Guide Services Disabled (v1.04)

Windows 10 Services that are Safe to Disable
Version 1.04
23 February 2017
Contents
Windows Services Explained............................................................................................................................................................ 1

What is a Windows Service?......................................................................................................................................................... 1
The Windows Services Panel....................................................................................................................................................... 1
Startup Type.................................................................................................................................................................................. 1
Disabling Windows Services............................................................................................................................................................. 2
Stop a Service........................................................................................................................................................................... 3
Start/Enable a Service............................................................................................................................................................... 3
Disable a Service....................................................................................................................................................................... 3
List of Disabled Services.................................................................................................................................................................. 3
AllJoyn Router Service.................................................................................................................................................................. 4
Application Layer Gateway Service.............................................................................................................................................. 5
Certificate Propagation.................................................................................................................................................................. 6
Computer Browser (Browser)........................................................................................................................................................ 7
Connected Device Platform Service............................................................................................................................................. 8
Connected User Experiences and Telemetry............................................................................................................................... 9
Credential Manager..................................................................................................................................................................... 10
DataCollectionPublishingService................................................................................................................................................ 11
Delivery Optimization.................................................................................................................................................................. 12
dmwappushsvc........................................................................................................................................................................... 13
Downloaded Maps Manager....................................................................................................................................................... 14
Enterprise App Management Service......................................................................................................................................... 15
Family Safety Filter Driver........................................................................................................................................................... 16
Fax.............................................................................................................................................................................................. 17
Function Discovery (2 services).................................................................................................................................................. 18
Geolocation Service.................................................................................................................................................................... 19
HomeGroup (2 services)............................................................................................................................................................. 20
Human Interface Device Service................................................................................................................................................. 21
Hyper-V (8 services)................................................................................................................................................................... 22
Intel (2 services).......................................................................................................................................................................... 24
Internet Connection Sharing (ICS).............................................................................................................................................. 25
Internet Explorer ETW Collector Service.................................................................................................................................... 26
IP Helper..................................................................................................................................................................................... 27
Link-Layer Topology Discovery Mapper...................................................................................................................................... 28
Microsoft Diagnostics Hub Standard Collector Service...............................................................................................................29
Microsoft iSCSI Initiator Service.................................................................................................................................................. 30
Microsoft Windows SMS Router Service.................................................................................................................................... 31
Netlogon...................................................................................................................................................................................... 32
Net.Tcp Port Sharing Service...................................................................................................................................................... 33
Network Connected Devices Auto-Setup.................................................................................................................................... 34
Network Connectivity Assistant................................................................................................................................................... 35
Peer Networking (3 services)...................................................................................................................................................... 36
Performance Counter DLL Host.................................................................................................................................................. 37
Performance Logs & Alerts......................................................................................................................................................... 38
PNRP Machine Name Publication Service................................................................................................................................. 39
Program Compatibility Assistant Service.................................................................................................................................... 40
Quality Windows Audio Video Experience.................................................................................................................................. 41
Remote Access (2 services)....................................................................................................................................................... 42
Remote Desktop (3 services)...................................................................................................................................................... 43
Remote Procedure Call (RPC) Locator....................................................................................................................................... 44
Remote Registry......................................................................................................................................................................... 45
Retail Demo Service................................................................................................................................................................... 46
Routing and Remote Access....................................................................................................................................................... 47
Secondary Logon........................................................................................................................................................................ 48
Sensor (3 services)..................................................................................................................................................................... 49
Server.......................................................................................................................................................................................... 50
Smart Card (3 services).............................................................................................................................................................. 51
SSDP Discovery.......................................................................................................................................................................... 52
TCP/IP NetBIOS Helper.............................................................................................................................................................. 53
Touch Keyboard and Handwriting Panel Service........................................................................................................................ 54
UPnP Device Host...................................................................................................................................................................... 55
WebClient.................................................................................................................................................................................... 56
Windows Biometric Service......................................................................................................................................................... 57
Windows Connect Now - Config Registrar.................................................................................................................................. 58
Windows Error Reporting Service............................................................................................................................................... 59
Windows Event Collector............................................................................................................................................................ 60
Windows Media Player Network Sharing Service.......................................................................................................................61
Windows Mobile Hotspot Service................................................................................................................................................ 62
Windows Remote Management (WS-Management)...................................................................................................................63
Windows Search......................................................................................................................................................................... 64
WMI Performance Adapter.......................................................................................................................................................... 65
Workstation................................................................................................................................................................................. 66
Xbox (3 services)........................................................................................................................................................................ 67
Appendix A: Internet Resources..................................................................................................................................................... 68
Appendix B: Disabled Services (1-page list)................................................................................................................................... 69
Appendix C: Change History.......................................................................................................................................................... 70
Windows Services Explained
What is a Windows Service?
Windows Services are programs that have no user interface (UI) and run silently in the background. Most services are from
Microsoft and many of these must be running for a PC to operate properly. Other services may also be running that are
installed by third parties (e.g. Intel, Adobe, etc.). Services can be configured to start when a PC boots up and run until the PC
shutdown. They can also be set to start manually or to start when “triggered” by an event.
If a PC has many services running, performance can be impacted causing lags and delays. Identifying running services that are
unnecessary and can be stopped, can quickly free up resources (e.g. CPU and memory) and increase performance. To stop a
service, Microsoft provides the Windows Services Panel.
The Windows Services Panel

The Windows Services Panel is used to manage the services installed on your computer. To access the panel, press WIN+R on
your keyboard to open the Run dialog  type services.msc.
Windows Services Panel
Startup Type
Double-clicking a service allows you to change the Startup Type (e.g.
Automatic, Manual or Disabled) and the Service Status (e.g. Start,
Stop, Pause or Resume).
1. Automatic - Starts automatically during the boot process.
2. Automatic ﴾Delayed Start﴿ - Starts automatically after the boot
process (2 minutes after the last Automatic service starts).
3. Manual - Starts on demand when explicitly requested by a user or
an application. Used when you want to start a service yourself.
4. Manual ﴾Trigger Start﴿ - Starts when a specific event occurs (e.g.
when a USB device is plugged in). Without this setting, a service
would have to be set instead to Automatic resulting in a service
running continually to allow it to periodically “wake up” and scan
the hardware for changes.
5. Disabled - Can’t be started by a user or program.
Disabling Windows Services
1
Disabling the wrong Windows’ service can potentially cripple your PC. Many of the services you’ll see listed in the Windows
Service Panel are core features required for your PC to operate properly. Unless you are confident that you know the purpose
of a service, DO NOT change its Startup Type.
Having said that, the List of Disabled Services in this guide have been safely disabled on my PC with no problems noted. My
computer is a 64-bit standalone laptop with the Windows 10 Home Anniversary Update (version 1607) installed. I have no
network connections other than a wireless connection to the Internet and file and printer sharing are turned off.
I follow a few basic rules anytime I disable a Windows service. Here they are:
6. Create a restore point before changing any service.
7. Use only the Services Manager (services.msc) to change a service. This reason for this is explained below.
8. Document every change made to include the date and a detailed description of why the change was made. If problems
arise, this detailed list of changes may help you quickly solve the problem.
9. Change only 1 or 2 services at a time and then test the change. I put my PC through its paces for at least a week
before making additional service changes.
Warning
Although services can be changed using MSConfig (msconfig.exe), do NOT use it to change service settings.
Instead, use only the Services Manager (services.msc). The reason for this is threefold:
10. MSConfig - Unchecking the box beside a service disables that service. There is no option to set a
service to Manual.
11. MSConfig - Allows you to disable services that may be vital to boot your PC while Services Manager
prevents this.
12. MSConfig - Provides a button titled “DISABLE ALL”. Selecting this button will definitely cripple you PC.
I’m not sure why this option is available since no reason exists to justify disabling EVERYTHING.
Caution
 Changing the default Service settings may prevent key Services from running correctly. It is especially
important to use caution when changing Startup Types set to Automatic.
Information
 You must be signed in as an administrator to change service settings.

 If you stop, start or restart a service, any dependent services are also affected. Starting a service does not
automatically restart its dependent services.
 Some services, such as Remote Procedure Call ﴾RPC﴿, Event Log, and Plug and Play cannot be stopped.
These services are required for the operating system to function properly.
2
Stop a Service
13. Double-click the service to stop.
14. Click the Stop button.
15. Wait until the service status shows Stopped then click OK.
Start/Enable a Service
16. Double-click the service to start.
17. If the service is set to Disabled, it must first be changed to Manual, Automatic or Automatic ﴾Delayed Start﴿. Click Apply.
18. Click the Start button.

