Windows Vista services that can be disabled

One of the most effective ways to secure a Windows workstation is to turn off unnecessary services.
specifies whether you can safely disable the service, and outlines the ramifications of disabling it. Th
listed here won't be available in other versions of Vista) in a corporate network environment and tha
possibilities for safely disabling each service:

• Yes = You can disable the service without causing any problems.
• Maybe = The computer's role dictates whether you should or should not disable the service -- read
• No = The service is critical to proper Windows operation and should not be disabled.

Name Short Name Executable Name

Application Experience AeLookupSvc svchost.exe

Application AppInfo svchost.exe

Information

Application Layer
ALG alg.exe
Gateway Service

Application
Management AppMgmt svchost.exe

Background Intelligent
BITS svchost.exe
Transfer Service

Base Filtering Engine BFE svchost.exe

Block Level Backup

wbengine wbengine.exe
Engine Service

Certificate Propagation CertPropSvc svchost.exe

CNG Key Isolation KeyIso lsass.exe

COM+ Event System EventSystem svchost.exe

COM+ System
COMSysApp dllhost.exe
Application

Computer Browser Browser svchost.exe

Cryptographic Services CryptAvc svchost.exe

DCOM Server Process

DcomLaunch svchost.exe
Launcher

Desktop Window
Manager Session UxSms svchost.exe
Manager

DFS Replication DFSR DFSR.exe

DHCP Client Dhcp svchost.exe

Diagnostic Policy
DPS svchost.exe
Service

Diagnostic Service Host WdiServiceHost svchost.exe

Diagnostic System Host WdiSystemHost svchost.exe

Distributed Link
TrkWks svchost.exe
Tracking Client

Distributed Transaction
MSDTC msdtc.exe
Coordinator

DNS Client Dnscache svchost.exe

Extensible
Authentication EapHost svchost.exe
Protocol

Fax Fax fxssvc.exe

Function Discovery
fdPHost svchost.exe
Provider Host

Function Discovery
Resource Publication FDResPub svchost.exe
Group Policy Client gpsvc svchost.exe

Health Key and

Certificate hkmsvc svchost.exe
Management

Human Interface
hidserv svchost.exe
Device Access

IKE and AuthIP IPsec

IKEEXT svchost.exe
Keying Modules

Interactive Services
UI0Detect UI0Detect.exe
Detection

Internet Connection
SharedAccess svchost.exe
Sharing (ICS)

IP Helper iphlpsvc svchost.exe

IPsec Policy Agent PolicyAgent svchost.exe

KtmRm for Distributed

Transaction KtmRm svchost.exe
Coordinator

Link-Layer Topology
lltdsvc svchost.exe
Discovery Mapper
Microsoft .NET
clr_optimization_v2.0.50727
Framework NGEN mscorsvw.exe
v2.0.50727_X64 _X64

Microsoft .NET
clr_optimization_v2.0.50727
Framework NGEN mscorsvw.exe
_X86
v2.0.50727_X86
Microsoft iSCSI Initiator
MSiSCSI svchost.exe
Service

Microsoft Software
swprv svchost.exe
Shadow Copy Provider

Multimedia Class
MMCSS svchost.exe
Scheduler

Net.Tcp Port Sharing

NetTcpPortSharing SMSSvcHost.exe
Service

Netlogon Netlogon lsass.exe

Network Access
Protection Agent napagent svchost.exe

Network Connections Netman svchost.exe

Network List Service netprofm svchost.exe

Network Location
NlaSvc svchost.exe
Awareness

Network Store
nsi svchost.exe
Interface Service

Offline Files CscService svchost.exe

Parental Controls WPCSvc svchost.exe

Peer Name Resolution
PNRPsvc svchost.exe
Protocol

Peer Networking
p2psvc svchost.exe
Grouping

Peer Networking
p2pimsvc svchost.exe
Identity Manager

Performance Logs &

pla svchost.exe
Alerts

Plug and Play PlugPlay svchost.exe

PnP-X IP Bus
IPBusEnum svchost.exe
Enumerator

PNRP Machine Name

Publication Service PNRPAutoReg svchost.exe

Portable Device WPDBusEnum svchost.exe

Enumerator Service

Print Spooler Spooler spoolsv.exe

Problem Reports and

Solutions Control Panel wercplsupport svchost.exe
Support

Program Compatibility
PcaSvc svchost.exe
Assistant Service

Protected Storage ProtectedStorage lsass.exe

Quality Windows Audio
QWAVE svchost.exe
Video Experience

ReadyBoost EMDMgmt svchost.exe

Remote Access Auto

RasAuto svchost.exe
Connection Manager

Remote Access
RasMan svchost.exe
Connection Manager

Remote Procedure Call

RpcSs svchost.exe
(RPC)

