We can start Terminal Services by running the command given below.

net start TermService

If the service is already running you will get the message ‘The requested service has already been started.‘
Sometimes you may get an error that the service could not be started.

C:\>net start termservice
The Terminal Services service is starting.
The Terminal Services service could not be started.
The service did not report an error.
More help is available by typing NET HELPMSG 3534.

This happens when Terminal Services is disabled through registry hack. You can fix this by running the below registry change command.

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v TSEnabled /t REG_DWORD /d 1 /f

You need to reboot the computer for the changes to take effect. After reboot terminal services starts automatically or you can start the service using net start command as mentioned above.

How to stop Terminal Services?

Terminal Services can’t be stopped like other services.  You get the below error when you attempt the same.

C:\>net stop termservice
The requested pause or stop is not valid for this service.

How to restart Terminal services?

Since Terminal Services can’t be stopped there is no straightforward way we can do this. Microsoft says this is by design. But in some cases restarting terminal services could be possible by killing the svchost process that runs the terminal services.We can use tasklist and taskkill commands for this.

First get the process id of the terminal services process

 tasklist /svc | findstr /C:TermService

Check if Terminal services is the only service running in this svchost. If the svchost is shared with other services then you can stop reading further. Restarting terminal services is not possible on your machine.

On my system I have got the following output.

C:\>tasklist /svc | findstr /C:TermService
svchost.exe                 1708 DcomLaunch, TermService
C:\>
As you can see DcomLaunch and TermServiceboth share the same svchost process. In this case I can't kill the process as it stops the other service also. (Note that DcomLaunch is an essential service on the system and killing it can even shutdown the system)
In the case of svchost not being shared with any other service you can go ahead and kill TermService process by the following command.

taskkill /F /PID  process_id

How to disable Terminal Services?

We can run the below command to disable terminal services.

sc config TermService start= disabled

How to enable Terminal Services?

sc config TermService start= auto

(or)

sc config TermService start= demand

Source: Start / Stop / Enable / Disable Terminal services from command line

Source: Help and Support

Source: How can I enable the Windows Server Task Scheduler History recording? – Stack Overflow

Starting with Windows Vista and Windows 2008, if you want to see who and when changes Windows Firewall with Advanced Security rules and other settings you must enable either the “Policy Changes” auditing category or rather the “Filtering Platform Policy Change” and “Other Policy Change Events” auditing subcategories. Afte you have enabled this auditing, system will log success and failure audits into the Security event log whenever any firewall setting changes.

you can enable the auditing with Group Policy, Local Security Policy or from command line:

auditpol /set /subcategory:”Filtering Platform Policy Change” /success:enable /failure:enable
auditpol /set /subcategory:”Other Policy Change Events” /success:enable /failure:enable

In the process of filtering Internet traffic, all firewalls have some type of logging feature that documents how the firewall handled various types of traffic. These logs can provide valuable information like source and destination IP addresses, port numbers, and protocols. You can also use the Windows Firewall log file to monitor TCP and UDP connections and packets that are blocked by the firewall.

Source: How to Track Firewall Activity with the Windows Firewall Log