19. Wait until the service status shows Stopped then click OK
Disable a Service
20. Double-click a service to disable.
21. If the service is Running, then click the Stop button.
22. Wait until the service status shows Stopped then change the Startup type to Disabled.
23. Click OK.
List of Disabled Services

The services that I’ve disabled are obviously dependent upon how I use my PC. Here is a summary of my laptop’s specs and
the Windows features I don’t use.
 64-bit standalone laptop
 Windows 10 Home, version 1511 installed.
 No network connections other than a wireless connection to the Internet.
 File and Printer Sharing = OFF
I’ve tried to provide detailed information for all the services that I’ve disabled. I find that the service descriptions provided by
Microsoft are generally vague and difficult to “decode” so I rewrote them to make them clearer. I’ve also included links to articles
and tutorials that may provide additional information to help you decide whether or not a particular service is needed.
For a quick list of the services I’ve disabled, without all the details, see Appendix B: Disabled Services (1-page list).
Warning
It is important to create a restore point before making any changes to Windows services.
Click HERE for a great article from PC Magazine on how to create a restore point and also use that restore point
to perform a system restore if needed.
3
AllJoyn Router Service
Description - This service (AJRouter) is used by the Internet of Things (IoT) to discover and communicate (customize and
control) with “smart” devices using IPv6. Security and privacy risks exist with IoT (see “Additional Information” below).
Reason for Disabling on a Standalone PC
 PRIVACY RISK (IoT)
 Direct communication with IoT devices not used.
Default Service Settings - The AllJoyn Router Service runs in a shared process (svchost.exe).
Display Name: AllJoyn Router Service
Service Name: AJRouter
Startup Type: Manual
Path: C:\WINDOWS\system32\svchost.exe -k LocalService
File: C:\Windows\system32\AJRouter.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AJRouter
Dependencies: This service depends on the following system components:
None
The following system components depend on this service:
None
Additional Information
 IoT Applications with Examples (InternetOfThingsWiki.com/)
 AllJoyn Consumer Applications (AllSeenAlliance.org)
 5 Reasons to Avoid Smart Assistants If You Value Your Privacy (MakeUseOf.com)
 The Internet of Things Industry Failed Us (PCMag.com)
 Friday's IoT-based DDoS Attack has Security Experts Worried (ComputerWorld.com)
 Are My Smarthome Devices Secure? (HowToGeek.com)
 GUIDE: How to disable IPv6 or its components in Windows (Microsoft.com)
NOTES
4
Application Layer Gateway Service
Description - This service (ALG) provides support to non-Microsoft (third-party) protocol plug-ins by allowing their proprietary
network protocols to pass through Windows Firewall and work behind Internet Connection Sharing (ICS). These plug-ins are
capable of opening ports and changing data (e.g. IP addresses) embedded in packets. This service is also referred to as
Application Level Gateway
Reason for Disabling on a Standalone PC - PC’s internet connection (ICS) not shared with other computers or devices.
Default Service Settings - The Application Layer Gateway Service runs in its own process (alg.exe).
Display Name: Application Layer Gateway Service
Service Name: ALG
Path: C:\WINDOWS\system32\alg.exe
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ALG
None
None
 Application Layer Gateway (Wikipedia.org)
 GUIDE: How to Allow Apps to Communicate Through the Windows Firewall (HowToGeek.com)
 GUIDE: How to Block an Application from Accessing the Internet with Windows Firewall (HowToGeek.com)
NOTES
5
Certificate Propagation
Description - This service (CertPropSvc) detects when a smart card is inserted into a smart card reader, installs the smart card
Plug and Play driver if needed, and copies the user certificate and root certificate from the smart card onto the PC in the user’s
certificate store.
Reason for Disabling on a Standalone PC - Smart card not used.
Default Service Settings - The Certificate Propagation service runs in a shared process (svchost.exe).
Display Name: Certificate Propagation
Service Name: CertPropSvc
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
File: C:\WINDOWS\system32\certprop.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertPropSvc
Remote Procedure Call (RPC) (RpcSs)
None
 Smart Card (Wikipedia.org)
 Security with Smart Cards (TechNet.Microsoft.com)
NOTES
6
Computer Browser (Browser)
Description - This service (Browser) tracks and maintains a list of the computers and files on a network. This service is only
useful for a LAN setup where the computers share files with each other.
 No network connections.
 File and printer sharing turned off.
Default Service Settings - The Computer Browser service runs in a shared process (svchost.exe).
Display Name: Computer Browser
Service Name: Browser
File: C:\WINDOWS\system32\browser.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser
Server (LanmanServer)
Workstation (LanmanWorkstation)
None
 Computer Browser Service (Wikipedia.org)
 GUIDE: Guide to Network and Sharing Center (Online-Tech-Tips.com)
 GUIDE: How to Turn On or Off File and Printer Sharing (TenForums.com)
 GUIDE: How to Turn On or Off Public Folder Sharing (TenForums.com)
 GUIDE: How to Turn On or Off Network Discovery (TenForums.com)
NOTES
7
Connected Device Platform Service
Description – Microsoft’s description for this service (CDPSvc) says "This service is used for Connected Devices and Universal
Glass scenarios". I’ve spent a bit of time researching this service and can’t really determine exactly what it is. The default
setting for this service is Disabled. I have left it disabled with no problems noted.
Reason for Disabling on a Standalone PC - Default setting for Startup Type = Disabled.
Default Service Settings - The Connected Devices Platform Service runs in a shared process (svchost.exe).
Display Name: Connected Devices Platform Service
Service Name: CDPSvc
Startup Type: Disabled
File: C:\WINDOWS\system32\CDPSvc.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CDPSvc
None
None
NOTES
8
Connected User Experiences and Telemetry
Description - This service (DiagTrack) collects and transmits diagnostic and usage information to Microsoft. In earlier versions
of Windows 10 this service was called "Diagnostics Tracking Service." Microsoft’s tracking and data collection is a privacy risk
(see “Additional Information” below).
Reason for Disabling on a Standalone PC - PRIVACY RISK (telemetry and data collection). In addition to disabling this
service, I recommend using the portable freeware program Spybot Anti-Beacon to remove all known tracking features in
Windows.
Default Service Settings - The Connected User Experiences and Telemetry service runs in its own process (svchost.exe).
Display Name: Connected User Experiences and Telemetry
Service Name: DiagTrack
Startup Type: Automatic
Path: C:\WINDOWS\system32\svchost.exe -k utcsvc
File: C:\WINDOWS\system32\diagtrack.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DiagTrack
None
 Even When Told Not To, Windows 10 Just Can’t Stop Talking to Microsoft (arstechnica.com)
 Microsoft Doesn't See Windows 10's Mandatory Data Collection as a Privacy Risk (PCWorld.com)
 Microsoft Walks a Thin Line Between Windows 10 Telemetry and Snooping (InfoWorld.com)
 Windows 10 Telemetry Secrets: Where, When, and Why Microsoft Collects Your Data (ZDNet.com)
 GUIDE: Manage Windows 10 Telemetry and Data Collection Settings (TheWindowsClub.com)
 Guide: How to Enable or Disable Cortana (TenForums.com)
NOTES
9
Credential Manager
Description - This service (VaultSvc) is the "digital locker" where Windows stores log-in credentials (username, password, etc.)
for computers on your network and for Internet websites. This service is used whenever you see a prompt asking if you want
Windows or Internet Explorer to remember your password.
Reason for Disabling on a Standalone PC - Log-in usernames and passwords not stored on PC.
Default Service Settings - The Credential Manager service runs in a shared process (lsass.exe).
Display Name: Credential Manager
Service Name: VaultSvc
Path: C:\WINDOWS\system32\lsass.exe
File: C:\WINDOWS\system32\vaultsvc.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VaultSvc
Windows Biometric Service (WbioSrvc)
 GUIDE: How to Add Credentials to the Windows Credential Manager Vault (HowToGeek.com)
 GUIDE: Add, Remove, Edit, Backup and Restore Stored User Names and Passwords (TheWindowsClub.com)
NOTES
10
DataCollectionPublishingService
Description - This service (DcpSvc) allows Microsoft apps to upload data to the cloud. Cloud computing presents several
security and privacy risks (see “Additional Information” below).
 SECURITY & PRIVACY RISK (cloud)
 The uploading of data from Microsoft apps to the cloud is not not used.
Default Service Settings - The DataCollectionPublishingService runs in a shared process (svchost.exe).

