Windows Vista services that can be disabled

One of the most effective ways to secure a Windows workstation is to turn off unnecessary service specifies whether you can safely disable the service, and outlines the ramifications of disabling it. T here won't be available in other versions of Vista) in a corporate network environment and that the safely disabling each service: • Yes = You can disable the service without causing any problems. • Maybe = The computer's role dictates whether you should or should not disable the service • No = The service is critical to proper Windows operation and should not be disabled.

Name

Short Name

Executable Name svchost.exe

Application Experience AeLookupSvc

Application Information AppInfo

svchost.exe

Application Layer Gateway Service Application Management

ALG

alg.exe

AppMgmt

svchost.exe

Background Intelligent BITS Transfer Service

svchost.exe

Base Filtering Engine

BFE

svchost.exe

Block Level Backup Engine Service

wbengine

wbengine.exe svchost.exe

Certificate Propagation CertPropSvc

CNG Key Isolation

KeyIso

lsass.exe

COM+ Event System

EventSystem

svchost.exe

COM+ System Application

COMSysApp

dllhost.exe

Computer Browser

Browser

svchost.exe

Cryptographic Services CryptAvc

svchost.exe

DCOM Server Process Launcher Desktop Window Manager Session Manager

DcomLaunch

svchost.exe

UxSms

svchost.exe

DFS Replication

DFSR

DFSR.exe

DHCP Client

Dhcp

svchost.exe

Diagnostic Policy Service

DPS

svchost.exe

Diagnostic Service Host WdiServiceHost Diagnostic System Host WdiSystemHost Distributed Link Tracking Client

svchost.exe svchost.exe

TrkWks

svchost.exe

Distributed Transaction MSDTC Coordinator

msdtc.exe

DNS Client

Dnscache

svchost.exe

Extensible EapHost Authentication Protocol

svchost.exe

Fax Function Discovery Provider Host Function Discovery Resource Publication

Fax

fxssvc.exe

fdPHost

svchost.exe

FDResPub

svchost.exe

Group Policy Client

gpsvc

svchost.exe

Health Key and Certificate Management

hkmsvc

svchost.exe

Human Interface Device hidserv Access

svchost.exe

IKE and AuthIP IPsec Keying Modules

IKEEXT

svchost.exe

Interactive Services Detection

UI0Detect

UI0Detect.exe

Internet Connection Sharing (ICS) IP Helper

SharedAccess

svchost.exe

iphlpsvc

svchost.exe

IPsec Policy Agent

PolicyAgent

svchost.exe

KtmRm for Distributed Transaction KtmRm Coordinator Link-Layer Topology Discovery Mapper Microsoft .NET Framework NGEN v2.0.50727_X64 Microsoft .NET Framework NGEN v2.0.50727_X86 Microsoft iSCSI Initiator Service lltdsvc

svchost.exe

svchost.exe

clr_optimization_v2.0.50727 mscorsvw.exe _X64 clr_optimization_v2.0.50727 mscorsvw.exe _X86 MSiSCSI svchost.exe svchost.exe

Microsoft Software swprv Shadow Copy Provider

exe p2psvc svchost.exe Offline Files CscService svchost.exe Parental Controls Peer Name Resolution Protocol Peer Networking Grouping Peer Networking Identity Manager Performance Logs & Alerts Plug and Play WPCSvc PNRPsvc svchost.exe Netlogon napagent Netman lsass.Multimedia Class Scheduler Net.exe pla PlugPlay svchost.exe Network List Service netprofm svchost.exe svchost.exe svchost.exe .exe svchost.Tcp Port Sharing Service Netlogon Network Access Protection Agent Network Connections MMCSS svchost.exe nsi svchost.exe p2pimsvc svchost.exe NetTcpPortSharing SMSSvcHost.exe Network Location Awareness Network Store Interface Service NlaSvc svchost.exe svchost.

exe RasMan svchost.exe lsass.exe svchost.exe Print Spooler Spooler spoolsv.exe Remote Procedure Call RpcSs (RPC) .exe Problem Reports and Solutions Control Panel wercplsupport Support Program Compatibility PcaSvc Assistant Service Protected Storage ProtectedStorage svchost.exe PNRP Machine Name Publication Service PNRPAutoReg svchost.exe svchost.exe Quality Windows Audio QWAVE Video Experience svchost.exe Portable Device Enumerator Service WPDBusEnum svchost.exe ReadyBoost Remote Access Auto Connection Manager Remote Access Connection Manager EMDMgmt RasAuto svchost.PnP-X IP Bus Enumerator IPBusEnum svchost.exe svchost.