Remote Procedure Call

(RPC) Locator RpcLocator locator.exe

Remote Registry RemoteRegistry svchost.exe

Routing and Remote

RemoteAccess svchost.exe
Access

Secondary Logon seclogon svchost.exe

Security Accounts
SamSs lsass.exe
Manager

Security Center wscsvc svchost.exe

Server LanmanServer svchost.exe

Shell Hardware
ShellHwDetection svchost.exe
Detection
SL UI Notification
SLUINotify svchost.exe
Service

Smart Card SCardSvr svchost.exe

Smart Card Removal

SCPolicySvc svchost.exe
Policy

SNMP Trap SNMPTRAP snmptrap.exe

Software Licensing slsvc SLsvc.exe

SSDP Discovery SSDPSRV svchost.exe

Superfetch SysMain svchost.exe

System Event SENS svchost.exe

Notification Service

Tablet PC Input Service TabletInputService svchost.exe

Task Scheduler Schedule svchost.exe

TCP/IP NetBIOS Helper lmhosts svchost.exe

Telephony TapiSrv svchost.exe

Terminal Services TermService svchost.exe

Terminal Services
SessionEnv svchost.exe
Configuration

Terminal Services
UserMode Port UmRdpService svchost.exe
Redirector
Themes Themes svchost.exe

Thread Ordering Server THREADORDER svchost.exe

TPM Base Services TBS svchost.exe

UPnP Device Host upnphost svchost.exe

User Profile Service ProfSvc svchost.exe

Virtual Disk vds vds.exe

Volume Shadow Copy VSS vssvc.exe

WebClient WebClient svchost.exe

Windows Audio AudioSrv svchost.exe

Windows Audio
AudioEndpointBuilder svchost.exe
Endpoint Builder

Windows Backup SDRSVC svchost.exe

Windows CardSpace idsvc infocard.exe

Windows Color System WcsPlugInService svchost.exe

Windows Connect Now

wcncsvc svchost.exe
- Config Registrar

Windows Defender WinDefend svchost.exe

Windows Driver
Foundation - User- wudfsvc svchost.exe
mode Driver
Framework

Windows Error
WerSvc svchost.exe
Reporting Service

Windows Event
Collector Wecsvc svchost.exe

Windows Event Log Eventlog svchost.exe

Windows Firewall MpsSvc svchost.exe

Windows Image
stisvc svchost.exe
Acquisition (WIA)

Windows Installer msiserver msiexec

Windows Management
Winmgmt svchost.exe
Instrumentation

Windows Media Center

Mcx2Svc svchost.exe
Extender Service

Windows Media Center

ehRecvr ehRecvr.exe
Receiver Service
Windows Media Center
ehSched ehsched.exe
Scheduler Service

Windows Media Center

ehstart svchost.exe
Service Launcher

Windows Media Player

Network Sharing WMPNetworkSvc wmpnetwk.exe
Service
Windows Modules
TrustedInstaller TrustedInstaller.exe
Installer

Windows Presentation
Foundation Font Cache FontCache3.0.0.0 PresentationFontCache.exe
3.0.0.0

Windows Remote
Management (WS- WinRM svchost.exe
Management)

Windows Search Wsearch SearchIndexer.exe

Windows Time W32Time svchost.exe

Windows Update wuaserv.exe svchost.exe

WinHTTP Web Proxy

Auto-Discovery Service WinHttpAutoProxySvc
svchost.exe

Wired AutoConfig dot3svc svchost.exe

WLAN AutoConfig Wlansvc svchost.exe

WMI Performance
wmiApSrv WmiApSrv.exe
Adapter

Workstation LanmanWorkstation svchost.exe

Copyright ©2007 CNET Networks, Inc. All rights reserved.

For more downloads and a free TechRepublic membership, please visit http://techrepubli
es that can be disabled

ws workstation is to turn off unnecessary services. This reference sheet lists the Windows Vista services, describes each service's function,
ce, and outlines the ramifications of disabling it. The list assumes the machine is running Windows Vista Ultimate (some of the services
Vista) in a corporate network environment and that the company is not using smart cards. The list offers one of the following three

g any problems.
you should or should not disable the service -- read the special considerations for further information.
peration and should not be disabled.

Description Impact if disabled

Processes application compatibility cache requests for

applications as they are launched.

Users will be unable to launch applications with the

Facilitates the running of interactive applications with additional administrative privileges they may require
additional administrative privileges. to perform desired user tasks. These tools include
regedit.

Provides support for application-level protocol plug- Programs that rely on this service, such as MSN
ins and enables network/protocol connectivity. Messenger and Windows Messenger will not function.

Processes installation, removal, and enumeration

Users will be unable to install, remove, or enumerate
requests for Active Directory IntelliMirror group policy any IntelliMirror programs.
programs.

Any applications that depend on BITS, such as

Transfers data between clients and servers in the Windows Update or MSN Explorer, will be unable to
background. automatically download programs and other
information.