Display Name: DataCollectionPublishingService
Service Name: DcpSvc
File: C:\WINDOWS\system32\dcpsvc.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DcpSvc
None
None
 Cloud Computing Issues (Wikipedia.org)
 Top 10 Security Concerns for Cloud-Based Services (Incapsula.com)
 The Dirty Dozen: 12 Cloud Security Threats (InfoWorld.com)
 Top Ten Major Risks Associated with Cloud Storage (Cloudwards.net)
 GUIDE: How to Disable OneDrive and Remove It From File Explorer (HowToGeek.com)
NOTES
11
Delivery Optimization
Description - This service (DoSvc) allows Microsoft to distribute their Windows updates to/from your PC to other computers on
the internet and on your local network. In other words, Microsoft is using your bandwidth to distribute their updates to other
users. You’re not asked if you’d like to participate in this distribution. Instead, MS turns this feature on by default. I can think of
no good reason to leave this service set to anything but “Disabled.”
 SECURITY & PRIVACY RISK (connecting to unknown computers)
 PC is not a Microsoft server. Most users (to include me) have limited bandwidth plans with data caps. I don’t intend to
exceed these caps, and increase my costs, to distribute Microsoft software to other users.
Default Service Settings - The Delivery Optimization service runs in a shared process (svchost.exe).
Display Name: Delivery Optimization
Service Name: DoSvc
File: C:\WINDOWS\system32\doscv.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DoSvc
None
 Windows Update Delivery Optimization: FAQ (Microsoft.com)
 GUIDE: How to Stop Windows 10 From Uploading Updates to Other PCs Over the Internet (HowToGeek.com)
 GUIDE: How to Delete Delivery Optimization Files and Reclaim Lost Disk Space (TheWindowsClub.com)
 GUIDE: How to Enable or Disable Automatic Windows Updates (TenForums.com)
 GUIDE: Prevent Automatic Windows Update Downloads with a Metered Connection (HowToGeek.com)
 GUIDE: How to Monitor Your Internet Bandwidth Usage and Avoid Exceeding Data Caps (HowToGeek.com)
NOTES
12
dmwappushsvc
Description - This service, WAP Push Message Routing Service, is used for receiving mobile text messages that redirect to
web pages. The message arrives as an alert that, when clicked, opens a web page in a mobile browser. For example, a
restaurant may send you a digital coupon when you are near their location. This location tracking service is a privacy risk.
 PRIVACY RISK (telemetry and data collection)
 Push Messages not used.
Default Service Settings - The Dmwappushsvc service runs in a shared process of (svchost.exe).
Display Name: Dmwappushsvc
Service Name: Dmwappushservice
File: C:\WINDOWS\system32\dmwappushsvc.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmwappushservice
None
 Wireless Application Protocol (Wikipedia.org)
NOTES
13
Downloaded Maps Manager
Description - This service (MapsBroker) provides offline access to downloaded maps via the Windows Map app.
Reason for Disabling on a Standalone PC - Windows Map app not used.
Default Service Settings - The Downloaded Maps Manager service runs in its own process of (svchost.exe).
Display Name: Downloaded Maps Manager
Service Name: MapsBroker
Path: C:\WINDOWS\system32\svchost.exe -k NetworkService
File: C:\WINDOWS\system32\moshost.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MapsBroker
None
NOTES
14
Enterprise App Management Service
Description - This service (EntAppSvc) is used to manage enterprise applications within a corporate computer-based
information system.
Reason for Disabling on a Standalone PC - Enterprise applications not used.
Default Service Settings - The Enterprise App Management Service runs in a shared process (svchost.exe).
Display Name: Enterprise App Management Service
Service Name: EntAppSvc
Path: C:\WINDOWS\system32\svchost.exe -k appmodel
File: C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EntAppSvc
None
 Enterprise Applications (Wikipedia.org)
NOTES
15
Family Safety Filter Driver
Description - This service (wpcfltr) allows parents to manage and restrict a child’s web content. Web filtering is restricted to
Microsoft Edge and Microsoft Internet Explorer browsers.
Reason for Disabling on a Standalone PC - Microsoft family features not used.
Default Service Settings - The Family Safety Filter Driver service is a kernel mode driver.
Display Name: Family Safety Filter Driver
Service Name: Wpcfltr
Path: C:\WINDOWS\system32\drivers\wpcfltr.sys
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wpcfltr
None
None
 Microsoft Family Features (Wikipedia.org)
 GUIDE: How to Manage Family Settings for a Child (TenForums.com)
NOTES
16
Fax
Description - This service (Fax) allows you to send, receive, and archive faxes from applications using either a local or a
shared network fax device. Instead of using services.msc to disable Fax, this service is disabled through the Control Panel (see
below).
Note: Some programs and features included with Windows (e.g. Internet Information Services) must be turned on before you
can use them. Other features (e.g. Windows Media Player, Windows Fax and Scan) are turned on by default, but you can turn
them off if you don’t use them.
Turn off the Fax service
24. WIN + X
25. Select Control Panel from the menu that pops up
26. Select Programs and Features
27. Select Turn Windows features on or off
28. Click the “+” next to Print and Document Services
29. Deselect Windows Fax and Scan
Reason for Disabling on a Standalone PC - Faxing not used.
Default Service Settings - The Fax service runs in its own process (fxssvc.exe).
Display Name: Fax
Service Name: Fax
Path: C:\WINDOWS\system32\drivers\fxssvc.exe
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fax
Print Spooler (Spooler)
Telephony (TapiSrv)
None
 Windows Fax and Scan (Wikipedia .org)
 How to Send and Receive Faxes Online Without a Fax Machine or Phone Line (HowToGeek.com)
NOTES
17
Function Discovery (2 services)
Description
 Function Discovery Provider Host - Enables file sharing with other computers within a network.
 Function Discovery Resource Publication - Makes a computer and the resources attached to it (e.g. printer)
discoverable and available within a network.

 File sharing or HomeGroup not used.
Default Service Settings - Both the Function Discovery Provider Host service and the Function Discovery Resource Publication
service run in a shared process (svchost.exe).
Display Name: Function Discovery Provider Host
Service Name: fdPHost
File: C:\WINDOWS\system32\fdPHost.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fdPHost
HTTP Service (http)
HomeGroup Provider (HomeGroupProvider)
Display Name: Function Discovery Resource Publication

Service Name: FDResPub
Path: C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
File: C:\WINDOWS\system32\fdrespub.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FDResPub
HTTP Service (http)
HomeGroup Provider (HomeGroupProvider)
NOTES
18
Geolocation Service
Description - This service (lfsvc) tracks a PC’s current location and also manages geofences. Geofencing is the creation of
geographic boundary around a specific location. Crossing this boundary triggers an action (e.g. message). Geofencing is used
with mobile devices such as phones or tablets.
 PRIVACY RISK (location tracking and location sharing)
 Geolocation not used.
Default Service Settings - The Geolocation Service runs in a shared process (svchost.exe).
Display Name: Geolocation Service
Service Name: lfsvc
File: C:\WINDOWS\system32\lfsvc.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lfsvc
None
 Geolocation (Wikipedia.org)
 Geolocation Privacy and Surveillance Act (Wikipedia.org)
 Locational Privacy (eff.org)
NOTES
19
HomeGroup (2 services)
Description
 HomeGroup Listener - Monitors your PC’s configuration and applies changes to HomeGroups.
 HomeGroup Provider - Detects other HomeGroups.

 No home network connection.
 HomeGroup not used.
Default Service Settings - Both the HomeGroup Listener service and the HomeGroup Provider service run in a shared process
(svchost.exe).
Display Name: HomeGroup Listener
Service Name: HomeGroupListener
Path: C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
File: C:\WINDOWS\system32\listsvc.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupListener
None
None
Display Name: HomeGroup Provider

Service Name: HomeGroupProvider
Path: C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
File: C:\WINDOWS\system32\provsvc.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupProvider
Function Discovery Provider Host (fdPHost)
Function Discovery Resource Publication (FDResPub)
Network List Service (netprofm)
None
 HomeGroup from Start to Finish (Microsoft.com)
 GUIDE: How to Setup and Manage Windows 10 HomeGroup on a Local Network (WindowsCentral.com)
 GUIDE: How to Create a HomeGroup (TenForums.com)
 GUIDE: How to Join a HomeGroup (TenForums.com)
 GUIDE: How to Leave a HomeGroup (TenForums.com)
NOTES
20
Human Interface Device Service
Description - This service (hidserv) allows you to use special buttons/keys (e.g. volume control, email access, etc.) on
multimedia keyboards, mice, game controllers, remote controls and Human Interface Devices (HID) that connect to your PC via
USB or Bluetooth.
Note: A Logitech 2-button mouse is connected to my PC and works properly without this service.
Reason for Disabling on a Standalone PC - HID devices not connected to PC.
Default Service Settings - The Human Interface Device Service runs in a shared process (svchost.exe).
Display Name: Human Interface Device Service
Service Name: Hidserv
File: C:\WINDOWS\system32\hidserv.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hidserv
None
None
 Introduction to HID Concepts (msdn.Microsoft.com)
 Human Interface Device (Wikipedia.org)
NOTES
21
Hyper-V (8 services)
Description - Hyper-V creates Virtual Machines (VM) on x86-64 systems running Windows.
 Hyper-V Data Exchange Service - Allows information sharing between the host and VM.
 Hyper-V Guest Service Interface - Allows file copying to a running VM without using a network connection.
 Hyper-V Guest Shutdown Service - Performs an orderly shutdown of VMs without having to login to a VM.
 Hyper-V Heartbeat Service – Identifies VMs that have stopped responding.
 Hyper-V Remote Desktop Virtualization Service – Communications between the VM and the OS on a remote computer.
 Hyper-V Time Synchronization Service - Synchronizes a VM’s time with the host’s time.
 Hyper-V VM Session Service – Manages a VM with PowerShell.
 Hyper-V Volume Shadow Copy Requestor – Used to backup and restore VMs.
Reason for Disabling on a Standalone PC - Virtual Machines (VM) not used.