exe svchost.exe svchost.exe Superfetch SysMain svchost.exe SamSs wscsvc LanmanServer ShellHwDetection SLUINotify SCardSvr SCPolicySvc lsass.exe svchost.exe Remote Registry RemoteRegistry svchost.exe SSDP Discovery SSDPSRV svchost.exe svchost.exe .exe Secondary Logon Security Accounts Manager Security Center Server Shell Hardware Detection SL UI Notification Service Smart Card Smart Card Removal Policy seclogon svchost.exe svchost.exe SNMP Trap SNMPTRAP snmptrap.exe Software Licensing slsvc SLsvc.exe svchost.Remote Procedure Call RpcLocator (RPC) Locator locator.exe Routing and Remote Access RemoteAccess svchost.

exe Terminal Services Configuration SessionEnv svchost.exe Thread Ordering Server THREADORDER TPM Base Services TBS svchost.exe svchost.exe Tablet PC Input Service TabletInputService Task Scheduler Schedule svchost.exe .exe TCP/IP NetBIOS Helper lmhosts svchost.System Event Notification Service SENS svchost.exe svchost.exe UPnP Device Host upnphost svchost.exe User Profile Service ProfSvc svchost.exe Terminal Services UserMode Port Redirector Themes UmRdpService Themes svchost.exe Terminal Services TermService svchost.exe svchost.exe Telephony TapiSrv svchost.

exe WerSvc svchost.Usermode Driver Framework Windows Error Reporting Service WinDefend svchost.Virtual Disk vds vds.exe svchost.exe Windows Event Log Eventlog svchost.exe svchost.exe Windows Event Collector Wecsvc svchost.exe Volume Shadow Copy WebClient Windows Audio Windows Audio Endpoint Builder Windows Backup Windows CardSpace VSS WebClient AudioSrv AudioEndpointBuilder SDRSVC idsvc vssvc.exe Windows Connect Now wcncsvc Config Registrar Windows Defender Windows Driver Foundation .exe svchost.exe .exe infocard.exe Windows Color System WcsPlugInService svchost.exe wudfsvc svchost.exe Windows Firewall MpsSvc svchost.exe svchost.exe svchost.

0.0.exe TrustedInstaller.exe wmpnetwk.exe ehRecvr.exe PresentationFontCache.exe svchost.Windows Image Acquisition (WIA) Windows Installer stisvc svchost.0.exe svchost.exe Windows Time Windows Update W32Time wuaserv.exe ehsched.exe Windows Search Wsearch SearchIndexer.0 svchost.0 3.exe msiserver msiexec Windows Management Winmgmt Instrumentation Windows Media Center Mcx2Svc Extender Service Windows Media Center ehRecvr Receiver Service Windows Media Center ehSched Scheduler Service Windows Media Center ehstart Service Launcher Windows Media Player Network Sharing WMPNetworkSvc Service Windows Modules TrustedInstaller Installer Windows Presentation Foundation Font Cache FontCache3.exe Windows Remote Management (WSManagement) WinRM svchost.exe svchost.0.exe .exe svchost.

please visit http://techrepu .exe WMI Performance Adapter wmiApSrv WmiApSrv.exe svchost. Inc.exe Copyright ©2007 CNET Networks.WinHTTP Web Proxy WinHttpAutoProxySvc Auto-Discovery Service svchost. All rights reserved For more downloads and a free TechRepublic membership.exe Workstation LanmanWorkstation svchost.exe Wired AutoConfig WLAN AutoConfig dot3svc Wlansvc svchost.

