Governing Windows into Submission: Part Two
Services
Windows services can be a long discussion given the variety of Windows users out there with an endless amount of hardware and software configurations. Trial and error is the key here. Although, I will explicitly describe which services cannot be disabled or risk the stability of the entire system.
The services in this article are mainly discussed for Windows XP Professional Service Pack 3. This will allow coverage for all the services featured in both Windows XP Home and Professional. I use Windows XP Professional Service Pack 3 and I only have 24 services set to automatic. Most of those are not Windows related. Several are LogMeIn, HP printer, FileZilla server, and security software.
Please keep in mind that every PC has different needs. I claim no responsibility in the consequences of this article to readers.
.NET Runtime Optimization Service a.k.a. "mscorsvw.exe": Not essential and can become a really bloated process running in the background. I've had this disabled for months and have experienced no issues. Though, the .NET Framework is very important to many applications, this service can be disabled without much worry.
Alerter: Casual users who just need to check their email every so often will not need this process. Only if you're part of a network that relies on administrative alerts should you worry about consequences from disabling.
Apple Mobile Service: Do you have an iPhone or iPod Touch? No? Disable this service installed with the latest iTunes version.
Application Layer Gateway Service: Default manual. Keep it that way. Support for third party plug-ins for ICS and Windows Firewall.
Application Management: This should be defaulted as manual. Leave it be. This is to uninstall/install software.
ASP.NET State Service: If you are not using ASP.NET, set this to disabled. If you're not sure you're using ASP.NET, then disable this service.
Automatic Updates: A real pain for everyone. Not only will your system reboot without your permission after a couple updates, it can be a hog depending on what updates are available and your update settings. Though, you have many choices when it comes to automatic updates in the Control Panel - Automatic Updates applet. I have the actual service set as disabled and check the Windows Update website frequently. The website allows you to gather up a few of those important optional updates as well.
Background Intelligent Transfer Service: More trouble than what's advertised. I've never found this service handy and I also have Automatic Updates disabled. Depending on your internet setup, it's risky as a climbing process can eat your bandwidth. Highly recommend to keep this disabled if you're not relying on AU.
Bonjour Service: I thought Computer Browser was the only service that updated devices on the network. Was I wrong? Bonjour describes itself as such in the description, but is misleading. Installs with a heap of Apple and Adobe software. The Bonjour Service is a pretty big security threat by leaving a port open and vulnerable. I recommend disabling. Uninstall completely if necessary.
ClipBook: Allows the clipboard to be accessed remotely. Disable this service. Easily enabled if needed, but those times are rare.
COM+ Event System: You will be bombarded with warnings after disabling this service. It's support that no one really uses. Leave it at manual.
COM+ System Application: Same as above. Leave it as manual.
Computer Browser: Ah, the first service that requires a bit of explaining. This collects information on the network, such as other computers, and updates them for you. If you're on a network with other computers, it's necessary. If you're on a stand-alone PC or if it's the only one in the house, disable it. Automatic if you're on a LAN, disable otherwise.
Cryptographic Services: Annoying, very annoying. Basically, this is the culprit that tells you that a driver isn't digitally signed. If you disable it, you will be blasted with uncertified driver notifications. I recommend keeping it set to manual.
DCOM Server Process Launcher: Launches DCOM services. Do not disable this service, leave it at automatic.
DHCP Client: This is not the same as Computer Browser. It is not just for LANs. This is how your computer gets a dynamic IP address. This is important if you have DSL or a cable internet connection. Leave it automatic.
Distributed Link Tracking Client: Send notification of files moving between NTFS volumes in a network domain. If you are not part of a domain, you can safely disable this service. It also can be left manual as it's not a resource hog.
Distributed Transaction Coordinator: Serves no purpose for home users. Related to the service above. Disabled.
DNS Client: This is usually a hot service to discuss, but it doesn't depend if you're part of a domain or a single home computer setup. If you disable DNS Client, the system will not use the cache anymore to resolve DNS names. Not a big deal. If you receive any DNS related error messages, temporarily start it again. Disabled.
Error Reporting Service: That annoying pop-up window that asks for permission to send a crash report to Microsoft. No one submits crashes to Microsoft. While this service can be useful, it's really not necessary. Disabled.
Event Log: Cannot be stopped. One of the few elite services that are incredibly useful. You cannot and definitely should never attempt to mess with the Event Log service.
Extensible Authentication Protocol Service: New to Service Pack 3. This service provides wired network connectivity using EAP (Extensible Authentication Protocol). Recommended manual.
Fast User Switching Compatibility: Can be a resource hog. In a multiple user environment where you have two or three people needing to do different tasks on different user profiles, sure. Though, you will get nothing accomplished as this service will drag you all down. Disabled unless you cannot log off to let another log in.
Google Updater Service: Hands down one of the the longest descriptions for a service. If you have all those fancy Google Desktop utilities and Google Chrome browser, it might be beneficial to leave it enabled, but you can always manually check for updates often. Not necessary. Disabled.