Default Service Settings - All 8 Hyper-V services run in a shared process (svchost.exe).
Display Name: Hyper-V Data Exchange Service
Service Name: vmickvpexchange
File: C:\WINDOWS\system32\icsvc.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmickvpexchange
None
None
Display Name: Hyper-V Guest Service Interface

Service Name: vmicguestinterface
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmicguestinterface
None
None
Display Name: Hyper-V Guest Shutdown Service

Service Name: vmicshutdown
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmicshutdown
None
None
Display Name: Hyper-V Heartbeat Service

Service Name: vmicheartbeat
Path: C:\WINDOWS\system32\svchost.exe -k ICService
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmicheartbeat
None
None
22
Display Name: Hyper-V Remote Desktop Virtualization Service
Service Name: vmicrdv
Path: C:\WINDOWS\system32\svchost.exe -k ICService
File: C:\WINDOWS\system32\icsvcext.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmicrdv
None
None
Display Name: Hyper-V Time Synchronization Service

Service Name: vmictimesync
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmictimesync
Microsoft Hyper-V Guest Infrastructure Driver (vmgid)
None
Display Name: Hyper-V VM Session Service

Service Name: vmicvmsession
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmicvmsession
None
None
Display Name: Hyper-V Volume Shadow Copy Requestor

Service Name: vmicvss
File: C:\WINDOWS\system32\icsvcext.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmicvss
None
None
 Hyper-V (Wikipedia.org)
 Hyper-V on Windows 10 (Microsoft.com)
23
Intel (2 services)
Description
 Intel Management and Security Application Local Management Service - Part of Intel’s Active Management Technology
(AMT) and is aimed enterprise users not home users. AMT uses remote access to computers running this service to
monitor, maintain, update, upgrade, and repair them.
 Intel Management and Security Application User Notification Service - Part of Intel’s Active Management Technology
(AMT) and is aimed enterprise users not home users. This services receives messages from AMT and writes them to
Window’s local event log.
Reason for Disabling on a Standalone PC - Not an enterprise user.

Default Service Settings
Display Name: Intel Management and Security Application Local Management Service
Service Name: LMS
Startup Type: Automatic (Delayed Start)
Path: C:\Program Files (x86)\Intel\Intel Management Engine Components\LMS\LMS.exe
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LMS
None
Intel(R) Management and Security Application User Notification Service (UNS)
Display Name: Intel Management and Security Application User Notification Service
Service Name: UNS
Startup Type: Automatic (Delayed Start)
Path: C:\Program Files (x86)\Intel\Intel Management Engine Components\UNS\UNS.exe
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UNS
Intel Management and Security Application User Notification Service (LMS)
None
 Intel Active Management Technology (Intel.com)
 Intel Active Management Technology (Wikipedia.org)
NOTES
24
Internet Connection Sharing (ICS)
Description - This service (ICS) uses a PC with wired access to the internet as a hub or router to provide wireless internet
access to other computers and devices.
Reason for Disabling on a Standalone PC - PC’s internet connection not shared with other computers or devices.
Default Service Settings - The Internet Connection Sharing (ICS) service runs in a shared process (svchost.exe).
Display Name: Internet Connection Sharing (ICS)
Service Name: SharedAccess
File: C:\WINDOWS\system32\hidserv.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ipnathlp.dll
Base Filtering Engine (BFE)
Network Connections (Netman)
Windows Management Instrumentation (Winmgmt)
None
 Internet Connection Sharing (Wikipedia.org)
 GUIDE: How to Share Your Smartphone’s Internet Connection: Hotspots and Tethering Explained (HowToGeek.com)
 GUIDE: How to Share a Wired Ethernet Internet Connection with All Your Devices (HowToGeek.com)
 GUIDE: How to Turn Your Windows PC into a Wi-Fi Hotspot (HowToGeek.com)
NOTES
25
Internet Explorer ETW Collector Service
Description - This service (IEEtwCollectorService) collects ETW data for Internet Explorer. ETW stands for Event Tracing for
Windows. ETW is a Windows system and software diagnostic feature that captures the sequence and timing of events. These
captured events can be used by software programmers to analyze performance and troubleshoot problems (e.g. data
bottlenecks).
Reason for Disabling on a Standalone PC - Internet Explorer’s ETW feature not used.
Default Service Settings - The Internet Explorer ETW Collector Service runs in its own process (IEEtwCollector.exe).
Display Name: Internet Explorer ETW Collector Service
Service Name: IEEtwCollectorService
Path: C:\WINDOWS\system32\IEEtwCollector.exe /V
File: C:\WINDOWS\system32\IEEtwCollector.exe
Registry Key: H HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IEEtwCollectorService
None
None
 ETW Introduction and Overview (Microsoft.com)
 Event Tracing, MSDN Magazine, Apr 2007 (Microsoft.com)
NOTES
26
IP Helper
Description - This service (iphlpsvc) provides support for an IPv6 connection over an IPv4 network. IPv6 is the newest Internet
Protocal and is intended to replace IPv4. IPv6 is also used to connect to Internet of Things (IoT) devices. Security risks exist
with both IoT and IPv6 (see “Additional Information” below).
 SECURITY RISK (IPv6 and IoT)
 IPv6 connections not used.
Default Service Settings - The IP Helper service runs in a shared process (svchost.exe).
Display Name: IP Helper
Service Name: Iphlpsvc
Path: C:\WINDOWS\system32\svchost.exe -k NetSvcs
File: C:\WINDOWS\system32\iphlpsvc.dll.
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc
NetIO Legacy TDI Support Driver (tdx)
Network Store Interface Service (nsi)
TCP/IP Protocol Driver (Tcpip)
WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc)
Windows Management Instrumentation (winmgmt)
Network Connectivity Assistant (NcaSvc)
 IPv6: The Smart Person's Guide (TechRepublic.com)
 IPv6: Security Concerns (TechRepublic.com)
 IoT Security Issues Unplugged (TechTarget.com)
 10 Things to Know about the October 21 IoT DDoS Attacks (WeLiveSecurity.com)
 Are My Smarthome Devices Secure? (HowToGeek.com)
NOTES
27
Link-Layer Topology Discovery Mapper
Description - This service (lltdsvc) displays a map of your network. This network map is visible in the Network and Sharing
Center by selecting "See Full Map".
Reason for Disabling on a Standalone PC - Visible network map (in the Network and Sharing Center) not used.
Default Service Settings - The Link-Layer Topology Discovery Mapper runs in a shared process (svchost.exe).
Display Name: Link-Layer Topology Discovery Mapper
Service Name: lltdsvc
File: C:\WINDOWS\system32\lltdsvc.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc
Link-Layer Topology Discovery Mapper I/O Driver (lltdio)
None
Link Layer Topology Discovery (Wikipedia.org)
NOTES
28
Microsoft Diagnostics Hub Standard Collector Service
Description - This service (diagnosticshub.standardcollector.service) collects ETW (Event Tracing for Windows) data.. ETW is
a system and software diagnostic component in Windows that captures the sequence and timing of events. These captured
events can be used by software programmers to analyze performance and troubleshoot problems (e.g. data bottlenecks).
Reason for Disabling on a Standalone PC - ETW feature not used.
Default Service Settings - The Microsoft Diagnostics Hub Standard Collector Service runs in its own process
(DiagnosticsHub.StandardCollector.Service.exe).
Display Name: Microsoft Diagnostics Hub Standard Collector Service
Service Name: diagnosticshub.standardcollector.service
Path: C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\diagnosticshub.standardcollector.service
None
None
 ETW Introduction and Overview (Microsoft.com)
 Event Tracing, MSDN Magazine, Apr 2007 (Microsoft.com)
NOTES
29
Microsoft iSCSI Initiator Service
Description - This service (MSiSCSI) manages remote iSCSI devices (disks, tapes, CDs, or other storage devices on network
connected systems).
Reason for Disabling on a Standalone PC - Networked iSCSI devices not used.
Default Service Settings - The Microsoft iSCSI Initiator Service runs i a shared process (svchost.exe).
Display Name: Microsoft iSCSI Initiator Service
Service Name: MSiSCSI
File: C:\WINDOWS\system32\iscsiexe.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSiSCSI
None
None
 iSCSI (Wikipedia.org)
NOTES
30
Microsoft Windows SMS Router Service
Description - This service (SmsRouter) routes messages from a Local Area Network (LAN) server to connected PCs. These
messages support the (1) inventory of hardware and software, (2) distribution and installation of software, and (3) performance
of diagnostic tests.
Reason for Disabling on a Standalone PC - No LAN connections.
Default Service Settings - The Microsoft Windows SMS Router Service. Runs in a shared process (svchost.exe).
Display Name: Microsoft Windows SMS Router Service
Service Name: SmsRouter
File: C:\WINDOWS\system32\SmsRouterSvc.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SmsRouter
NDIS Usermode I/O Protocol (Ndisuio)
None
 Systems Management Server (SMS) (Wikipedia.org)
 Local Area Network (LAN) (Wikipedia.org)
NOTES
31
Netlogon
Description - This service (Netlogon) authenticates users and other services within a Windows domain.
Reason for Disabling on a Standalone PC - No network connections.
Default Service Settings - The Netlogon service runs in a shared process (lsass.exe).
Display Name: Netlogon
Service Name: Netlogon
Path: C:\WINDOWS\system32\lsass.exe
File: C:\WINDOWS\system32\netlogon.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon
None
NOTES
32
Net.Tcp Port Sharing Service
Description - This service (NetTcpPortSharing) is a part of the Windows Communication Foundation (WCF) in .NET. The
service allows several applications to use the same TCP port for network communications.
Reason for Disabling on a Standalone PC - Default setting for Startup Type = Disabled.
Default Service Settings - The Net.Tcp Port Sharing Service runs in a shared process (SMSvcHost.exe).
Display Name: Net.Tcp Port Sharing Service
Service Name: NetTcpPortSharing
Path: C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetTcpPortSharing
None
None
 Net.TCP Port Sharing (Microsoft.com)
NOTES
33
Network Connected Devices Auto-Setup
Description - This service (NcdAutoSetup) automatically detects, sets up and enables the use of devices for private network
locations (e.g. home or workplace). Within private networks, network discovery is turned on, file and printer sharing are turned
on and HomeGroup connections are allowed.
Reason for Disabling on a Standalone PC - No private network connections.
Default Service Settings - The Network Connected Devices Auto-Setup service runs in a shared process (svchost.exe).
Display Name: Network Connected Devices Auto-Setup
Service Name: NcdAutoSetup
Path: C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
File: C:\WINDOWS\system32\NcdAutoSetup.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NcdAutoSetup
Network List Service (netprofm)
None
NOTES
34
Network Connectivity Assistant
Description - This service (NcaSvc) indicates network connection status and allows data collection when connecting to
DirectAccess servers.
Default Service Settings - The Network Connectivity Assistant service runs in a shared process (svchost.exe).
Display Name: Network Connectivity Assistant
Service Name: NcaSvc
Path: C:\WINDOWS\system32\svchost.exe -k NetSvcs
File: C:\WINDOWS\system32\ncasvc.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NcaSvc
DNS Client (Dnscache)
IP Helper (iphlpsvc)
None
NOTES
35
Peer Networking (3 services)
Services Disabled
 Peer Name Resolution Protocol
 Peer Networking Grouping
 Peer Networking Identity Manager
Description - These services enable peer-to-peer (P2P) and collaborative programs (e.g. HomeGroup and Remote Assistance)
to communicate with each other across a network.
Reason for Disabling on a Standalone PC - No connections to P2P networks, HomeGroup, or Remote Assistance.
Default Service Settings - All 3 Peer Networking services run in a shared process (svchost.exe).
Display Name: Peer Name Resolution Protocol
Service Name: PNRPsvc
Path: C:\WINDOWS\system32\svchost.exe -k LocalServicePeerNet
File: C:\WINDOWS\system32\pnrpsvc.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PNRPsvc
Peer Networking Identity Manager (p2pimsvc)
PNRP Machine Name Publication Service (PNRPAutoReg)
Peer Networking Grouping (p2psvc)
Display Name: Peer Networking Grouping