Messenger and Windows Messenger will not function. Block-level backups will not function. This reference sheet lists the Windows Vista services. Processes installation. e. Propagates certificates from smart cards. such as Transfers data between clients and servers in the Windows Update or MSN Explorer. automatically download programs and other information. peration and should not be disabled. Services that use smart cards will not operate. and outlines the ramifications of disabling it. It will manages firewall and Internet Protocol security (IPsec) also result in unpredictable behavior in IPsec policies and implements user mode filtering. describes each service's function.read the special considerations for further information. management and firewall applications. The list offers one of the following three possibilities f g any problems. Description Processes application compatibility cache requests for applications as they are launched.s that can be disabled ws workstation is to turn off unnecessary services. removal. or enumerate requests for Active Directory IntelliMirror group policy any IntelliMirror programs. These tools include regedit. Any applications that depend on BITS. Provides support for application-level protocol plug-ins Programs that rely on this service. such as MSN and enables network/protocol connectivity. ou should or should not disable the service -. but file-level backups will still operate. Facilitates the running of interactive applications with additional administrative privileges. programs. The Base Filtering Engine (BFE) is a service that Significantly reduces the security of the system. will be unable to background. The list assumes the machine is running Windows Vista Ultimate (some of the services liste n a corporate network environment and that the company is not using smart cards. . remove. and enumeration Users will be unable to install. Engine to perform block-level backup and recovery of data as opposed to file-level backups. Impact if disabled Users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks.

and so forth. The service stores Authentication Protocol. which helps enroll this computer for certificates. which adds and removes Trusted Root The associated management services will not function Certification Authority certificates from this computer. properly. Manages the configuration and tracking of Component A number of other services. Allows the system to automatically obtain IP The system will be unable to obtain an IP address. on servers. records in Dynamic DNS. addressing information. function. Automatic Root Certificate Update Service. Maintains an up-to-date list of computers on your network and supplies the list to programs that request Your computer will be unable to locate other Windows it. and uses long-lived keys in a secure process complying with Common Criteria requirements. from a DHCP server routing information.The CNG key isolation service is hosted in the LSA process. is required to update and will need to be configured with a static address. it is used to provide high availability will become out of date. Provides four management services: Catalog Database Service. Provides launch functionality for DCOM services. including RPC. and the like. Allows management of Component Services by providing automatic distribution of events to subscribing COM components. On the client. Aero Glass will not work. which retrieves root certificates from Windows Update and enables scenarios such as SSL. and local access across a wide area network (WAN). such as DFS Replication and Background Intelligent Transfer Service. Other applications. This service enables Windows Vista's Aero Glass display. Replicates files among multiple PCs keeping them in sync. which means that logon and logoff notifications will not take place. System Event Notification stops working. WINS information. and Key Service. will not operate. A whole lot of services will not function. The service provides key process isolation to Services that depend on cryptographic keys. Protected Root Service. . Provides Desktop Window Manager startup and maintenance services. WINS server information. including private keys and associated cryptographic operations Wired and Wireless AutoConfig and Extensible as required by the Common Criteria. The Computer Browser service is used by Windowscomputers on the network based computers that need to view network domains and resources. which confirms the signatures of Windows files and allows new programs to be installed. it is used to roam folders between File replication won't occur and the files on the server PCs. will not Object Model (COM)+-based components. DCOM Server Process Launcher's list of services that depend on it is very long. will not work correctly.

Provides X. EAP also provides application programming interfaces (APIs) that are used by network access clients. Enables you to send and receive faxes utilizing fax resources available on this computer or on the network. Coordinates transactions that span multiple resource Distributed transactions will not occur. message queues. Enforcement technologies that use X. Application installation diagnostics will no longer function Some system diagnostics will no longer function. controller. . Link tracking will be unavailable. Enables problem detection troubleshooting and resolution for Windows components. The system will be unable to resolve a name and will Resolves and caches DNS names. This can affect managers. such as databases. The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802. allowing the system be able to communicate only via IP address. computers on the network. The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. systems. Smartcard services and more. Any components or applications that depend on the Group Policy component might not be functional. A client to communicate with canonical names rather than may be unable to communicate with its domain strictly by IP address. The computer is prevented from accessing networks that require EAP authentication. The Diagnostic Service Host service enables problem detection troubleshooting and resolution for Windows components. Group Policy settings will not be applied and applications and components will not be manageable through Group Policy.The Diagnostic Policy Service enables problem detection troubleshooting and resolution for Windows components during installation. Your computer won't be able to automatically discover some printers and other network-based resources. including 802. This service is required for IPSec.509 certificates may not function properly without this service. Maintains links between NTFS files within a computer or across computers in a network. Host process for Function Discovery providers. HTTPS. SSH. You won't be able to send faxes from your computer.509 certificate and key management services for the Network Access Protection Agent (NAPAgent). and file Personal Web Server and SQL Server. The computer's network resources will no longer be Publishes this computer and resources attached to this published and they will not be discovered by other computer so they can be discovered over the network. System diagnostics will not not function.1x wired and wireless VPN and Network Access Protection (NAP). including wireless and VPN clients during the authentication process.1x. Users on other computers won't be able to track links on this computer.

