accounting computer to do the books. Skip the mess you are having with the batch files and use an RMM solution like my customers.
That sounds exactly like what's being done by the OP's company, but to get access to his work PC he has to get through the company's firewall using whatever VPN service they've set up. The OP doesn't want that VPN service running all the time directing his browsing habits into the hands of his employer.
 
That sounds exactly like what's being done by the OP's company, but to get access to his work PC he has to get through the company's firewall using whatever VPN service they've set up. The OP doesn't want that VPN service running all the time directing his browsing habits into the hands of his employer.
Yep but the company is handling things in house. The other RMM solutions like I use work differently. You actually use the software to remote into a machine at work like using RDP except you are using remote desktop from a cloud based location instead of within the network. When he uses VPN his home desktop is now running as if its at work. I get he has issues getting the VPN to drop correctly. And he should be concerned with the company tracking his every move when not on the clock.

My point is there are solutions out there that don't cost much that take the personal computer out of the equation. When you are connected via an RMM your personal computer is only involved in handling the communications not running on the network. If the company is not going to pony up the equipment like it should then that IT department needs to fix this not the end user..
 
Yep but the company is handling things in house. The other RMM solutions like I use work differently. You actually use the software to remote into a machine at work like using RDP except you are using remote desktop from a cloud based location instead of within the network. When he uses VPN his home desktop is now running as if its at work. I get he has issues getting the VPN to drop correctly. And he should be concerned with the company tracking his every move when not on the clock.

My point is there are solutions out there that don't cost much that take the personal computer out of the equation. When you are connected via an RMM your personal computer is only involved in handling the communications not running on the network. If the company is not going to pony up the equipment like it should then that IT department needs to fix this not the end user..
Honestly, any discussion about what my company 'should' do it's basically pointless. As with any company, they're not going to change policy based on one person. Maybe in a small 5-10 person situation, but this is a 600+ employee engineering firm... not a chance am i convincing them to change.

To your original point, I'm not sure i understand the difference between what your suggesting and the RDC setup we're using. I'm not using my local system resources to process, say, CADD let alone any computationally intensive design software. While my workstation might handle those tasks just fine, my laptop would blow up trying to process those tasks. But my laptop works (almost) just as well as my desktop. So it must be doing all the work on the i7-7700, AMD GPU, and nvme os drive on my work machine.
 
Honestly, any discussion about what my company 'should' do it's basically pointless. As with any company, they're not going to change policy based on one person. Maybe in a small 5-10 person situation, but this is a 600+ employee engineering firm... not a chance am i convincing them to change.

To your original point, I'm not sure i understand the difference between what your suggesting and the RDC setup we're using. I'm not using my local system resources to process, say, CADD let alone any computationally intensive design software. While my workstation might handle those tasks just fine, my laptop would blow up trying to process those tasks. But my laptop works (almost) just as well as my desktop. So it must be doing all the work on the i7-7700, AMD GPU, and nvme os drive on my work machine.
You could sue the company for not providing you with adequate tools. No person should have to use their personal computer for work - if for anything else then security reasons.
 
You could sue the company for not providing you with adequate tools. No person should have to use their personal computer for work - if for anything else then security reasons.
But then I'd be out of a job. And like I said, this is industry standard. If I really wanted, I imagine I could force them to get me a company laptop, but that wouldn't exactly reflect positively on me to demand a laptop at this point. Plus, this is only a temporary thing anyway. If they were to continue the work from home policy indefinitely, I'd demand a company laptop. If for no other reason, because it'll run better not having to connect via RDC. But it's not worth the hassle for just a few more months of this at most.
 
Back
Top