Professional Documents
Culture Documents
One of the most effective ways to secure a Windows workstation is to turn off unnecessary services.
specifies whether you can safely disable the service, and outlines the ramifications of disabling it. Th
listed here won't be available in other versions of Vista) in a corporate network environment and tha
possibilities for safely disabling each service:
• Yes = You can disable the service without causing any problems.
• Maybe = The computer's role dictates whether you should or should not disable the service -- read
• No = The service is critical to proper Windows operation and should not be disabled.
Application Layer
ALG alg.exe
Gateway Service
Application
Management AppMgmt svchost.exe
Background Intelligent
BITS svchost.exe
Transfer Service
COM+ System
COMSysApp dllhost.exe
Application
Desktop Window
Manager Session UxSms svchost.exe
Manager
Diagnostic Policy
DPS svchost.exe
Service
Distributed Link
TrkWks svchost.exe
Tracking Client
Distributed Transaction
MSDTC msdtc.exe
Coordinator
Extensible
Authentication EapHost svchost.exe
Protocol
Function Discovery
fdPHost svchost.exe
Provider Host
Function Discovery
Resource Publication FDResPub svchost.exe
Group Policy Client gpsvc svchost.exe
Human Interface
hidserv svchost.exe
Device Access
Interactive Services
UI0Detect UI0Detect.exe
Detection
Internet Connection
SharedAccess svchost.exe
Sharing (ICS)
Link-Layer Topology
lltdsvc svchost.exe
Discovery Mapper
Microsoft .NET
clr_optimization_v2.0.50727
Framework NGEN mscorsvw.exe
v2.0.50727_X64 _X64
Microsoft .NET
clr_optimization_v2.0.50727
Framework NGEN mscorsvw.exe
_X86
v2.0.50727_X86
Microsoft iSCSI Initiator
MSiSCSI svchost.exe
Service
Microsoft Software
swprv svchost.exe
Shadow Copy Provider
Multimedia Class
MMCSS svchost.exe
Scheduler
Network Access
Protection Agent napagent svchost.exe
Network Location
NlaSvc svchost.exe
Awareness
Network Store
nsi svchost.exe
Interface Service
Peer Networking
p2psvc svchost.exe
Grouping
Peer Networking
p2pimsvc svchost.exe
Identity Manager
PnP-X IP Bus
IPBusEnum svchost.exe
Enumerator
Program Compatibility
PcaSvc svchost.exe
Assistant Service
Remote Access
RasMan svchost.exe
Connection Manager
Security Accounts
SamSs lsass.exe
Manager
Shell Hardware
ShellHwDetection svchost.exe
Detection
SL UI Notification
SLUINotify svchost.exe
Service
Terminal Services
UserMode Port UmRdpService svchost.exe
Redirector
Themes Themes svchost.exe
Windows Audio
AudioEndpointBuilder svchost.exe
Endpoint Builder
Windows Driver
Foundation - User- wudfsvc svchost.exe
mode Driver
Framework
Windows Error
WerSvc svchost.exe
Reporting Service
Windows Event
Collector Wecsvc svchost.exe
Windows Image
stisvc svchost.exe
Acquisition (WIA)
Windows Management
Winmgmt svchost.exe
Instrumentation
Windows Presentation
Foundation Font Cache FontCache3.0.0.0 PresentationFontCache.exe
3.0.0.0
Windows Remote
Management (WS- WinRM svchost.exe
Management)
ws workstation is to turn off unnecessary services. This reference sheet lists the Windows Vista services, describes each service's function,
ce, and outlines the ramifications of disabling it. The list assumes the machine is running Windows Vista Ultimate (some of the services
Vista) in a corporate network environment and that the company is not using smart cards. The list offers one of the following three
g any problems.
you should or should not disable the service -- read the special considerations for further information.
peration and should not be disabled.
Provides support for application-level protocol plug- Programs that rely on this service, such as MSN
ins and enables network/protocol connectivity. Messenger and Windows Messenger will not function.
The Base Filtering Engine (BFE) is a service that Significantly reduces the security of the system. It will
manages firewall and Internet Protocol security (IPsec) also result in unpredictable behavior in IPsec
policies and implements user mode filtering. management and firewall applications.