Enables generic input access to Human Interface Devices (HID). Manages software-based volume shadow copies taken Software-based volume shadow copies cannot be by the Volume Shadow Copy service. Notifications of and access to new interactive service dialogs will not function. Provides automatic IPv6 connectivity over an IPv4 network. IPv6 services will not be available. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). data confidentiality (encryption).32-bit application support. You may experience network connectivity issues if your policy requires that connections use IPsec. remote controls. Creates a Network Map consisting of PC and device topology (connectivity) information and metadata describing each PC and device. It is strongly recommended that you have the IKEEXT service running. and replay protection.NET-based applications. Provides network address translation addressing name You will not be able to share your connection to the resolution and/or intrusion prevention services for a Internet. which activates and maintains the use of Hot buttons controlled by this service will no longer predefined hot buttons on keyboards. The system will be unable to run 32-bit .NET Framework . Microsoft . home or small office network. Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. Enables user notification of user input for interactive services. and other multimedia devices. you must run this service. If you are using DTC. The system will be unable to run 64-bit . function. managed. data origin authentication.NET Framework . . data integrity. The system will be unable to access iSCSI targets. Internet Protocol security (IPsec) supports networklevel peer authentication. which enables access to dialogs created by interactive services when they appear. Might result in an IPsec failure and might compromise the security of the system. Microsoft .NET-based applications. Remote management of Windows Firewall is not available when this service is not running. Some VPN software needs this. The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool "netsh ipsec.64-bit application support. The Network Map will not work." Coordinates transactions between Microsoft Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM).

Enables Serverless Peer Name Resolution over the Internet. Enables Network Access Protection (NAP) functionality on client computers. system. Provides Identity service for Peer Networking.) to user mode clients.. The Offline Files service performs maintenance activities on the Offline Files cache.NET framework. interface addition/deleting. and dispatches interesting events to those interested in Offline Files activities and changes in cache state. Users logging in from the Vista workstation may not be able to authenticate to the domain. You will be unable to list the networks to which you are connected via the system tray icon. responds to user logon and logoff events. Performance information will no longer be logged or displayed. Maintains a secure channel between this computer and the domain controller for authenticating users and services. This is intended mainly for Windows audio will not function. Some Peer to Peer and Collaborative applications such as Windows Meetings may not function. Network access protection will be disabled. multimedia applications. This service is a part of ICS.Enables relative prioritization of work based on systemwide task priorities.tcp protocol. information changes.g. This is a part of the . Collects performance data for the computer or other computers and writes it to a log or displays it on the screen. This service enables Windows Parental Controls on the Parental controls will not work. Network configuration will not be possible. Some Peer to Peer and Collaborative applications such as Windows Meetings may not function. Your computer will be unable to connect to a network.tcp will not function. . and notifies applications when these properties change. Manages the network and dial-up connections for the system. Identifies the networks to which the computer has connected. implements the internals of Offline files will not be available. etc. including network status notification and configuration. Enables a computer to recognize and adapt to hardware changes with little or no user input.NET-based applications that use net. Provides ability to share TCP ports over the net. The system will be unstable and incapable of detecting hardware changes. new connections can't be created and services that need network information may fail. This service delivers network notifications (e. . Provides Peer Networking Grouping services. Collects and stores network configuration and location information and notifies applications when this Services such as ICS & ICF will not function. Some Peer to Peer and Collaborative applications such as Windows Meetings may not function. collects and stores properties for these networks. the public API.

Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices. Some Peer to Peer and Collaborative applications such as Windows Meetings may not function. The performance improvements provided by ReadyBoost will not function. Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. This service publishes a machine name using the Peer Name Resolution Protocol. presence in PnP. from exposure except to allowed persons and services.The PnP-X bus enumerator service manages the virtual network bus. Don't disable this service. runtime monitoring. Provides support for improving system performance using ReadyBoost. Protects sensitive information such as private keys Protected information will be inaccessible. It discovers network-connected devices Presence of NCD devices will not be maintained in PnP. The system will not boot. Allows processes to communicate internally and across the network with each other. Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. Users will need to manually connect to other systems. qWave enhances AV streaming performance and reliability by ensuring Some streaming audio/video capabilities will not work. Provides support for the Program Compatibility Assistant. Printing on the local machine will be unavailable. Portable devices may not function properly or you may have difficulty blocking access to portable devices. network quality-of-service (QoS) for AV applications. and Solutions control panel. Detects unsuccessful attempts to connect to a remote network or computer and provides alternative methods for connection. Provides support for viewing sending and deletion of The sending of error reports to Microsoft will not system-level problem reports for the Problem Reports function. The operating system may not function properly. It provides mechanisms for admission control. Manages all local and network print queues and controls all printing jobs. The Program Compatibility Assistant will not function.' Enforces group policy for removable mass-storage devices. . using the SSDP/WS discovery protocols and gives them All pnpx based scenarios will stop functioning. Configuration is managed via the netsh context 'p2p pnrp peer. and enforcement application feedback and traffic prioritization.

but programs such as Exchange do. Hfnetchk uses this mechanism. Allows the system to be configured to lock the user desktop upon smart card removal. Disabling it can registry. Monitors system security settings and configurations. which. Maintains and improves system performance over time SuperFetch will not run and applications will all run by improving the performance of foreground with similar priority. mode. This computer will be unable to read smart cards. Routing and Remote Access services will be unavailable. allows other services to access the SAM. and network address translation (NAT) routing services for clients and servers on this network. this service isn’t always Provides Software Licensing activation and notification. OS IP. CD-ROMs and other devices will not automatically function. the operating system and Enables the download installation and enforcement of licensed applications may run in a reduced function digital licenses for Windows and Windows applications. Used in conjunction with Universal Plug and Play Your computer will be unable to located uPnP devices Device Host. Manages access to smart cards read by this computer. virtual private network (VPN). this type of logon access will be unavailable. programs running on this computer. when started. LAN-to-WAN. This computer may be unable to read smart cards. RPC requests will be denied. If the service is disabled. applications over background applications. as well as named pipe communication. Used to locate UPnP devices on your home network. Group Policy objects may not operate properly. Allows the sharing of local resources. it detects and configures UPnP devices on on the network. Stores account information for local security accounts. If this service is stopped. . components do not use this service. Enables starting processes under alternate credentials.Systems that are running third-party utilities looking Provides RPC name services similar to DNS services for for RPC information will be unable to find it. Once Vista is activated. Remote systems will be unable to connect to the local Provides a mechanism to remotely manage the system registry. and named pipe communication will fail. Users will be unable to use the Run As feature to elevate privileges. Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents Programs on the system that gather SNMP data will and forwards the messages to SNMP management not function. affect the patch utility's operation. your home network. Services that rely on requests to the SAM database will not function properly. needed. Security services still operate. such as files and printers. Enables multiprotocol LAN-to-LAN. Provides notifications for AutoPlay hardware events. Security center notifications are disabled. Resources can't be shared.

including Netlogon and Messenger. Provides Telephony API (TAPI) support for clients using programs that control telephony devices and IP-based voice connections. might stop responding. Provides ordered execution for a group of threads within a specific period of time. including port/drive/printer redirection. synchronization won't work. Tablet ink functionality will not operate. Certain notifications will no longer work. Responsible for loading and unloading user profiles. Provides user experience theme management Unknown. Enables Tablet PC pen and ink functionality. Allows users to connect interactively to a remote computer. it detects and configures UPnP devices on your home network. as it depends on connectivity information and Network Connect/Disconnect and Logon/Logoff notifications. Fast User Switching. Tasks will not be run at their scheduled times. You will be unable to configure terminal services on this computer. Enables access to the Trusted Platform Module (TPM). Required for software distribution in a Group Policy (may be used to distribute patches) and provides support for NetBIOS over TCP/IP and NetBIOS name lookups. TS themes. and TS certificates. NetBIOS over TCP/IP clients. Used in conjunction with SSDP Discovery Service.Required to record entries in the event logs. The function of all dependent programs will be impaired. and Terminal Server depend on this service. notifies COM+ subscribers about logon and power-related events. Disabling may also affect the ability to share resources. May make your computer unreliable. Remote Assistance. These include per-session temporary folders. to system components and applications. but general advice is to leave this service enabled. Your computer will be unable to located uPnP devices on the network. applications may have problems getting to users' data and components registered to receive profile event notifications will not receive them. To prevent remote use of this computer. Users will no longer be able to successfully log on or log off. clear the check boxes in the Remote tab of the System properties control panel item. Remote Desktop. For example. Provides user experience theme management. Allows the redirection of Printers/Drives/Ports for RDP Some Terminal Services operations will not work. . Terminal Services Configuration service (TSCS) is responsible for all Terminal Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. Applications will be unable to use keys protected by which provides hardware-based cryptographic services the TPM. connections. Enables a user to configure and schedule automated tasks on this computer.