The Base Filtering Engine (BFE) is a service that Significantly reduces the security of the system. It will
manages firewall and Internet Protocol security (IPsec) also result in unpredictable behavior in IPsec
policies and implements user mode filtering. management and firewall applications.

Engine to perform block-level backup and recovery of Block-level backups will not function, but file-level
data as opposed to file-level backups. backups will still operate.

Propagates certificates from smart cards. Services that use smart cards will not operate.
The CNG key isolation service is hosted in the LSA
process. The service provides key process isolation to Services that depend on cryptographic keys, including
private keys and associated cryptographic operations
Wired and Wireless AutoConfig and Extensible
as required by the Common Criteria. The service
Authentication Protocol, will not operate.
stores and uses long-lived keys in a secure process
complying with Common Criteria requirements.

System Event Notification stops working, which means

Allows management of Component Services by that logon and logoff notifications will not take place.
providing automatic distribution of events to Other applications, such as DFS Replication and
subscribing COM components. Background Intelligent Transfer Service, will not work
correctly.

Manages the configuration and tracking of A number of other services, including RPC, will not
Component Object Model (COM)+-based
components. function.

Maintains an up-to-date list of computers on your

network and supplies the list to programs that request Your computer will be unable to locate other
it. The Computer Browser service is used by Windows-
Windows computers on the network
based computers that need to view network domains
and resources.

Provides four management services: Catalog Database

Service, which confirms the signatures of Windows
files and allows new programs to be installed;
Protected Root Service, which adds and removes
Trusted Root Certification Authority certificates from The associated management services will not function
this computer; Automatic Root Certificate Update properly.
Service, which retrieves root certificates from
Windows Update and enables scenarios such as SSL;
and Key Service, which helps enroll this computer for
certificates.

A whole lot of services will not function. DCOM Server

Provides launch functionality for DCOM services. Process Launcher's list of services that depend on it is
very long.

Provides Desktop Window Manager startup and

maintenance services. This service enables Windows Aero Glass will not work.
Vista's Aero Glass display.

Replicates files among multiple PCs keeping them in

sync. On the client, it is used to roam folders between File replication won't occur and the files on the server
PCs; on servers, it is used to provide high availability will become out of date.
and local access across a wide area network (WAN).
Allows the system to automatically obtain IP
The system will be unable to obtain an IP address,
addressing information, WINS server information, WINS information, and the like, from a DHCP server
routing information, and so forth; is required to
and will need to be configured with a static address.
update records in Dynamic DNS.

The Diagnostic Policy Service enables problem

Application installation diagnostics will no longer
detection troubleshooting and resolution for Windows
function
components during installation.

The Diagnostic Service Host service enables problem

detection troubleshooting and resolution for Windows Some system diagnostics will no longer function.
components.
Enables problem detection troubleshooting and
System diagnostics will not not function.
resolution for Windows components.

Link tracking will be unavailable. Users on other

Maintains links between NTFS files within a computer
computers won't be able to track links on this
or across computers in a network.
computer.

Coordinates transactions that span multiple resource

Distributed transactions will not occur. This can affect
managers, such as databases, message queues, and
Personal Web Server and SQL Server.
file systems.

The system will be unable to resolve a name and will

Resolves and caches DNS names, allowing the system
to communicate with canonical names rather than
strictly by IP address.
be able to communicate only via IP address. A client
may be unable to communicate with its domain
controller.

The Extensible Authentication Protocol (EAP) service

provides network authentication in such scenarios as
802.1x wired and wireless VPN and Network Access
The computer is prevented from accessing networks
Protection (NAP). EAP also provides application
that require EAP authentication, including 802.1x.
programming interfaces (APIs) that are used by
network access clients, including wireless and VPN
clients during the authentication process.

Enables you to send and receive faxes utilizing fax

resources available on this computer or on the You won't be able to send faxes from your computer.
network.

Your computer won't be able to automatically

Host process for Function Discovery providers. discover some printers and other network-based
resources.

Publishes this computer and resources attached to The computer's network resources will no longer be
this computer so they can be discovered over the published and they will not be discovered by other
network. computers on the network.

The service is responsible for applying settings
configured by administrators for the computer and
users through the Group Policy component.
Group Policy settings will not be applied and
applications and components will not be manageable
through Group Policy. Any components or applications
that depend on the Group Policy component might
not be functional.

Provides X.509 certificate and key management

services for the Network Access Protection Agent Enforcement technologies that use X.509 certificates
(NAPAgent). This service is required for IPSec, SSH, may not function properly without this service.
HTTPS, Smartcard services and more.

Enables generic input access to Human Interface

Devices (HID), which activates and maintains the use Hot buttons controlled by this service will no longer
of predefined hot buttons on keyboards, remote function.
controls, and other multimedia devices.

