Batch file to disable a Windows service that can be deployed via Group Policy (GPO)

I’ve been asked several times in the past by colleagues about what I typically use to disable services on domain joined Windows desktops or servers and my response is that it depends. One of the ways through the use of importing Security Templates, which I’ve used in the past is demonstrated in this old blog post:

Creating a new security policy and applying it via GPO to disable VMware View 5.0 Thinprint’s “TP AutoConnect Service” and “TP VC Gateway Service” service
https://blog.terenceluk.com/2012/03/creating-new-security-policy-and.html

In the event that using the Security Template is not a viable option then I would use a GPO to apply a batch file as a startup script. The following is an example of the breakdown of what the batch file does to disable the TightVNC service:

  1. Check to see if the TightVNC service exists
  2. If TightVNC service exists then:
    1. Set service to disabled
    2. Gracefully stop service
    3. Taskkill the service
  3. If it doesn’t exist then do nothing

The following are the actual commands in the batch file that can be modified for any Windows service:

@echo off

REM — Set variables for service name and task manager process

SET serviceName=tvnserver

SET taskManagerProcess=tvnserver.exe

REM — Test to see if service exists in the services console

SC QUERY %serviceName% > NUL

IF ERRORLEVEL 1060 GOTO MISSING

REM — Set service to disabled, gracefully stop service and taskkill process

sc config %serviceName% start= disabled

net stop %serviceName%

taskkill /im %taskManagerProcess% /f

REM — ECHO Disabled and stopped TightVNC

GOTO END