The service stores forwarded events in a local Event Log. Audio devices and effects will not function properly. This might result in inaccurate color rendering. Some smartcard services will not work. problems and detecting security breaches. and reports unexpected application crashed to Microsoft. hardware. Windows Backup will not work. These functions will not be available. but general advice is to leave this service enabled. Manages user-mode driver host processes. Audio devices and effects will not function properly. issues network credential to Enrollee. luns. Administrators won't be able to view logs. Manages and implements volume shadow copies used Shadow copies will be unavailable for backup and the for backup and other purposes.Provides management services for disks volumes file systems and hardward array objects. and modify Internet-based files. including Allows event log messages to be viewed in Event log to the security log. Manages persistent subscriptions to events from remote sources that support WS-Management Event subscriptions cannot be created and forwarded protocol. Windows Connect Now . and IPMI-enabled event sources. controllers. Unknown. Manages audio devices for the Windows Audio service. Acts as a Registrar. backup may fail. definitions. Manages audio devices for Windows-based programs. Collects. such as subsystems. Disable this extensibility feature and the Windows Color System will use its baseline model processing rather than the vendor's desired processing. and disclosure of digital identities. Enables Windows-based programs to create. stores. Helps protect your computer by preventing unauthorized users from gaining access to it through the Internet or a network. etc. The WcsPlugInService service hosts third-party Windows Color System color device model and gamut map model plug-in modules. Your computer will not be protected from outside threats. events cannot be accepted. This includes Windows Vista event logs. management. These plug-in modules are vendor-specific extensions to the Windows Color System baseline color device and gamut map models. Provides Windows Backup and Restore capabilities. Securely enables the creation. Disk management tools will not operate properly. access. Error Reporting will occur only for kernel faults and some types of user mode faults.Config Registrar will not function properly. increasing the difficulty of diagnosing assist in problem resolution. Scans your computer for unwanted software schedule scans and gets the latest unwanted software Your computer will not be protected against spyware. .

and Alerts. synchronized. Starts Windows Media Center Scheduler and Windows Media Center Receiver services at startup if TV is Media center software will not launch at startup. folder views of items and will revert to slower item-byThe service responds to file and e-mail notifications to item searches. Windows Media Center Service for TV and FM broadcast reception. and removes applications provided as a Users can’t install programs or make use of Windows Installer (*. TV and FM reception will not work. index modified content. Allows Windows Media Center Extender devices to locate and connect to the computer. Provides content indexing and property caching for Windows Explorer will not be able to display virtual files. . required to System management and performance information will implement performance alerts using Performance Logs be unavailable. Uses NTP to keep computers in the domain Time synchronization won't take place. won't function properly. Provides system management information. such as Windows Movie Maker. Updates are automatically downloaded and Automatic updates will not take place. Enables automatic updates to Windows Vista and other programs. Enables installation. enabled within Windows Media Center. WS-Management is a standard web of this Vista computer. modification. installed.Provides image acquisition services for scanners and cameras. e-mail. Programs that require images. You will be unable to share Media Player libraries. Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. services protocol used for remote software and hardware management. and removal of Windows updates and optional components. Adds. Install or uninstall of Windows updates might fail for this computer. Applications that use Windows Presentation Foundation will suffer degraded performance. and other content (via extensibility APIs). Add/Remove programs. modifies. Starts and stops recording of TV programs within Windows Media Center. Other devices will not be able to connect to the computer. Windows Remote Management (WinRM) service implements the WS-Management protocol for remote You will be unable to remotely manage some aspects management. Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play. You will be unable to record programs.msi) package.

This service runs only when Performance Data Helper is activated. Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. including other computers and network printers.html . support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol.11) network adapters. epublic membership. 802.1X authentication will not work. WMI performance statistics will not be gathered. In addition. You will have to manually configure wireless networking. Inc.WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. ht ©2007 CNET Networks. Provides network connections and communications using the Microsoft Network services. Performs IEEE 802. WinHTTP provides Proxy servers will not be automatically discovered. Automatically configures WiFi (802.1X authentication on Ethernet interfaces. please visit http://techrepublic. The computer will be unable to connect to remote Microsoft Network resources. All rights reserved.com/2001-6240-0.com.

