If you are a typical computer user, then the fewer services your system runs the better. The following will assist you in determining which services you can turn off in Windows XP Pro/Home, to improve performance, boot time, and to effectively increase your security level.
Every running, but unused, service on your machine may well be an unnecessary security vulnerability. If a service is not required for authorized users and system functionality, turn it off.
The following recommendations have been compiled from personal observation over the course of the last few years. The suggested settings may not be appropriate for your machine.
Before you begin, it is important to remember that if a particular service is disabled, any other service/services that explicitly depend on it will fail to start. Read the Properties information carefully and make sure you understand what the service does/does not do.
Adjusting services settings incorrectly has the potential to leave your computer in an unbootable condition. It’s important that before you begin making changes to system services, you have fully functional backups of your system/data.
If you are prepared to go ahead then open the Control Panel, Administrative Tools, Services. Right click on a service and open Properties to make changes to the startup type (first check the tab Dependencies).
Alerter (Disable) – Programs that use administrative rights will not receive them.
Application Layer Gateway Service (Enable) – If you’re reading this you’re on the Internet and you need this service to enable your firewall. You are running a firewall aren’t you? As well, this service is required for Internet Connection Sharing.
Application Management (Disable) – You won’t be able to install, use, or enumerate IntelliMirror programs.
Automatic Updates (Enable) – Automatic Updates will not function if disabled, which might put your operating system at risk. If you do turn off this service be sure to manually update at Microsoft’s Update site.
Background Intelligent Transfer Service (Enable) – Uses idle network bandwidth to transfer data between clients and servers in the background. Automatic Updates depends on this service.
ClipBook Viewer (Disable) – If the service is stopped, ClipBook Viewer will not be able to share information with remote computers.
COM+ Event System/System Application (Enable) – System Event Notification, which includes logon and logoff notifications, will not function if disabled.
Computer Browser (Enable) – Used by the system in order to view network domains and resources and locate other computers on the network. Since many of us now share files, leave this service enabled.
Cryptographic Services (Enable) – This service is used by Automatic Updates, Task Manager, and several other services.
DHCP Client (Enable) – Without this service being started your system will be unable to obtain an IP address from a DHCP server, and will have to be configured manually to a static address.
Distributed Link Tracking Client (Disable) – Link tracking on your computer will not function; users on other computers will be unable to track links on your machine.
Distributed Transaction Coordinator (Disable) – Provides support for transactions that span multiple resource managers, such as databases, message queues, and file systems. Generally not required.
DNS Client (Enable) – Resolves and caches Domain Name System (DNS) names for your computer. If this service is stopped, your computer will not be able to resolve DNS names and locate Active Directory domain controllers.
Error Reporting Service (Disable) – Reports unexpected application crashes to Microsoft.
Event Log (Enable) – With this service turned off you will be unable to view your logs; this will make it potentially more difficult to diagnose problems and to detect security breaches.
Fast User Switching Compatibility (Disable) – Fast user switching will not be available.
Help and Support (Enable) – Occasionally you may need this service, so keep it enabled.
HID Input (Enable if Required) – This service allows access to Human Interface Devices which control predefined hot buttons on newer keyboards, remote controls, and so on. If you don’t require this, you can safely turn it off.
IMAPI CD-Burning COM Service (Enable) – Most computers have at least a CD drive and if yours does, then leave this service enabled, otherwise you will be unable to record CDs.
Indexing Service (Disable) – With this service turned off, your computer will be unable to index files. On the plus side, your machine will likely boot faster with this service disabled.
Internet Connection Firewall (ICF) / Internet Connection Sharing (Disable) – Unless you have a home network set-up, there is no need to enable this service.
IPSEC Service (Disable) – TCP/IP security will be disabled on your network. This does not refer to the Internet.
Logical Disk Manager (Disable) – Unless you are adding new disks to the system, there is no need to keep this service enabled.
Logical Disk Manager Administrative (Disable) – If you have enabled Logical Disk Manager then this service must be enabled.
Machine Debug Manager (Disable) – Unless you are involved in Visual Studio debugging disable this service.
Messenger (Disable) – Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger.
Microsoft Software Shadow Copy Provider (Disable or Manual) – If you use Windows Backup set this at manual; otherwise set at disable.
NetMeeting Remote Desktop Sharing (Disable) – If you don’t use NetMeeting then disable this service.
Network Connections (Enable) – Services that need network information will not be available if this service is disabled.