Service Name: p2psvc
File: C:\WINDOWS\system32\p2psvc.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\p2psvc
Peer Name Resolution Protocol (PNRPsvc)
None
Display Name: Peer Networking Identity Manager

Service Name: p2pimsvc
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\p2pimsvc
None
Peer Name Resolution Protocol (PNRPsvc)
NOTES
36
Performance Counter DLL Host
Description - This service (PerfHost) runs 32-bit Performance Counters remotely from users on 64-bit servers. These counters
provide performance data for operating systems (OS), applications, services, or drivers and can identify system bottlenecks.
Reason for Disabling on a Standalone PC - Don’t remotely run 32-bit performance counters.
Default Service Settings
Display Name: Performance Counter DLL Host
Service Name: PerfHost
Path: C:\WINDOWS\SysWow64\perfhost.exe
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PerfHost
None
NOTES
37
Performance Logs & Alerts
Description - This service (pla) collects Performance Counter data from local or remote computers. These counters provide
performance data for operating systems (OS), applications, services, or drivers and can identify system bottlenecks. Based on
counter data, this service can trigger alerts or write performance data to a log file for analysis and report generation. Real-time
performance counter data can be viewed graphically using Performance Monitor (WIN+R  perfmon.msc).
 Performance counter data not needed.
 No remote connections.
Default Service Settings - The Performance Logs & Alerts service runs in a shared process (svchost.exe).
Display Name: Performance Logs & Alerts
Service Name: pla
Path: C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
File: C:\WINDOWS\system32\pla.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pla
None
NOTES
38
PNRP Machine Name Publication Service
Description
This service (PNRPAutoReg) publishes a PC's name using Peer Name Resolution Protocol. This is a peer-to-peer (P2P)
protocol used by Remote Assistance and HomeGroup.
Reason for Disabling on a Standalone PC - No connections to P2P networks.
Default Service Settings - The Peer Name Resolution Protocol service runs in a shared process (svchost.exe).
Display Name: PNRP Machine Name Publication Service
Service Name: PNRPAutoReg
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PNRPsvc
PNRP Machine Name Publication Service (PNRPAutoReg)
NOTES
39
Program Compatibility Assistant Service
Description - This service (PcaSvc) monitors programs that run to identify Windows 10 compatibility issues. Older programs
may have compatibility problems. If compatibility issues exist, you are notified and offered a remedy. The service can resolve
program conflicts with User Account Control (UAC) and also run programs in a compatibility mode that simulates an earlier
version of Windows.
Reason for Disabling on a Standalone PC - No incompatible programs installed.
Default Service Settings - The Program Compatibility Assistant Service runs in a shared process (svchost.exe).
Display Name: Program Compatibility Assistant Service
Service Name: PcaSvc
File: C:\WINDOWS\system32\pcasvc.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PcaSvc
None
NOTES
40
Quality Windows Audio Video Experience
Description - This service (QWAVE) enables high performance video streaming across a LAN (home) network.
Reason for Disabling on a Standalone PC - No LAN connections.
Default Service Settings - The Quality Windows Audio Video Experience service runs in a shared process (svchost.exe).
Display Name: Quality Windows Audio Video Experience
Service Name: QWAVE
File: C:\WINDOWS\system32\qwave.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QWAVE
Link-Layer Topology Discovery Mapper I/O Driver (lltdio)
QWAVE driver (QWAVEdrv)
QoS Packet Scheduler (Psched)
None
NOTES
41
Remote Access (2 services)
Description
 Remote Access Auto Connection Manager - Detects unsuccessful attempts to connect to a remote network or computer
and provides alternative methods for connection. Used by some direct cable and DSL providers to logon and connect to
the internet. If you use a hardware gateway or router, this service is not required.
 Remote Access Connection Manager - Manages dial-up and VPN connections from your computer to the Internet or
other remote networks. When you double-click a connection in the Network Connections folder and then click the
Connect button, this service either dials the connection or sends a VPN connection request and handles
communications with the remote access server to set up the connection.
Reason for Disabling on a Standalone PC - No connections to remote networks or computers.