Only enable when using the Windows firewall or another firewall. As Needed Local System Automatic Local Service Manual Enable only if you use smart cards. and Windows Firewall. IKE and AuthIP IPsec Keying Modules. Failure to do so can result in a significant security hole. Keep enabled in a corporate environment.s each service's function. Manual Local System Manual Local Service Manual Local System Enable this service if you use Automatic Updates or the Started Microsoft File Transfer Manager. IPsec Policy Agent. some of the services listed owing three possibilities for Special notes Default Status Started Startup Type Automatic Log On As Local System Although safe to disable. this is not recommended Started since you need to boot into safe mode to enable again. Manual Local System Local System . including Internet Connection Sharing. Many other services depend on this one. Routing and Remote Started Access.

Automatic Local System Automatic Local System Manual Local System You can disable this service if you do not use DHCP. but since keeping your system patched is critical. this service is safe to disable. Started Automatic Network Service Started If you revert to something other than the new Aero Glass interface. we do not indicate that this service is safe to disable. you can disable this service.Manual Local System Technically. Automatic Local System Required if you use the Automatic Updates Windows service. also used by other Windows services. disabling this service will not result in system instability. such as Task Manager. Started Automatic Local Service Manual Local System Enable this service if you need to share files with other Windows computers. If you are not on a network. Reverting Started to a different interface can have positive performance implications. Started Automatic Local Service .

If disabled. Stopping this service will result in the inability for the computer to resolve names to IP addresses. If disabled. Most desktops run neither Personal Web Server or SQL Server. Started troubleshooting can be a little more difficult. do not disable this service. we recommended that this service be disabled. Automatic Local System Manual Local System .1x-enabled network. Manual Local System Manual Network Service Started Manual Local Service Started Automatic Local Service This service cannot be set to Disabled in any version of Started Windows Vista. troubleshooting can be a little more difficult. troubleshooting can be a little more difficult.Can go either way on this one. Can go either way on this one. Automatic Local System Manual Network Service Started Automatic Network Service If you need access to an 802. That is no longer the case Started since more people are accessing files on other computers. Started Automatic Local Service Manual Manual Local Service Local System Can go either way on this one. In previous versions of this guide. If disabled.

Manual Local System If you're using a VPN client. Started Automatic Local System Started Automatic Network Service Started As Needed Network Service Manual Local Service Manual Local System Manual Enable only if you use iSCSI in your environment. verify whether you need this service. Can be safely enabled if these buttons don't work with this service disabled. Leave set at Manual if you intend to use Windows Backup. Started Manual Manual Local System Local System Local System . Started Automatic Local System Manual Local System Disabled Local System Most networks do not use IPv6.Required for some "hot buttons" on newer keyboards.

Manual Manual Local Service Local Service Manual Local Service Manual Local Service Manual Started Automatic Local Service Local System . Started Automatic Network Service Started Automatic Local Service Started Automatic Local System If you have kids at home and want to lock things down.Started Automatic Local System Disabled Local Service Manual Manual Started Manual Local System Network Service Local System Started Automatic Local Service Enable if this computer has Internet Connection Sharing enabled or if you are using the Internet Connection Firewall. keep this service enabled.

Automatic Local System Disable this service if you don't have a printer.If you use media center capabilities. Manual Local System Manual Local Service Leave enabled unless you know you won't use portable Started devices. Started Started Manual Automatic Local System Network Service . Started Automatic Local System Manual Local System Started Automatic Local System Manual Local System Manual Local Service Started Automatic Manual Local System Local System This service is run on demand by the Remote Access Manager. enable this service.

don't install this service at all. Started This service must be enabled on Windows Vista computers that share files or printers. this Started service can be disabled. Manual Manual Manual Local Service Started Automatic Network Service Started Manual Local Service Started Automatic Local System . and not much of a security risk. enable this service. Started Started Automatic Local System Automatic As Needed Automatic Automatic Manual Local System Local Service Local System Local System Local Service Local Service Local System If you're using a smart card reader. Disabled Local System Started If you use don't use DHCP to obtain an IP address.Manual Network Service Some programs require this functionality to operate. enable this service. If you're using a smart card reader. Much easier to leave this enabled. Manual Local Service Better yet.