Health Key and Certificate Management Service: New to Service Pack 3. Manages health certificates and keys (used by NAP). Sounds necessary for security related protocols. Leave set to manual.
Help and Support: Everyone knows the Microsoft help feature in Windows is useless. Recommended disabled.
Human Interface Device Access or HID Input: If you have devices with hot keys such as a fancy wireless Logitech keyboard, those buttons will cease to function if this is disabled. Even the most basic keyboards have a couple of hot keys for Windows related functions. Recommended manual.
HTTP SSL: Support for HTTPS, Secure Socket Layer, websites. Banking, Amazon, Gmail, etc. It's very necessary. I have mine set to automatic.
IMAPI CD-Burning COM: Leave as manual. No explanation required.
Indexing Service: Microsoft themselves have warned users that this service can cause some extreme disk thrashing. There is no system performance to gain by allowing this to run. Disabled.
iPod Service: Disable if you do not connect an iPod to the PC or if you don't have an iPod device.
IPSEC Services: Used with operations on a domain. I leave it at manual as it will not start if not needed.
Logical Disk Manager: Automatic. This is not optional. This is absolutely essential for your hard drive's health.
Logical Disk Manager Administrative Service: Works with the service noted above. This service only runs in bursts and then stops after finishing. Recommended manual.
Machine Debug Manager: Manages local and remote debugging for Visual Studio debuggers. Do you use Visual Studio? Leave manual. Otherwise, disable.
Messenger: Huge security threat. Anyone that gains access to your network can perform some rather wicked tasks to your system. Turn this off. This is not optional.
Messenger Sharing Folders USN Journal Reader: Allows you to use shared folders on MSN Messenger Live. If you don't share or use this program, keep it disabled.
MS Software Shadow Copy Provider: If you use the integrated Windows backup utility, leave it on manual. Disable otherwise.
Net Logon: Disable if you're not on a domain.
NetMeeting Remote Desktop Sharing: Security issue. Allows remote access to your PC with NetMeeting. Disabled.
Network Access Protection Agent: New in Service Pack 3. Leave this on manual for now.
Network Connections: Controls your ability to connect to the internet. Leave automatic.
Network DDE: If you have disabled ClipBook, disable this service. Should be disabled by default with Service Pack 3.
Network DDE DSDM: Same as above. Should be disabled by default in SP3.
Network Location Awareness (NLA): Component of ICS and ICF. Leave set to manual.
Network Provisioning Service: Manages XML configuration files on a domain basis for automatic network provisioning. Left as manual.
NMSAccessU: I put this here because of the popularity of CDBurnerXP. I set it to disabled and I've experienced no issues with CDBurnerXP.
NT LM Security Support Provider: Provides support for Telnet. Disabled.
Performance Logs and Alerts: Monitors system performance. Not necessary even to me. Disabled.
Plug and Play: Discovers devices connected to your computer automatically. Leave this automatic. Do not set to manual or disabled.
Portable Media Serial Number Service: Retrieves the serial number of any portable media player connected to this computer. Leave this as manual. Set to manual as default. I don't recommend disabling this service.
Print Spooler: If you don't print or have a printer, you will not need this service. Automatic if you do.
Process Monitor: Related to Logitech products such as webcams. I leave it manual.
Protected Storage: If you use any programs, such as Outlook Express or any other email client, leave this automatic. Otherwise, you will have to type in your password every time you fire up the program. This also goes for browser related password storage. Pretty important.
QoS RSVP: There is a false claim in regards to this service and how much bandwidth it really uses. It's supposed to give an application what it needs in terms of bandwidth, but I see no real benefits. Disabled.
Remote Access Auto Connection Manager: Allows you to connect to a remote network with a link and other connection related jobs. Left as manual.
Remote Access Connection Manager: Creates a network connection. Leave as automatic.
Remote Desktop Help Session Manager: Keep enabled only if you frequently use Remote Desktop Connections. For the average home user, this is probably never. Disabled for security purposes.
Remote Procedure Call (RPC): This is one of the most important services on your computer. Many other services depend on this one heavily. Do not stop this service and leave it automatic. Otherwise, Windows will die. I'm not kidding.
Remote Procedure Call (RPC) Locator: Manages the RPC name service database. Considering the importance of the RPC, I left the Locator as manual. Though, it has never broken anything when disabled.
Remote Registry: Remote users can access your registry. Large security risk. Disable this and make sure it is not running.
Removable Storage: Leave as manual. External hard drives and flash drives are common enough. Will start by itself when needed.
Routing and Remote Access: Not necessary on a home machine. Allows LAN and WAN dial in access to your computer. Disabled.
Secondary Logon: This service allows you to elevate permissions by running tasks as another user, such as an administrator. Leave as automatic.
Security Accounts Manager: Stores security information for local user accounts. Leave automatic.
Security Center: If you monitor your anti-virus/malware/firewall software manually or at least check it for updates, you do not need this service. It is the one that yells at you about your choice of AV software. Disabled.