Engine to perform block-level backup and recovery of Block-level backups will not function, but file-level
data as opposed to file-level backups. backups will still operate.
Propagates certificates from smart cards. Services that use smart cards will not operate.
The CNG key isolation service is hosted in the LSA
process. The service provides key process isolation to Services that depend on cryptographic keys, including
private keys and associated cryptographic operations
Wired and Wireless AutoConfig and Extensible
as required by the Common Criteria. The service
Authentication Protocol, will not operate.
stores and uses long-lived keys in a secure process
complying with Common Criteria requirements.
Manages the configuration and tracking of A number of other services, including RPC, will not
Component Object Model (COM)+-based
components. function.
Publishes this computer and resources attached to The computer's network resources will no longer be
this computer so they can be discovered over the published and they will not be discovered by other
network. computers on the network.
Group Policy settings will not be applied and
The service is responsible for applying settings applications and components will not be manageable
configured by administrators for the computer and through Group Policy. Any components or applications
users through the Group Policy component. that depend on the Group Policy component might
not be functional.
Microsoft .NET Framework - 32-bit application The system will be unable to run 32-bit .NET-based
support. applications.
Manages software-based volume shadow copies Software-based volume shadow copies cannot be
taken by the Volume Shadow Copy service. managed.
Provides ability to share TCP ports over the net.tcp .NET-based applications that use net.tcp will not
protocol. This is a part of the .NET framework. function.
Manages the network and dial-up connections for the Network configuration will not be possible; new
system, including network status notification and connections can't be created and services that need
configuration. network information may fail.
This service delivers network notifications (e.g., Your computer will be unable to connect to a
interface addition/deleting, etc.) to user mode clients. network.
Provides support for improving system performance The performance improvements provided by
using ReadyBoost. ReadyBoost will not function.
Detects unsuccessful attempts to connect to a remote
network or computer and provides alternative Users will need to manually connect to other systems.
methods for connection.
Stores account information for local security accounts, Services that rely on requests to the SAM database
which, when started, allows other services to access will not function properly. Group Policy objects may
the SAM. not operate properly.
Security center notifications are disabled. Security
Monitors system security settings and configurations.
services still operate.
Allows the sharing of local resources, such as files and Resources can't be shared, RPC requests will be
printers, as well as named pipe communication. denied, and named pipe communication will fail.
Manages access to smart cards read by this computer. This computer will be unable to read smart cards.
Enables the download installation and enforcement of If the service is disabled, the operating system and
digital licenses for Windows and Windows licensed applications may run in a reduced function
applications. mode.
Required to record entries in the event logs; notifies Certain notifications will no longer work. For example,
COM+ subscribers about logon and power-related synchronization won't work, as it depends on
events. connectivity information and Network
Connect/Disconnect and Logon/Logoff notifications.
Enables Tablet PC pen and ink functionality. Tablet ink functionality will not operate.
Enables a user to configure and schedule automated Tasks will not be run at their scheduled times.
tasks on this computer.
Allows users to connect interactively to a remote May make your computer unreliable. To prevent
computer; Remote Desktop, Fast User Switching, remote use of this computer, clear the check boxes in
Remote Assistance, and Terminal Server depend on the Remote tab of the System properties control
this service. panel item.
Terminal Services Configuration service (TSCS) is
responsible for all Terminal Services and Remote
Desktop related configuration and session You will be unable to configure terminal services on
maintenance activities that require SYSTEM context. this computer.
These include per-session temporary folders, TS
themes, and TS certificates.
Allows the redirection of Printers/Drives/Ports for RDP Some Terminal Services operations will not work,
connections. including port/drive/printer redirection.
Provides user experience theme management. Provides user experience theme management
Provides ordered execution for a group of threads Unknown, but general advice is to leave this service
within a specific period of time. enabled.
Manages and implements volume shadow copies used Shadow copies will be unavailable for backup and the
for backup and other purposes. backup may fail.
Enables Windows-based programs to create, access, These functions will not be available.
and modify Internet-based files.
Manages audio devices for Windows-based programs. Audio devices and effects will not function properly.
Provides Windows Backup and Restore capabilities. Windows Backup will not work.
Acts as a Registrar; issues network credential to Windows Connect Now - Config Registrar will not
Enrollee. function properly.
Manages user-mode driver host processes. Unknown, but general advice is to leave this service
enabled.