The IKEEXT service hosts the Internet Key Exchange

(IKE) and Authenticated Internet Protocol (AuthIP) Might result in an IPsec failure and might compromise
keying modules. These keying modules are used for the security of the system. It is strongly recommended
authentication and key exchange in Internet Protocol that you have the IKEEXT service running.
security (IPsec). Some VPN software needs this.

Enables user notification of user input for interactive

Notifications of and access to new interactive service
services, which enables access to dialogs created by
dialogs will not function.
interactive services when they appear.

Provides network address translation addressing

You will not be able to share your connection to the
name resolution and/or intrusion prevention services Internet.
for a home or small office network.
Provides automatic IPv6 connectivity over an IPv4
IPv6 services will not be available.
network.

Internet Protocol security (IPsec) supports network-

level peer authentication, data origin authentication,
data integrity, data confidentiality (encryption), and
replay protection. This service enforces IPsec policies
created through the IP Security Policies snap-in or the
command-line tool "netsh ipsec."
You may experience network connectivity issues if
your policy requires that connections use IPsec.
Remote management of Windows Firewall is not
available when this service is not running.

Coordinates transactions between Microsoft

Distributed Transaction Coordinator (MSDTC) and the If you are using DTC, you must run this service.
Kernel Transaction Manager (KTM).

Creates a Network Map consisting of PC and device

topology (connectivity) information and metadata The Network Map will not work.
describing each PC and device.
Microsoft .NET Framework - 64-bit application The system will be unable to run 64-bit .NET-based
support. applications.

Microsoft .NET Framework - 32-bit application The system will be unable to run 32-bit .NET-based
support. applications.

Manages Internet SCSI (iSCSI) sessions from this

The system will be unable to access iSCSI targets.
computer to remote iSCSI target devices.

Manages software-based volume shadow copies Software-based volume shadow copies cannot be
taken by the Volume Shadow Copy service. managed.

Enables relative prioritization of work based on

system-wide task priorities. This is intended mainly for Windows audio will not function.
multimedia applications.

Provides ability to share TCP ports over the net.tcp .NET-based applications that use net.tcp will not
protocol. This is a part of the .NET framework. function.

Maintains a secure channel between this computer

and the domain controller for authenticating users
and services.
Enables Network Access Protection (NAP)
functionality on client computers.
Users logging in from the Vista workstation may not
be able to authenticate to the domain.
Network access protection will be disabled.

Manages the network and dial-up connections for the Network configuration will not be possible; new
system, including network status notification and connections can't be created and services that need
configuration. network information may fail.

Identifies the networks to which the computer has

connected; collects and stores properties for these You will be unable to list the networks to which you
networks; and notifies applications when these are connected via the system tray icon.
properties change.

Collects and stores network configuration and location

information and notifies applications when this Services such as ICS & ICF will not function.
information changes. This service is a part of ICS.

This service delivers network notifications (e.g., Your computer will be unable to connect to a
interface addition/deleting, etc.) to user mode clients. network.

The Offline Files service performs maintenance

activities on the Offline Files cache, responds to user
logon and logoff events, implements the internals of
the public API, and dispatches interesting events to Offline files will not be available.
those interested in Offline Files activities and changes
in cache state.

This service enables Windows Parental Controls on

Parental controls will not work.
the system.
Enables Serverless Peer Name Resolution over the Some Peer to Peer and Collaborative applications such
Internet. as Windows Meetings may not function.

Some Peer to Peer and Collaborative applications such

Provides Peer Networking Grouping services.
as Windows Meetings may not function.

Some Peer to Peer and Collaborative applications such

Provides Identity service for Peer Networking.
as Windows Meetings may not function.

Collects performance data for the computer or other

computers and writes it to a log or displays it on the
screen.
Enables a computer to recognize and adapt to
hardware changes with little or no user input.
Performance information will no longer be logged or
displayed.
The system will be unstable and incapable of
detecting hardware changes.

The PnP-X bus enumerator service manages the

virtual network bus. It discovers network-connected Presence of NCD devices will not be maintained in
devices using the SSDP/WS discovery protocols and PnP. All pnpx based scenarios will stop functioning.
gives them presence in PnP.

This service publishes a machine name using the Peer

Some Peer to Peer and Collaborative applications such
Name Resolution Protocol. Configuration is managed as Windows Meetings may not function.
via the netsh context 'p2p pnrp peer.'

Enforces group policy for removable mass-storage

devices. Enables applications such as Windows Media Portable devices may not function properly or you
Player and Image Import Wizard to transfer and may have difficulty blocking access to portable
synchronize content using removable mass-storage devices.
devices.

Manages all local and network print queues and

Printing on the local machine will be unavailable.
controls all printing jobs.

Provides support for viewing sending and deletion of

The sending of error reports to Microsoft will not
system-level problem reports for the Problem Reports
function.
and Solutions control panel.

Provides support for the Program Compatibility

The Program Compatibility Assistant will not function.
Assistant.