Server: Finally, an incredibly important service that has a few very good options depending on your setup. First, it's necessary if you're sharing resources such as folders and/or printers. If you share nothing and you are a single PC, disable Server service. Though, if you're sharing, keep this automatic. Please note that there is one large security flaw in keeping this automatic. I went over this in Part One under "Disable Default Administrative Shares Permanently".
Shell Hardware Detection: Provides notifications for AutoPlay hardware events. Keep automatic.
Smart Card: If you have a Smart Card, keep this set to manual. Otherwise, disable.
SSDP Discovery Service: Enables discovery of UPnP devices on your home network. Not the same as Plug and Play on your computer. I keep this disabled. If for any reason you can no longer connect to a certain device on the network, set it to automatic to test if this is the cause. I have had no issues.
System Event Notification: I do not see a reason to disable this service as it will only annoy everyone when stopped. Useful to keep track of events in the Event Log. Necessary to me. Leave automatic.
System Restore Service: System Restore can be quite a resource hog and rarely used for most. Not only does this service take up a good chunk of memory, it will also reserve space on the hard drive. This reservation is entirely customizable. If you're like me and you like to install new software constantly, especially beta, you will need this service running. Rolling back to before a failed Norton installation will save you a giant headache. Note that disabling will delete all saved restore points. If you're just browsing the web every few hours and do not deal with any real system altering settings, you may safely disable this service.
Task Scheduler: If you do not schedule jobs to run, you may safely disable this service. Those with Windows Vista have Disk Defrag set to automatically run once a week. It is best to keep this enabled if you do not want to defrag manually in Vista. Also, if you do all maintenance with Windows XP manually, there is no reason to keep this started. Disabled for me.
TCP/IP NetBIOS Helper: Simple: If your network does not use NetBIOS or WINS, it can safely be disabled.
Telephony: Necessary for most DSL/cable internet connections. Also allows dial-up connectivity. Remote Access Connection Manager depends on this service. Leave automatic.
Telnet: Not available on XP Home edition. Allows remote login functions. As always with remote access, I see this as a security risk. Disabled.
Terminal Services: Windows Search 4.0 requires Terminal Services to install and function. Windows Search 4.0 is terrible. If you've disabled Fast User Switching Compatibility, you should be able to safely disable this service. Otherwise, set it to manual.
Themes: If you like Windows XP looking nice and colorful, leave this on. It allows you to customize Windows XP to your liking. If you are more concerned about performances, disable this service. I leave it disabled myself. Note that you do not lose the new XP Start Menu and functions.
Uninterruptible Power Supply: No one needs this service. I have not used a UPS that actually requires this service to run. Disabled.
Universal Plug and Play Device Host: Provides support to host Universal Plug and Play devices. Again, like the SSDP Discovery Service, disable this service to see if your network devices still function. Set it to manual if you experience issues.
Volume Shadow Copy: Same as MS Software Shadow Copy Provider. If you do not use Windows Backup utility, it is safe to disable.
WebClient: Truly services no purpose for home users as of yet. Disabled.
Windows Audio: Leave automatic. Really no reason to disable unless you never plan on hooking up speakers or if you're using a laptop in public locations. It is quite embarrassing to have certain sounds blare in a crowded area. I will leave it up to your imagination.
Windows Driver Foundation - User-mode Driver Framework: Provides better system stability. Leave set as manual.
Windows Firewall/Internet Connection Sharing (ICS): Overall, this may seem to be a complicated service. Fortunately, it's easy to understand what to do with the service. If you use a router, you may safely disable this service. If you hook up straight from your internet modem, which is all kinds of wrong, you may safely disable this service. If you experience connection issues, set it back to automatic.
Windows Image Acquisition (WIA): You can try to disable this service and test your scanner or printers functionality. If it still completes the job after disabling, you should have no reason to set it back to manual.
Windows Installer: Leave set as manual. It'll start up when you uninstall/install software. I do not recommend disabling this service.
Windows Management Instrumentation: Required by quite a bit. Do not disable this service. Leave as automatic. Like RPC, only disable if you want Windows to die.
Windows Management Instrumentation Driver Extensions: Provides systems management information to and from drivers. Leave as manual.
Windows Media Player Network Sharing Service: Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play. Disable if you do not share WMP libraries.
Windows Time: Why would anyone disable this service is beyond me. Synchronizes your Windows time. You have the option for time.windows.com and time.nist.gov.
Wired AutoConfig: New in Service Pack 3. This service performs IEEE 802.1X authentication on Ethernet interfaces. Most home users will be able to disable this service.
Wireless Zero Configuration: Provides automatic configuration for the 802.11 adapters. If you do not use or have a wireless card in your desktop, there is no need for this service. Obviously, no one should disable this service on a laptop.
WMI Performance Adapter: Provides performance library information from WMI HiPerf providers. Only runs with Performance Data Helper is activated. I leave it disabled.
Workstation: If you do not share resources over the network and you've disabled Alerter, Computer Browser, Messenger, Net Logon, and RPC Locater; then you can safely disable this beast. If you disable this, you might as well disable Server service as well. With these seven services disabled, it would end up being quite a boost in performance.