Default Service Settings - Both the Remote Access Auto Connection Manager service and the Remote Access Connection
Manager service run in a shared process (svchost.exe).
Display Name: Remote Access Auto Connection Manager
Service Name: RasAuto
File: C:\WINDOWS\system32\rasauto.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAuto
Remote Access Auto Connection Driver (RasAcd)
None
Display Name: Remote Access Connection Manager

Service Name: RasMan
File: C:\WINDOWS\system32\rasmans.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan
Secure Socket Tunneling Protocol Service (SstpSvc)
Routing and Remote Access (RemoteAccess)
 Remote Access (TheNetworkEncyclopedia.com)
NOTES
42
Remote Desktop (3 services)
Description - These services allow a user to take control of a remote computer or virtual machine over a network connection.
Remote Desktop is often targeted by hackers and considered a security risk.
 Remote Desktop Configuration
 Remote Desktop Services
 Remote Desktop Services UserMode Port Redirector
Reason for Disabling on a Standalone PC - No remote connections. Remote Assistance connections disabled.
Default Service Settings - All 3 Remote Desktop services run in a shared process (svchost.exe).
Display Name: Remote Desktop Configuration
Service Name: SessionEnv
File: C:\WINDOWS\system32\sessenv.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SessionEnv
None
Display Name: Remote Desktop Services

Service Name: TermService
File: C:\WINDOWS\system32\termsrv.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService
Remote Desktop Services UserMode Port Redirector (UmRdpService)
Display Name: Remote Desktop Services UserMode Port Redirector

Service Name: UmRdpService
File: C:\WINDOWS\system32\umrdp.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UmRdpService
Remote Desktop Device Redirector Driver (RDPDR)
Remote Desktop Services (TermService)
None
 Remote Desktop Protocol Security Issues (Wikipedia.org)
 GUIDE: How to Enable and Secure Remote Desktop on Windows (HowToGeek.com)
NOTES
43
Remote Procedure Call (RPC) Locator
Description - This service (RpcLocator) is used to discover Remote Procedure Call (RPC) services. This service is not used by
the operating system and is only present for third-party programs that requires it.
Reason for Disabling - No third-party programs run that require this service.
Default Service Settings - The Remote Procedure Call (RPC) Locator service runs in its own process (locator.exe).
Display Name: Remote Procedure Call (RPC) Locator
Service Name: RpcLocator
Path: C:\WINDOWS\system32\locator.exe
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcLocator
Remote Desktop Device Redirector Driver (RDPDR)
Remote Desktop Services (TermService)
None
NOTES
44
Remote Registry
Description - This service (RemoteRegistry) allows remote users to modify registry settings on a computer. If it is disabled, only
locally logged on users can modify the registry. This service presents a security risk should be disabled. "Disabled" is the default
setting in Windows 10 Home 1511.
 SECURITY RISK (remote access to registry)
 Default setting for Startup Type = Disabled.
Default Service Settings - The Remote Registry service runs in a shared process (svchost.exe).
Display Name: Remote Registry
Service Name: RemoteRegistry
Path: C:\WINDOWS\system32\svchost.exe -k localService
File: C:\WINDOWS\system32\regsvc.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry
None
NOTES
45
Retail Demo Service
Description - This service (RetailDemo) allows retail store staff to demonstrate Windows 10 features to customers.
Reason for Disabling on a Standalone PC – Bloatware that is not needed.
Default Service Settings - The Retail Demo Service runs in a shared process (svchost.exe).
Display Name: Retail Demo Service
Service Name: RetailDemo
File: C:\WINDOWS\system32\RDXService.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RetailDemo
None
None
NOTES
46
Routing and Remote Access
Description - This service (RemoteAccess) is used within corporate networks. It allows computers to dial in to a local computer
to gain access to the local network.
 No connections to remote networks or computers.
 Default setting for Startup Type = Disabled.
Default Service Settings - The Routing and Remote Access service runs in a shared process (svchost.exe).
Display Name: Routing and Remote Access
Service Name: RemoteAccess
File: C:\WINDOWS\system32\mprdim.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess
HTTP Service (HTTP)
NetBIOSGroup
Remote Access Connection Manager (RasMan)
None
 Routing and Remote Access Service (Technet.Microsoft.com)
NOTES
47
Secondary Logon
Description - This service (seclogon) allows users to use the “Run As” command to elevate their privileges and run commands
available to administrators. This is a great way for administrators to do ordinary work (e-mail, Word, Excel, etc.) as ordinary
users while also performing administrative tasks without logging off and then back on again. However, this presents a security
risk if accessed by users that aren’t intended to have administrative privileges.
 SECURITY RISK (access administrator privileges)
 Administrator command “Run As” not used.
Default Service Settings - The Secondary Logon service runs in a shared process (svchost.exe).
Display Name: Secondary Logon
Service Name: seclogon
File: C:\WINDOWS\system32\seclogon.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon
None
None
NOTES
48
Sensor (3 services)
Description - These services monitor, manage and deliver sensor data. Sensor data includes motion (accelerometer,
gyroscope, magnetometer), barometer, altimeter, ambient light, proximity (human presence), environmental (temperature,
humidity, CO2, UV), Biometric (fingerprint, face, iris scanning), and activity (walking, running).
 Sensor Data Service
 Sensor Monitoring Service
 Sensor Service

 PRIVACY RISK (location tracking and usage)
 Sensors not used.
Default Service Settings - The Sensor Data Service runs in its own process (SensorDataService.exe). Both Sensor Monitoring
Service and Sensor Service run in a shared process (svchost.exe).
Display Name: Sensor Data Service
Service Name: SensorDataService
Path: C:\WINDOWS\system32\SensorDataService.exe
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SensorDataService
None
None
Display Name: Sensor Monitoring Service

Service Name: SensrSvc
File: C:\WINDOWS\system32\sensrsvc.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SensrSv
None
None
Display Name: Sensor Service

Service Name: SensorService
File: C:\WINDOWS\system32\SensorService.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SensorService
None
None
 Sensors Overview (msdn.Microsoft.com)
 Biometrics Privacy Concerns (eff.org)
NOTES
49
Server
Description - This service (LanmanServer) allows sharing of files and printers with other computes on a network.
Default Service Settings - The Server service runs in a shared process (svchost.exe).
Display Name: Server
Service Name: LanmanServer
File: C:\WINDOWS\system32\srvsvc.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer
Security Accounts Manager (SamSs)
Server SMB 2.xxx Driver (srv2)
GUIDE: Turn Off File and Printer Sharing (TenForums.com)
NOTES
50
Smart Card (3 services)
Description - These services enable Smart Card use for authentication purposes.
 Smart Card
 Smart Card Device Enumeration Service
 Smart Card Removal Policy
Reason for Disabling on a Standalone PC - Smart Card not used.

Default Service Settings - All 3 services run in a shared process (svchost.exe).
Display Name: Smart Card
Service Name: SCardSvr
File: C:\WINDOWS\system32\SCardSvr.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCardSvr
Windows Driver Foundation - User-mode Driver Framework (wudfsvc)
None
Display Name: Smart Card Device Enumeration Service

Service Name: ScDeviceEnum
File: C:\WINDOWS\system32\ScDeviceEnum.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ScDeviceEnum
None
None
Display Name: Smart Card Removal Policy