Protects sensitive information such as private keys

from exposure except to allowed persons and Protected information will be inaccessible.
services.
Quality Windows Audio Video Experience (qWave) is a
networking platform for Audio Video (AV) streaming
applications on IP home networks. qWave enhances
AV streaming performance and reliability by ensuring Some streaming audio/video capabilities will not
network quality-of-service (QoS) for AV applications. It work.
provides mechanisms for admission control, runtime
monitoring, and enforcement application feedback
and traffic prioritization.

Provides support for improving system performance
using ReadyBoost.
Detects unsuccessful attempts to connect to a remote
network or computer and provides alternative
methods for connection.
The performance improvements provided by
ReadyBoost will not function.
Users will need to manually connect to other systems.

Manages dial-up and virtual private network (VPN)

connections from this computer to the Internet or The operating system may not function properly.
other remote networks.
Allows processes to communicate internally and
The system will not boot. Don't disable this service.
across the network with each other.

Systems that are running third-party utilities looking

Provides RPC name services similar to DNS services for for RPC information will be unable to find it. OS
IP. components do not use this service, but programs
such as Exchange do.

Remote systems will be unable to connect to the local

Provides a mechanism to remotely manage the
registry. Hfnetchk uses this mechanism. Disabling it
system registry.
can affect the patch utility's operation.

Enables multiprotocol LAN-to-LAN, LAN-to-WAN,

virtual private network (VPN), and network address Routing and Remote Access services will be
translation (NAT) routing services for clients and unavailable.
servers on this network.

Enables starting processes under alternate

Users will be unable to use the Run As feature to
credentials. If this service is stopped, this type of
elevate privileges.
logon access will be unavailable.

Stores account information for local security accounts, Services that rely on requests to the SAM database
which, when started, allows other services to access will not function properly. Group Policy objects may
the SAM. not operate properly.
Security center notifications are disabled. Security
Monitors system security settings and configurations.
services still operate.

Allows the sharing of local resources, such as files and Resources can't be shared, RPC requests will be
printers, as well as named pipe communication. denied, and named pipe communication will fail.

CD-ROMs and other devices will not automatically

Provides notifications for AutoPlay hardware events.
function.
Provides Software Licensing activation and Once Vista is activated, this service isn’t always
notification. needed.

Manages access to smart cards read by this computer. This computer will be unable to read smart cards.

Allows the system to be configured to lock the user

This computer may be unable to read smart cards.
desktop upon smart card removal.

Receives trap messages generated by local or remote

Simple Network Management Protocol (SNMP) agents Programs on the system that gather SNMP data will
and forwards the messages to SNMP management not function.
programs running on this computer.

Enables the download installation and enforcement of If the service is disabled, the operating system and
digital licenses for Windows and Windows licensed applications may run in a reduced function
applications. mode.

Used to locate UPnP devices on your home network.

Used in conjunction with Universal Plug and Play Your computer will be unable to located uPnP devices
Device Host, it detects and configures UPnP devices on the network.
on your home network.

Maintains and improves system performance over

SuperFetch will not run and applications will all run
time by improving the performance of foreground with similar priority.
applications over background applications.

Required to record entries in the event logs; notifies Certain notifications will no longer work. For example,
COM+ subscribers about logon and power-related synchronization won't work, as it depends on
events. connectivity information and Network
Connect/Disconnect and Logon/Logoff notifications.

Enables Tablet PC pen and ink functionality. Tablet ink functionality will not operate.

Enables a user to configure and schedule automated Tasks will not be run at their scheduled times.
tasks on this computer.

Required for software distribution in a Group Policy

(may be used to distribute patches) and provides
support for NetBIOS over TCP/IP and NetBIOS name
lookups.
NetBIOS over TCP/IP clients, including Netlogon and
Messenger, might stop responding. Disabling may also
affect the ability to share resources.

Provides Telephony API (TAPI) support for clients

The function of all dependent programs will be
using programs that control telephony devices and IP-
impaired.
based voice connections.

Allows users to connect interactively to a remote May make your computer unreliable. To prevent
computer; Remote Desktop, Fast User Switching, remote use of this computer, clear the check boxes in
Remote Assistance, and Terminal Server depend on the Remote tab of the System properties control
this service. panel item.
Terminal Services Configuration service (TSCS) is
responsible for all Terminal Services and Remote
Desktop related configuration and session You will be unable to configure terminal services on
maintenance activities that require SYSTEM context. this computer.
These include per-session temporary folders, TS
themes, and TS certificates.

Allows the redirection of Printers/Drives/Ports for RDP Some Terminal Services operations will not work,
connections. including port/drive/printer redirection.

Provides user experience theme management. Provides user experience theme management
Provides ordered execution for a group of threads Unknown, but general advice is to leave this service
within a specific period of time. enabled.