Network DDE (Disable) – Dynamic Data Exchange transport and security will be unavailable.
Network Location Awareness (Enable) – Network configuration and location information is handled by this service and must be enabled if you have an Internet connection.
Net Logon (Disable) – This service supports pass-through authentication of account logon events for computers in a domain.
NetMeeting Remote Desktop Sharing (Disable) – The service enables an authorized user to access your computer remotely by using NetMeeting over a corporate intranet. Unless you specifically require this service, turn it off.
Performance Logs and Alerts (Disable) – Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. Personally, I prefer to enable this service.
Plug and Play (Enable) – You run the risk of the system becoming unstable if you disable this service.
Portable Media Serial Number (Enable) – With the proliferation of these types of devices, enable this service. If however, you do not attach such devices to your machine, you can safely disable this service.
Print Spooler (Enable) – If you disable this service you will be unable to run a printer.
Protected Storage (Enable) – Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
QoS RSVP (Disable) – Enable this service only if you use QoS programs.
Remote Access Auto Connection Manager (Enable) – Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
Remote Access Connection Manager (Enable) – This service creates a network connection.
Remote Desktop Help Session Manager (Disable) – Unless you require this function keep this service disabled.
Remote Procedure Call (Enable) – This service must be enabled or the system will not boot.
Remote Procedure Call (RPC) Locator (Enable) – Manages the RPC name service database, which is similar to DNS services for IP.
Remote Registry (Disable) – Enables remote users to modify registry settings on this computer. Be sure to disable this service unless it is absolutely required.
Removable Storage (Enable) – Manages removable media including automated removable media devices.
Secondary Logon (Disable) – Enables starting processes under alternate credentials.
Security Accounts Manager (Enable) – If you don’t use DHCP to obtain an IP address you can disable this service.
Server (Disable) – Unless you share files or local resources, be sure to disable this service.
Shell Hardware Detection (Enable) – Unless this service is enabled CD-ROMs and other devices will not function automatically.
Smart Card (Enable) – Allows your machine to read a smart card. On the other hand, if your machine does not have a reader you can disable this service.
Smart Card Helper (Enable) – Provides support for legacy (older) smart cards.
SSDP Discovery (Disable) – This service has long been recognized as a security issue and should be disabled, unless you have a home network, in which case you should enable.
System Event Notification (Disable) – Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events. If your system is on a laptop, leave this service enabled so that power notifications are available.
System Restore Service (Enable) – Without this service enable you will be unable to create a restore point, or restore your system to an earlier point.
Task Scheduler (Disable) – Keep disabled unless you run scheduled tasks.
TCP/IP NetBIOS Helper (Disable) – On desktop systems disable this service.
Telephony (Disable) – Enable this service if you have a modem/fax modem.
Telnet (Disable) – Unless you allow remote access to your programs, disable this service.
Terminal Services (Enable) – See the disable method below.
Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. Rather than disabling this service, instead clear the check boxes in the remote tab on the System Properties Control panel.
Themes (Disable) – Keep in mind, that if you disable this service you will no longer be able to manage Themes.
Uninterruptible Power Supply (Disable) – Manages an uninterruptible power supply (UPS) connected to the computer. Of course, if you have an uninterruptible power supply this must be enabled.
Universal plug and Play Device Host (Disable) – Not needed on standalone systems.
Upload Manager (Disable) – Manages synchronous and asynchronous file transfers between clients and servers on the network. If you use an FTP application enable this service.
Volume Shadow Copy (Enable) – You can disable this service if you do not use Windows Backup.
Web Client (Enable) – Enables Windows-based programs to create, access, and modify Internet-based files. If you do not require this function, then disable this service.
Windows Audio (Enable) – Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly.
Windows Image Acquisition (Enable) – Provides image acquisition services for scanners and cameras.
Windows Installer (Enable) – Installs, repairs and removes software according to instructions contained in .MSI files.
Windows Management Instrumentation (Enable) – Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly.
Windows Management Instrumentation Driver Extensions (Enable) – Provides systems management information to and from drivers.
Windows Time (Disable) – Maintains date and time synchronization on all clients and servers in the network.
Wireless Zero Configuration (Disable) – Enable if you are using a wireless network.
WMI Performance Adaptor (Enable) – Provides performance library information from WMI providers.
Workstation (Disable) – Creates and maintains client network connections using the Microsoft Network Services. If this service is disabled, these connections will be unavailable.