If you don't have a tablet PC. For larger networks with central Started file servers. Only needed for modem/fax modem use. Manual Local System Necessary if you plan to allow remote desktop. Started Automatic Network Service Necessary if you plan to allow remote desktop. keep disabled on desktops. this service may be essential if you share files with others. Started Automatic Local System Started Started Automatic Automatic Local System Local System For small networks.Leave enabled for laptops so that power notifications are passed to the user. Started Automatic Local Service Manual Network Service Necessary if you plan to allow remote desktop. you don't need this service. Started Manual Automatic Manual Local System Local System Local Service Manual Local Service Started Automatic Local Service Started Automatic Local System .

If you use smartcards. Manual Local Service Manual Local Service Started Automatic Local System Manual Local System Started Automatic Local System Manual Network Service Started Automatic Local Service Started Automatic Local Service . you will get no sound. leave this service enabled.Manual Enable this service if you use Windows Backup on this desktop. Local System Started Started Manual Automatic Automatic Automatic Manual Manual Local System Local Service Local Service Local System Local System Local System Even though it can be disabled. without this service. Started Started Most organizations use other methods to back up data.

Leave enabled if you use media center features of Vista. Leave enabled if you use media center features of Vista. Leave enabled if you use media center features of Vista. you can disable this service. Although safe to disable. Leave enabled if you use media center features of Vista. Manual Local Service Manual Local System Started Leave enabled if you use media center features of Vista. Started Automatic Local System Disabled Local Service Manual Network Service Manual Network Service As Needed Local Service Manual Manual Network Service Local System Manual Local Service Manual Network Service Started Automatic Local System Started Although safe to disable. If you don't have a scanner or a camera. you shouldn't.This service is required for some scanners and cameras. Windows updates may not work. Started Automatic As Needed Local Service Local System .

Started Manual Local Service Manual Enable this service if you're using wireless networking. Manual Local System Local System Manual Local System Started Automatic Local Service . Disable if you're not using wireless.

Recommendation Enabled Safe to disable Yes Enabled Yes Enabled Maybe Enabled Yes Enabled Yes Enabled Yes Disabled Disabled Yes Yes .

Enabled Yes Enabled No Enabled Yes Enabled Yes Enabled No Enabled No Disabled Yes Enabled Yes Enabled Maybe .

Enabled Yes Enabled Enabled Yes Yes Enabled Yes Disabled Yes Enabled No Disabled Yes Disabled Yes Disabled Yes Disabled Yes Enabled No Enabled Yes .

Disabled Maybe Disabled Yes Enabled Yes Disabled Yes Disabled Yes Enabled Yes Enabled Yes Disabled Yes Enabled No Enabled Disabled Disabled No Yes Yes .

Enabled No Disabled Yes Enabled Disabled Enabled No Yes No Enabled Yes Disabled Maybe Enabled No Disabled Yes Disabled Disabled Yes Yes Disabled Yes Disabled Yes Disabled Enabled Yes No .

Disabled Yes Disabled Yes Enabled Yes Enabled Maybe Disabled Yes Enabled Yes Enabled Yes Disabled Yes Enabled Enabled Yes Yes Enabled Enabled Maybe No .

Enabled No Disabled Maybe Disabled Yes Disabled Yes Enabled Enabled Disabled Enabled Enabled Disabled Disabled Yes Yes Yes Yes Yes Yes Yes Disabled Yes Enabled No Disabled Yes Enabled Yes .

Disabled Yes Disabled Disabled Yes Yes Disabled Yes Disabled Yes Disabled Yes Disabled Yes Disabled Disabled Enabled Yes Yes No Enabled Yes Disabled Yes Enabled No .

Enabled Yes Disabled Disabled Enabled Enabled Disabled Disabled Yes Yes Yes Yes Yes Yes Enabled Yes Enabled Yes Enabled Yes Enabled No Disabled Yes Disabled Yes Enabled No Enabled Yes .

Enabled Yes Enabled Yes Enabled No Disabled Yes Disabled Yes Disabled Yes Disabled Yes Disabled Enabled Yes Yes Enabled No Enabled Yes Enabled Yes Enabled Enabled Yes Yes .

Disabled Yes Disabled Disabled Yes Maybe Enabled Yes Enabled Yes .