Enables access to the Trusted Platform Module (TPM),

Applications will be unable to use keys protected by
which provides hardware-based cryptographic
the TPM.
services to system components and applications.

Used in conjunction with SSDP Discovery Service, it

Your computer will be unable to located uPnP devices
detects and configures UPnP devices on your home
on the network.
network.

Users will no longer be able to successfully log on or

log off; applications may have problems getting to
Responsible for loading and unloading user profiles. users' data and components registered to receive
profile event notifications will not receive them.

Provides management services for disks volumes file

systems and hardward array objects, such as Disk management tools will not operate properly.
subsystems, luns, controllers, etc.

Manages and implements volume shadow copies used Shadow copies will be unavailable for backup and the
for backup and other purposes. backup may fail.
Enables Windows-based programs to create, access, These functions will not be available.
and modify Internet-based files.

Manages audio devices for Windows-based programs. Audio devices and effects will not function properly.

Manages audio devices for the Windows Audio

Audio devices and effects will not function properly.
service.

Provides Windows Backup and Restore capabilities. Windows Backup will not work.

Securely enables the creation, management, and

Some smartcard services will not work.
disclosure of digital identities.
The WcsPlugInService service hosts third-party
Disable this extensibility feature and the Windows
Windows Color System color device model and gamut
map model plug-in modules. These plug-in modules Color System will use its baseline model processing
rather than the vendor's desired processing. This
are vendor-specific extensions to the Windows Color
might result in inaccurate color rendering.
System baseline color device and gamut map models.

Acts as a Registrar; issues network credential to Windows Connect Now - Config Registrar will not
Enrollee. function properly.

Scans your computer for unwanted software schedule

scans and gets the latest unwanted software Your computer will not be protected against spyware.
definitions.

Manages user-mode driver host processes. Unknown, but general advice is to leave this service
enabled.

Collects, stores, and reports unexpected application Error Reporting will occur only for kernel faults and
crashed to Microsoft. some types of user mode faults.

Manages persistent subscriptions to events from

remote sources that support WS-Management
Event subscriptions cannot be created and forwarded
protocol. This includes Windows Vista event logs, events cannot be accepted.
hardware, and IPMI-enabled event sources. The
service stores forwarded events in a local Event Log.

Administrators won't be able to view logs, including

Allows event log messages to be viewed in Event log
to assist in problem resolution. the security log, increasing the difficulty of diagnosing
problems and detecting security breaches.

Helps protect your computer by preventing

Your computer will not be protected from outside
unauthorized users from gaining access to it through
threats.
the Internet or a network.

Provides image acquisition services for scanners and Programs that require images, such as Windows
cameras. Movie Maker, won't function properly.

Adds, modifies, and removes applications provided as Users can’t install programs or make use of
a Windows Installer (*.msi) package. Add/Remove programs.
Provides system management information; required
System management and performance information
to implement performance alerts using Performance
will be unavailable.
Logs and Alerts.

Allows Windows Media Center Extender devices to Other devices will not be able to connect to the
locate and connect to the computer. computer.

Windows Media Center Service for TV and FM

TV and FM reception will not work.
broadcast reception.
Starts and stops recording of TV programs within
You will be unable to record programs.
Windows Media Center.

Starts Windows Media Center Scheduler and Windows

Media Center Receiver services at startup if TV is Media center software will not launch at startup.
enabled within Windows Media Center.

Shares Windows Media Player libraries to other

networked players and media devices using Universal You will be unable to share Media Player libraries.
Plug and Play.
Enables installation, modification, and removal of Install or uninstall of Windows updates might fail for
Windows updates and optional components. this computer.

Optimizes performance of Windows Presentation

Applications that use Windows Presentation
Foundation (WPF) applications by caching commonly
Foundation will suffer degraded performance.
used font data.

Windows Remote Management (WinRM) service

implements the WS-Management protocol for remote
management. WS-Management is a standard web You will be unable to remotely manage some aspects
of this Vista computer.
services protocol used for remote software and
hardware management.

Provides content indexing and property caching for

Windows Explorer will not be able to display virtual
files, e-mail, and other content (via extensibility APIs). folder views of items and will revert to slower item-
The service responds to file and e-mail notifications to by-item searches.
index modified content.

Uses NTP to keep computers in the domain

Time synchronization won't take place.
synchronized.
Enables automatic updates to Windows Vista and
other programs. Updates are automatically Automatic updates will not take place.
downloaded and installed.

WinHTTP implements the client HTTP stack and

provides developers with a Win32 API and COM
Automation component for sending HTTP requests
and receiving responses. In addition, WinHTTP Proxy servers will not be automatically discovered.
provides support for auto-discovering a proxy
configuration via its implementation of the Web Proxy
Auto-Discovery (WPAD) protocol.