Collects, stores, and reports unexpected application Error Reporting will occur only for kernel faults and
crashed to Microsoft. some types of user mode faults.
Provides image acquisition services for scanners and Programs that require images, such as Windows
cameras. Movie Maker, won't function properly.
Adds, modifies, and removes applications provided as Users can’t install programs or make use of
a Windows Installer (*.msi) package. Add/Remove programs.
Provides system management information; required
System management and performance information
to implement performance alerts using Performance
will be unavailable.
Logs and Alerts.
Allows Windows Media Center Extender devices to Other devices will not be able to connect to the
locate and connect to the computer. computer.
Provides network connections and communications The computer will be unable to connect to remote
Microsoft Network resources, including other
using the Microsoft Network services.
computers and network printers.
Default
Special notes Startup Type Log On As
Status
Enable only if you use iSCSI in your environment. Manual Local System
Leave enabled unless you know you won't use Started Automatic Local System
portable devices.
Disable this service if you don't have a printer. Started Automatic Local System
Better yet, don't install this service at all. Disabled Local System
If you're using a smart card reader, enable this service. Manual Local Service
If you're using a smart card reader, enable this service. Manual Local System
Leave enabled for laptops so that power notifications Started Automatic Local System
are passed to the user.
Only needed for modem/fax modem use. Started Manual Network Service
Necessary if you plan to allow remote desktop. Started Automatic Network Service
Necessary if you plan to allow remote desktop. Manual Local System
Enable this service if you use Windows Backup on this Started Manual Local System
desktop.
Even though it can be disabled, without this service, Started Automatic Local Service
you will get no sound.
If you use smartcards, leave this service enabled. Manual Local System
Manual Local Service
Enabled Yes
Enabled Yes
Enabled Maybe
Enabled Yes
Enabled Yes
Enabled Yes
Disabled Yes
Disabled Yes
Enabled Yes
Enabled No
Enabled Yes
Enabled Yes
Enabled No
Enabled No
Disabled Yes
Enabled Yes
Enabled Maybe
Enabled Yes
Enabled Yes
Enabled Yes
Enabled Yes
Disabled Yes
Enabled No
Disabled Yes
Disabled Yes
Disabled Yes
Disabled Yes
Enabled No
Enabled Yes
Disabled Maybe
Disabled Yes
Enabled Yes
Disabled Yes
Disabled Yes
Enabled Yes
Enabled Yes
Disabled Yes
Enabled No
Enabled No
Disabled Yes
Disabled Yes
Enabled No
Disabled Yes
Enabled No
Disabled Yes
Enabled No
Enabled Yes
Disabled Maybe
Enabled No
Disabled Yes
Disabled Yes
Disabled Yes
Disabled Yes
Disabled Yes
Disabled Yes
Enabled No
Disabled Yes
Disabled Yes
Enabled Yes
Enabled Maybe
Disabled Yes
Enabled Yes
Enabled Yes
Disabled Yes
Enabled Yes
Enabled Yes
Enabled Maybe
Enabled No
Enabled No
Disabled Maybe
Disabled Yes
Disabled Yes
Enabled Yes
Enabled Yes
Disabled Yes
Enabled Yes
Enabled Yes
Disabled Yes
Disabled Yes
Disabled Yes
Enabled No
Disabled Yes
Enabled Yes
Disabled Yes
Disabled Yes
Disabled Yes
Disabled Yes
Disabled Yes
Disabled Yes
Disabled Yes
Disabled Yes
Disabled Yes
Enabled No
Enabled Yes
Disabled Yes
Enabled No
Enabled Yes
Disabled Yes
Disabled Yes
Enabled Yes
Enabled Yes
Disabled Yes
Disabled Yes
Enabled Yes
Enabled Yes
Enabled Yes
Enabled No
Disabled Yes
Disabled Yes
Enabled No
Enabled Yes
Enabled Yes
Enabled Yes
Enabled No
Disabled Yes
Disabled Yes
Disabled Yes
Disabled Yes
Disabled Yes
Enabled Yes
Enabled No
Enabled Yes
Enabled Yes
Enabled Yes
Enabled Yes
Disabled Yes
Disabled Yes
Disabled Maybe
Enabled Yes
Enabled Yes