Service Name: SCPolicySvc
File: C:\WINDOWS\system32\certprop.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCPolicySvc
None
 Smart Card (Wikipedia.org)
 Security with Smart Cards (TechNet.Microsoft.com)
NOTES
51
SSDP Discovery
Description - This service (SSDPSRV) enables discovery of UPnP devices on a network. UPnP is a peer-to-peer network
feature that allows smart devices, wireless devices, PCs and peripherals to connect to a network and communicate with each
other. UPnP is also known as Network Discovery. Security risks exist with UPnP and this service should be disabled (see
“Additional Services” below).
 SECURITY RISK (lack of built-in authentication)
 No network connections
Default Service Settings - The SSDP Discovery service runs in a shared process (svchost.exe).
Display Name: SSDP Discovery
Service Name: SSDPSRV
File: C:\WINDOWS\system32\ssdpsrv.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSDPSRV
HTTP Service (HTTP)
UPnP Device Host (upnphost)
 Millions of PCs Exposed Through Network Bugs, Security Researchers Find (ZDNet.com)
 Is UPnP a Security Risk? (HowToGeek.com)
NOTES
52
TCP/IP NetBIOS Helper
Description - This service (lmhosts) allows network users to share files, print, and log on to the network
Default Service Settings - The TCP/IP NetBIOS Helper service runs in a shared process (svchost.exe).
Display Name: TCP/IP NetBIOS Helper
Service Name: lmhosts
File: C:\WINDOWS\system32\lmhsvc.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lmhosts
Ancillary Function Driver for Winsock (AFD)
None
 NetBIOS over TCP/IP (Wikipedia.org)
 TCP/IP (Wikipedia.org)
 Introduction to TCP/IP (Linux-Tutorial.info)
NOTES
53
Touch Keyboard and Handwriting Panel Service
Description - This service (TabletInputService) is designed for tablets using two Windows features called Touch Keyboard and
Handwriting Panel. These features are not needed on a laptop or desktop computer.
Reason for Disabling on a Standalone PC - Touch Keyboard and Handwriting Panel features not used.
Default Service Settings - The Touch Keyboard and Handwriting Panel Service runs in a shared process (svchost.exe).
Display Name: Touch Keyboard and Handwriting Panel Service
Service Name: TabletInputService
File: C:\WINDOWS\system32\TabSvc.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TabletInputService
None
NOTES
54
UPnP Device Host
Description - This service (upnphost) allows UPnP devices to be hosted on this computer. UPnP is a peer-to-peer network
feature that allows smart devices, wireless devices, PCs and peripherals to connect to a network and communicate with each
other. UPnP is also known as Network Discovery. Security risks exist with UPnP and this service should be disabled (see
“Additional Information” below).
 SECURITY RISK (lack of built-in authentication)
Default Service Settings - The UPnP Device Host service runs in a shared process (svchost.exe).
Display Name: UPnP Device Host
Service Name: upnphost
File: C:\WINDOWS\system32\upnphost.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost
HTTP Service (HTTP)
SSDP Discovery (SSDPSRV)
None
 Millions of PCs Exposed Through Network Bugs, Security Researchers Find (ZDNet.com)
 Is UPnP a Security Risk? (HowToGeek.com)
NOTES
55
WebClient
Description - This service (WebClient) allows you to browse to “Network Places” and create, access and modify files on the
Internet with Windows-based programs This service is not needed for FTP, SSH, SCP or browser-based connections.
Default Service Settings - The WebClient service runs in a shared process (svchost.exe).
Display Name: WebClient
Service Name: WebClient
File: C:\WINDOWS\system32\webclnt.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient
WebDav Client Redirector Driver (MRxDAV)
None
 GUIDE: How to Add a Network Location to This PC (TenForums.com)
 GUIDE: How to Set Network Location to be Public or Private (TenForums.com)
 GUIDE: How to Map Network Drive or Disconnect Network Drive (TenForums.com)
NOTES
56
Windows Biometric Service
Description - This service (WbioSrvc) allows applications to capture, compare, manipulate and store biometric data (like finger
prints or iris scans). Security and privacy risks exist with the storage of biometric data (see “Additional Information” below).
SECURITY & PRIVACY RISKS (biometrics)
Default Service Settings - The Windows Biometric Service runs in a shared process (svchost.exe).
Display Name: Windows Biometric Service
Service Name: WbioSrvc
Path: C:\WINDOWS\system32\svchost.exe -k WbioSvcGroup
File: C:\WINDOWS\system32\wbiosrvc.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WbioSrvc
Credential Manager (VaultSvc)
Windows Driver Foundation - User-mode Driver Framework (wudfsvc)
None
 Biometrics are a Grave Threat to Privacy (NYTimes.com)
 Biometric Security Poses Huge Privacy Risks (ScientificAmerican.com)
 Biometrics are Coming, Along with Serious Security Concerns (Wired.com)
NOTES
57
Windows Connect Now - Config Registrar
Description - This service (wcncsvc) is used by wireless networks in homes and small offices and is geared toward users that
are not familiar with Wi-Fi configuration. Windows Connect Now simplifies the creation and configuration of wireless networks
and allows devices to be easily added to a network while providing a secure connection.
Note: Windows Connect Now is Microsoft’s implementation of Wi-Fi Protected Setup (WPS). Pin-based WPS is vulnerable to a
brute-force attack which can result in rogue devices being allowed to connect to a network.
Reason for Disabling on a Standalone PC - No network (LAN) connections.
Default Service Settings - The Windows Connect Now - Config Registrar service runs in a shared process (svchost.exe).
Display Name: Windows Connect Now - Config Registrar
Service Name: wcncsvc
File: C:\WINDOWS\system32\wcncsvc.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wcncsvc
None
NOTES
58
Windows Error Reporting Service
Description - This service (WerSvc) sends reports of errors on your computer (errors, faults, crashes) to Microsoft. They
acknowledge that personally identifiable information could be contained in the memory and application data compiled in the 100-
200 KB "minidumps" that Windows Error Reporting compiles and sends back to Microsoft. This presents a privacy risk that can
be avoided by disabling the service.
Reason for Disabling on a Standalone PC - Privacy risk (personally identifiable information is transmitted).
Default Service Settings - The Windows Error Reporting Service runs in its own process (svchost.exe).
Display Name: Windows Error Reporting Service
Service Name: WerSvc
Path: C:\WINDOWS\system32\svchost.exe -k WerSvcGroup
File: C:\WINDOWS\system32\WerSvc.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WerSvc
None
None
 Windows Error Reporting Privacy Concerns (Wikipedia.org)
NOTES
59
Windows Event Collector
Description - This service (Wecsvc) allows administrators to get events from remote computers and store them in a centralized
place.
Reason for Disabling on a Standalone PC - No remote connections.
Default Service Settings - The Windows Event Collector service runs in a shared process (svchost.exe).
Display Name: Windows Event Collector
Service Name: Wecsvc
File: C:\WINDOWS\system32\wecsvc.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wecsvc
HTTP Service (HTTP)
Windows Event Log (EventLog)
None
NOTES
60
Windows Media Player Network Sharing Service
Description - This service (WMPNetworkSvc) allows the streaming of Windows Media Player (WMP) music and video to home
entertainment systems and other computers/devices over a local network. Instead of using services.msc to disable Windows
Media Player Network Sharing Service, this service is disabled through the Control Panel (see below).
Note: Some programs and features included with Windows (e.g. Internet Information Services) must be turned on before you
can use them. Other features (e.g. Windows Media Player, Windows Fax and Scan) are turned on by default, but you can turn
them off if you don’t use them.
Turn off Windows Media Player Network Sharing Service
30. WIN + X
31. Select Control Panel from the menu that pops up
32. Select Programs and Features
33. Select Turn Windows features on or off
34. Click the “+” next to Media Features
35. Deselect Windows Media Player
 WMP removed. For playback of music and video, I use the portable Media Player Classic Home Cinema. Another
popular portable WMP replacement is VLC Media Player.
Default Service Settings - The Windows Media Player Network Sharing Service runs in its own process (wmpnetwk.exe).
Display Name: Windows Media Player Network Sharing Service
Service Name: WMPNetworkSvc
Path: C:\Program Files\Windows Media Player\wmpnetwk.exe
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WMPNetworkSvc
HTTP Service (HTTP)
Windows Search (WSearch)
None
 Freeware: Media Player Classic Home Cinema (MPC-HC.org)
 Freeware: VLC Media Player (Videolan.org)
 Freeware: Portable Freeware List - Video Players (PortableFreeware.com)
NOTES
61
Windows Mobile Hotspot Service
Description - This service (icssvc) allows a mobile PC or device to share its Internet connection with up to 8 other devices. You
need Wi-Fi to share your connection, but the connection you’re sharing can be an Ethernet (wired), Wi-Fi, or cellular connection.
Reason for Disabling on a Standalone PC - Mobile Hotspot not used.
Default Service Settings - The Windows Mobile Hotspot Service runs in a shared process (svchost.exe).
Display Name: Windows Mobile Hotspot Service
Service Name: icssvc
File: C:\WINDOWS\system32\tetheringservice.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icssvc
Windows Connection Manager (Wcmsvc)
None
 How to Turn Your Windows PC into a Wi-Fi Hotspot (HowToGeek.com)
NOTES
62
Windows Remote Management (WS-Management)
Description - This service (WinRM) provides software and hardware management capabilities to network administrators by
allowing them to access, edit and update data from remote computers.
Reason for Disabling on a Standalone PC - Remote management of hardware and software not used.
Default Service Settings - The Windows Remote Management (WS-Management) service runs in a shared process
(svchost.exe).
Display Name: Windows Remote Management (WS-Management)
Service Name: WinRM
File: C:\WINDOWS\system32\WsmSvc.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinRM
HTTP Service (HTTP)
None
NOTES
63
Windows Search
Description - This service (WSearch) performs file searches, collects detailed about these files, and stores this information in
an index for use during subsequent searches.
Reason for Disabling on a Standalone PC - Windows Search not used, replaced with Classic Shell or Everything.
Default Service Settings - The Windows Search service runs in its own process (SearchIndexer.exe).
Display Name: Windows Search
Service Name: WSearch
Path: C:\WINDOWS\system32\SearchIndexer.exe /Embedding
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WSearch
Windows Media Player Network Sharing Service (WMPNetworkSvc)
Work Folders (workfolderssvc)
 Freeware: Classic Shell (ClassicShell.net)
 Freeware: Everything (VoidTools.com)
NOTES
64
WMI Performance Adapter
Description - WMI, or Windows Management Instrumentation, provides network administrators with an interface which
simplifies the remote monitoring and management of corporate networks.
Default Service Settings - The WMI Performance Adapter runs in its own process (WmiApSrv.exe).
Display Name: WMI Performance Adapter
Service Name: wmiApSrv
Path: C:\WINDOWS\system32\wbem\WmiApSrv.exe
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wmiApSrv
None
None
NOTES
65
Workstation
Description - This service (LanmanWorkstation) enables file and printer sharing over a network.
Default Service Settings - The Workstation service runs in a shared process (svchost.exe).
Display Name: Workstation
Service Name: LanmanWorkstation
File: C:\WINDOWS\system32\wkssvc.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation
Browser Support Driver (bowser)
SMB 2.0 MiniRedirector (mrxsmb20)
Netlogon (Netlogon)
Remote Desktop Configuration (SessionEnv)
NOTES
66
Xbox (3 services)
Description
 Xbox Live Auth Manager - Provides authentication and authorization services for interacting with Xbox Live.
 Xbox Live Game Save - Syncs save data for Xbox Live save enabled games.
 Xbox Live Networking Service - Supports the Windows.Networking.XboxLive application programming interface.
Reason for Disabling on a Standalone PC - Xbox not used.