Performs IEEE 802.1X authentication on Ethernet

802.1X authentication will not work.
interfaces.
Automatically configures WiFi (802.11) network You will have to manually configure wireless
adapters. networking.
 Provides performance library information from
Windows Management Instrumentation (WMI)
WMI performance statistics will not be gathered.
providers to clients on the network. This service runs
only when Performance Data Helper is activated.

Provides network connections and communications The computer will be unable to connect to remote
Microsoft Network resources, including other
using the Microsoft Network services.
computers and network printers.

ht ©2007 CNET Networks, Inc. All rights reserved.

public membership, please visit http://techrepublic.com.com/2001-6240-0.html
 es each service's function,
e (some of the services
the following three

Default
Special notes Startup Type Log On As
Status

Started Automatic Local System

Although safe to disable, this is not recommended

since you need to boot into safe mode to enable Started Manual Local System
again.

Only enable when using the Windows firewall or

another firewall. Failure to do so can result in a Manual Local Service
significant security hole.

Keep enabled in a corporate environment. Manual Local System

Enable this service if you use Automatic Updates or

Started As Needed Local System
the Microsoft File Transfer Manager.

Many other services depend on this one, including

Internet Connection Sharing, Routing and Remote
Started Automatic Local Service
Access, IPsec Policy Agent, IKE and AuthIP IPsec Keying
Modules, and Windows Firewall.

Manual Local System

Enable only if you use smart cards. Manual Local System

 Manual Local System

Technically, disabling this service will not result in

system instability, but since keeping your system
Started Automatic Local Service
patched is critical, we do not indicate that this service
is safe to disable.

Manual Local System

Enable this service if you need to share files with other

Automatic Local System
Windows computers.

Required if you use the Automatic Updates Windows

service; also used by other Windows services, such as Started Automatic Network Service
Task Manager.

Started Automatic Local System

If you revert to something other than the new Aero

Glass interface, you can disable this service. Reverting Started
Automatic Local System
to a different interface can have positive performance
implications.

If you are not on a network, this service is safe to

Manual Local System
disable.
You can disable this service if you do not use DHCP. Started Automatic Local Service

Can go either way on this one. If disabled,

Started Automatic Local Service
troubleshooting can be a little more difficult.

Can go either way on this one. If disabled,

Manual Local Service
troubleshooting can be a little more difficult.

Can go either way on this one. If disabled,

Started Manual Local System
troubleshooting can be a little more difficult.

In previous versions of this guide, we recommended

that this service be disabled. That is no longer the
Started Automatic Local System
case since more people are accessing files on other
computers.

Most desktops run neither Personal Web Server or

Manual Network Service
SQL Server.

Stopping this service will result in the inability for the

computer to resolve names to IP addresses. Started Automatic Network Service

If you need access to an 802.1x-enabled network, do

Manual Local System
not disable this service.

Manual Network Service

Started Manual Local Service

Started Automatic Local Service

This service cannot be set to Disabled in any version of Started Automatic Local System
Windows Vista.

Manual Local System

Required for some "hot buttons" on newer keyboards.

Can be safely enabled if these buttons don't work with Manual Local System
this service disabled.

If you're using a VPN client, verify whether you need

Started Automatic Local System
this service.

Manual Local System

Disabled Local System

Most networks do not use IPv6. Started Automatic Local System

Started Automatic Network Service

Started As Needed Network Service

Manual Local Service

 Manual Local System

Manual Local System

Enable only if you use iSCSI in your environment. Manual Local System

Leave set at Manual if you intend to use Windows

Started Manual Local System
Backup.

Started Automatic Local System

Disabled Local Service

Manual Local System

Manual Network Service

Started Manual Local System

Started Automatic Local Service

Enable if this computer has Internet Connection

Sharing enabled or if you are using the Internet Started Automatic Network Service
Connection Firewall.

Started Automatic Local Service

Started Automatic Local System

If you have kids at home and want to lock things

Manual Local Service
down, keep this service enabled.
 Manual Local Service

Manual Local Service

Manual Local Service

Manual Local Service

Started Automatic Local System

If you use media center capabilities, enable this

Manual Local System
service.

Manual Local Service

Leave enabled unless you know you won't use Started Automatic Local System
portable devices.

Disable this service if you don't have a printer. Started Automatic Local System

Manual Local System

Started Automatic Local System

Manual Local System

 Manual Local Service

Started Automatic Local System

Manual Local System

This service is run on demand by the Remote Access

Started Manual Local System
Manager.

Started Automatic Network Service

Manual Network Service

Some programs require this functionality to operate. Manual Local Service

Better yet, don't install this service at all. Disabled Local System

Started Automatic Local System

If you use don't use DHCP to obtain an IP address, this

Started Automatic Local System
service can be disabled.

Started As Needed Local Service

This service must be enabled on Windows Vista

Started Automatic Local System
computers that share files or printers.