Default Service Settings - All 3 services run in a shared process (svchost.exe).
Display Name: Xbox Live Auth Manager
Service Name: XblAuthManager
File: C:\WINDOWS\system32\XblAuthManager.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XblAuthManager
Xbox Live Game Save (XblGameSave)
Display Name: Xbox Live Game Save

Service Name: XblGameSave
File: C:\WINDOWS\system32\XblGameSave.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XblGameSave
User Manager (UserManager)
Xbox Live Auth Manager (XblAuthManager)
None
Display Name: Xbox Live Networking Service

Service Name: XboxNetApiSvc
File: C:\WINDOWS\system32\XboxNetApiSvc.dll
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XboxNetApiSvc
Windows Firewall (MpsSvc)
None
NOTES
67
Appendix A: Internet Resources
TUTORIALS
How-To-Geek Lifewire Windows Ten Forums Windows Central
SERVICE REFERENCES
Black Viper’s Windows Windows 10 Service

10 Service Defaults
Configurations
COMPUTER DICTIONARIES/ENCYCLOPEDIAS
Techopedia TechTarget The Free Dictionary Webopedia
Wikipedia Your Dictionary
MISCELLANEOUS
 The Portable Freeware Collection (PortableFreeware.com)
 Windows 10 Version History (Wikipedia.org)
68
Appendix B: Disabled Services (1-page list)
 AllJoyn Router Service  IP Helper  Smart Card Device Enumeration
Service
 Application Layer Gateway  Link-Layer Topology Discovery
Mapper  Smart Card Removal Policy
 Certificate Propagation
 Microsoft Diagnostics Hub  SSDP Discovery
 Computer Browser (Browser) Standard Collector Service
 TCP/IP NetBIOS Helper
 Connected Device Platform  Microsoft iSCSI Initiator Service
Service  Touch Keyboard and Handwriting
 Microsoft Windows SMS Router Panel Service
 Connected User Experiences and Service
Telemetry  UPnP Device Host
 Netlogon
 Credential Manager  WebClient
 Net.Tcp Port Sharing Service
 DataCollectionPublishingService  Windows Biometric Service
 Network Connected Devices Auto-
 Delivery Optimization Setup  Windows Connect Now - Config
Registrar
 dmwappushsvc  Network Connectivity Assistant
 Windows Error Reporting Service
 Downloaded Maps Manager  Peer Name Resolution Protocol
 Windows Event Collector
 Enterprise App Management  Peer Networking Grouping
Service  Windows Media Player Network
 Peer Networking Identity Manager Sharing Service
 Family Safety Filter Driver
 Performance Counter DLL Host  Windows Mobile Hotspot Service
 Fax
 Performance Logs & Alerts  Windows Remote Management
 Function Discovery Provider Host (WS-Management)
 PNRP Machine Name Publication
 Function Discovery Resource Service  Windows Search
Publication
 Program Compatibility Assistant  WMI Performance Adapter
 Geolocation Service Service
 Workstation
 HomeGroup Listener  Quality Windows Audio Video
Experience  Xbox Live Auth Manager
 HomeGroup Provider
 Remote Access Auto Connection  Xbox Live Game Save
 Human Interface Device Service Manager
 Xbox Live Networking Service
 Hyper-V Data Exchange Service  Remote Access Connection
Manager
 Hyper-V Guest Service Interface
 Hyper-V Guest Shutdown Service  Remote Desktop Configuration
(TermService)
 Hyper-V Heartbeat Service  Remote Desktop Services
 Hyper-V Remote Desktop  Remote Desktop Services
Virtualization Service
UserMode Port Redirector
 Hyper-V Time Synchronization  Remote Procedure Call (RPC)
Service
Locator
 Hyper-V VM Session Service  Remote Registry
 Hyper-V Volume Shadow Copy  Retail Demo Service
Requestor
 Intel Management and Security  Routing and Remote Access

Application Local Management
Service  Secondary Logon
 Intel Management and Security  Sensor Data Service
Application User Notification
Service
 Sensor Monitoring Service
 Sensor Service
 Internet Connection Sharing (ICS)
 Server
 Internet Explorer ETW Collector
Service  Smart Card
69
Appendix C: Change History
Version Date Changes
1.0 12/1/2016 Initial release.
1.01 12/4/2016  Page 4: AllJoyn Router Service – Removed Check Now If Your Internet Devices
Are Open to Hackers (MakeUseOf.com) link.
 Page 4: AllJoyn Router Service – Added Are My Smarthome Devices Secure?
(HowToGeek.com) link.
 Page 27: IP Helper – Removed Check Now If Your Internet Devices Are Open to
Hackers (MakeUseOf.com) link.
 Page 27: IP Helper – Added Are My Smarthome Devices Secure?
(HowToGeek.com) link.
1.02 1/2/2017  Page 4: AllJoyn Router Service – Added 5 Reasons to Avoid Smart Assistants If
You Value Your Privacy (MakeUseOf.com) link.
1.03 2/5/2017  Updated contact email to SavorTheJourney.us@gmail.com.
70

Guide Services Disabled (v1.04)

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Guide Services Disabled (v1.04)

Uploaded by

Copyright:

Available Formats

Windows 10 Services that are Safe to Disable

Windows Services Explained............................................................................................................................................................ 1

The Windows Services Panel

Windows Services Panel

Disabling Windows Services

 You must be signed in as an administrator to change service settings.

18. Click the Start button.

List of Disabled Services

Default Service Settings - The DataCollectionPublishingService runs in a shared process (svchost.exe).

Reason for Disabling on a Standalone PC

Display Name: Function Discovery Resource Publication

Reason for Disabling on a Standalone PC

Display Name: HomeGroup Provider

Reason for Disabling on a Standalone PC - Virtual Machines (VM) not used.

Display Name: Hyper-V Guest Service Interface

Display Name: Hyper-V Guest Shutdown Service

Display Name: Hyper-V Heartbeat Service

Display Name: Hyper-V Time Synchronization Service

Display Name: Hyper-V VM Session Service

Display Name: Hyper-V Volume Shadow Copy Requestor

Reason for Disabling on a Standalone PC - Not an enterprise user.

Display Name: Peer Networking Grouping

Display Name: Peer Networking Identity Manager

Reason for Disabling on a Standalone PC - No connections to remote networks or computers.

Display Name: Remote Access Connection Manager

Display Name: Remote Desktop Services

Display Name: Remote Desktop Services UserMode Port Redirector

Reason for Disabling on a Standalone PC

Display Name: Sensor Monitoring Service

Display Name: Sensor Service

Reason for Disabling on a Standalone PC - Smart Card not used.

Display Name: Smart Card Device Enumeration Service

Display Name: Smart Card Removal Policy

Reason for Disabling on a Standalone PC - Xbox not used.

Display Name: Xbox Live Game Save

Display Name: Xbox Live Networking Service

How-To-Geek Lifewire Windows Ten Forums Windows Central

Black Viper’s Windows Windows 10 Service

Techopedia TechTarget The Free Dictionary Webopedia

Wikipedia Your Dictionary

 Intel Management and Security  Routing and Remote Access

You might also like