Much easier to leave this enabled, and not much of a

Started Automatic Local System
security risk.
 Manual Local Service

If you're using a smart card reader, enable this service. Manual Local Service

If you're using a smart card reader, enable this service. Manual Local System

Manual Local Service

Started Automatic Network Service

Started Manual Local Service

Started Automatic Local System

Leave enabled for laptops so that power notifications Started Automatic Local System
are passed to the user.

If you don't have a tablet PC, you don't need this

Started Automatic Local System
service.

Started Automatic Local System

For small networks, this service may be essential if

you share files with others. For larger networks with Started Automatic Local Service
central file servers, keep disabled on desktops.

Only needed for modem/fax modem use. Started Manual Network Service

Necessary if you plan to allow remote desktop. Started Automatic Network Service
Necessary if you plan to allow remote desktop. Manual Local System

Necessary if you plan to allow remote desktop. Manual Local System

Started Automatic Local System

Manual Local Service

Manual Local Service

Started Automatic Local Service

Started Automatic Local System

Manual Local System

Enable this service if you use Windows Backup on this Started Manual Local System
desktop.

Started Automatic Local Service

Even though it can be disabled, without this service, Started Automatic Local Service
you will get no sound.

Started Automatic Local System

Most organizations use other methods to back up

Manual Local System
data.

If you use smartcards, leave this service enabled. Manual Local System
 Manual Local Service

Manual Local Service

Started Automatic Local System

Manual Local System

Started Automatic Local System

Manual Network Service

Started Automatic Local Service

Started Automatic Local Service

This service is required for some scanners and

cameras. If you don't have a scanner or a camera, you Manual Local Service
can disable this service.

Manual Local System

Started Automatic Local System

Leave enabled if you use media center features of

Disabled Local Service
Vista.

Leave enabled if you use media center features of

Manual Network Service
Vista.
Leave enabled if you use media center features of
Manual Network Service
Vista.

Leave enabled if you use media center features of

As Needed Local Service
Vista.

Leave enabled if you use media center features of

Manual Network Service
Vista.

Although safe to disable, Windows updates may not

Started Manual Local System
work.

Manual Local Service

Manual Network Service

Started Automatic Local System

Started Automatic Local Service

Although safe to disable, you shouldn't. Started As Needed Local System

Started Manual Local Service

Manual Local System

Enable this service if you're using wireless networking.

Manual Local System
Disable if you're not using wireless.
 Manual Local System

Started Automatic Local Service

 Safe to
Recommendation
disable

Enabled Yes

Enabled Yes

Enabled Maybe

Enabled Yes

Enabled Yes

Enabled Yes

Disabled Yes

Disabled Yes
Enabled Yes

Enabled No

Enabled Yes

Enabled Yes

Enabled No

Enabled No

Disabled Yes

Enabled Yes
Enabled Maybe

Enabled Yes

Enabled Yes

Enabled Yes

Enabled Yes

Disabled Yes

Enabled No

Disabled Yes

Disabled Yes

Disabled Yes

Disabled Yes
Enabled No

Enabled Yes

Disabled Maybe

Disabled Yes

Enabled Yes

Disabled Yes

Disabled Yes

Enabled Yes

Enabled Yes

Disabled Yes
Enabled No

Enabled No

Disabled Yes

Disabled Yes

Enabled No

Disabled Yes

Enabled No

Disabled Yes

Enabled No

Enabled Yes

Disabled Maybe

Enabled No

Disabled Yes

Disabled Yes
Disabled Yes

Disabled Yes

Disabled Yes

Disabled Yes

Enabled No

Disabled Yes

Disabled Yes

Enabled Yes

Enabled Maybe

Disabled Yes

Enabled Yes

Enabled Yes
Disabled Yes

Enabled Yes

Enabled Yes

Enabled Maybe

Enabled No

Enabled No

Disabled Maybe

Disabled Yes

Disabled Yes

Enabled Yes

Enabled Yes

Disabled Yes

Enabled Yes
Enabled Yes

Disabled Yes

Disabled Yes

Disabled Yes

Enabled No

Disabled Yes

Enabled Yes

Disabled Yes

Disabled Yes

Disabled Yes

Disabled Yes

Disabled Yes

Disabled Yes
Disabled Yes

Disabled Yes

Disabled Yes

Enabled No

Enabled Yes

Disabled Yes

Enabled No

Enabled Yes

Disabled Yes

Disabled Yes

Enabled Yes

Enabled Yes

Disabled Yes

Disabled Yes
Enabled Yes

Enabled Yes

Enabled Yes

Enabled No

Disabled Yes

Disabled Yes

Enabled No

Enabled Yes

Enabled Yes

Enabled Yes

Enabled No

Disabled Yes

Disabled Yes
Disabled Yes

Disabled Yes

Disabled Yes

Enabled Yes

Enabled No

Enabled Yes

Enabled Yes

Enabled Yes

Enabled Yes

Disabled Yes

Disabled Yes

Disabled Maybe
Enabled Yes

Enabled Yes