Home Computing Security Tips

Your Windows computer may be running with many unecessary services you can easily disable

http://www.homecomputingsecurity.com

What

Disabling Windows Services

Why

There are unnecessary services that load at startup and are not needed and some provide security threat opportunities

How

For advanced users, follow the helpful steps outlined below

Detailed Information

Disabling all of the "unneeded services" in a Windows system frees up 12-70 MB of RAM, depending on system.

Do you mean that out of 87 (XP Home) or 96 (XP Pro) services...

32 (XP Home) and 34 (XP Pro) are set to Automatic as DEFAULT...

but, we MAY only need 6 of them running?

YES

Turn Off Unneeded Services

By default, Windows 2000 installs auxiliary services that are not necessary, such as an FTP server, Telnet and Web server. (XP with SP2 disables these services, now.) These services are potential avenues of attack. If you are familiar with administrative tools, go ahead and disable these services if they are running. If they are disabled - and you do not log in by default as administrator - blended threats can’t utilize or enable these services and thus have less avenues to attack you with. Also, if you don't intend to use Task Scheduler or Fax Service, then why waste memory on running them automatically?

Windows XP - Disabling Additional Services

More advanced tweaking for ultimate security and improved performance…

Windows boots up with many “services” loaded into memory. Some are not necessary and provide unnecessary potential avenues of attack. They also consume resources and affect computing performance. If you are familiar with administrative tools, go ahead and disable these services if they are running. If they are disabled - and you do not log in by default as administrator - blended threats can’t utilize or enable these services and thus have less avenues to attack you with. Also, if you don't intend to use Task Scheduler or Fax Service, then why waste memory on running them automatically?

The Admin Tool for Windows XP Services:

1. Click Start->Control Panel

2. Click Performance and Maintenance

3. Click Administrative Tools

4. Double click Services

5. Scroll down and highlight a service

6. Right-click the highlighted line and choose Properties.

7. Click the STOP button

8. Select Disable in the Startup Type scroll bar

9. Click OK

Note: If you have XP SP2 - The Alerter and Messenger services are components of Windows that allow simple messages to be communicated between computers on a network. The Messenger service relays messages from different applications and services, while the Alerter service is intended specifically for administrative alerts. In previous versions of Windows, the Messenger service is set to start automatically and the Alerter service is set to manual start. In Windows XP Service Pack 2, both of these services are set to Disabled. FTP and IIS Web service are also not installed under XP SP2.

How To: Determine what Services are running in WinXP?

When you bring up the Task Manager you'll see an entry for Services and the amount of memory consumed. However this one listing is actually all the Services combined into a single entry. To view the complete list, from a command prompt (type) "tasklist /svc" (no quotes)

You will see all the Services running in process. (XP Pro only.) "tasklist /svc >tasklist.txt" saves the output to a file.

Or use NETSTAT to determine what Services are "Listening"

From a Command Prompt (type) "netstat -ano" (no quotes)

To create a text file of this info - (type) "netstat -ano >autocon.txt"

Consider making an Emergency Backup disk - Customizing the various system Services settings can be hazardous if you are not careful. Before you change settings, you should prepare an ERD (Emergency Repair Disk). Although it’s highly unlikely you’ll need this, you never know. To make an ERD take the following steps:

Click on Start, Programs, Accessories, System Tools then Backup.
Select the Emergency Repair Disk option in the Welcome tab & backup your registry (This is where any changes you make to the system Services are stored).

Turn off Messenger Spam – http://www.spywareguide.com/txt_messengerspam.html

You can verify that Messenger service is disabled by typing the following at a command prompt. If no message appears, the Messenger service has been disabled. Go to Start – Run – enter CMD and OK. Next, at the DOS command window type in the following followed by ENTER:

net send 127.0.0.1 "test"

Windows 2000

1. Click Start->Programs->Administrative Tools->Services

2. Scroll down and highlight a service

3. Right-click the highlighted line and choose Properties.

4. Click the STOP button.

5. Select Disable in the Startup Type scroll bar

6. Click OK

Which Services to Disable?

Below are two charts showing Windows XP Services. It is a list of the XP services and their dependencies, along with recommendations as to whether they should be enabled or disabled. Please remember that these are general recommendations only, and all such actions are done entirely at your own risk. XP SP2 installs, by default, with some of these services already disabled. The following advice goes beyond that and you might pursue the next steps for ultimate security and to reduce the performance hit of unnecessary services that are installed by default.

Service settings are global, meaning changes apply to all users.

How to access and change services settings?

Here are Two Methods:

1. Safe XP Utility Method: allows users to quickly tweak various security and privacy related settings in XP. The options include Media Player settings, Services settings (error reporting, time synch, remote registry etc.), as well as and option to remove items from the Start menu, network security settings and more. Safe XP improves your system performance and makes Windows to run faster, more secure and reliable! It is suitable for beginners and experts! http://www.majorgeeks.com/download4070.html - FREEWARE

2. Manual Method:

Click Start, and then click Run.
TypeServices.msc and then click OK. The Services window appears. See screen:

Locate and select the service that you want to change.
Click Action, and then click Properties.
On the General tab, click the drop-down for the "Start up type" list box and change the start up as needed. For example, if you select "Alerter" and change its start up type from Automatic to Disabled, that service will no longer start when you start Windows.
Click OK when finished making your changes.

Note: Do NOT use "msconfig" to disable services, type "services.msc" in the Run box instead! The reason is because with msconfig and Hardware Profiles, you can disable services that may be vital to boot your system. With the management console (services.msc) you cannot. Also, msconfig, while unchecking the box, is disabling the service.

Here is Black Viper's Windows XP Home and Professional Service Pack 2 Service Suggested Configurations:

Notes 1: Table Header Information:

Display Name ~ How it displays in the Services Control Panel.
Process Name ~ Name of the Process running in the background (displays in Task Manager by hitting Ctrl+Alt+Del).
DEFAULT Home ~ What Bill G. thinks should be running on Windows XP Home.
DEFAULT Pro ~ What Bill G. thinks should be running on Windows XP Professional.
"SAFE" Configuration ~ This is the configuration that 95% of the people will be able to use with little or no side effects. It will also minimizes the amount of "errors" that is reported in the Event Viewer. This does not guarantee it will work for you, but if adjusting your services scares you, this configuration would be a good starting point.
Power User Configuration ~ This is the power user setup. A great way to test this setup is here. This setup is a system that connects through a network (such as a gateway / router) to the Internet, provides file and print sharing resources and gaming enjoyment. Some things may not function with this setup. No passwords save. Its use is not for a computer with analog modems or some direct DSL/cable connections. Try the "Safe" Configuration first.
Bare Bones Configuration ~ This is the super geek setup. A great way to test this setup is here. This setup is a system that connects through a network (such as a gateway / router) to the Internet with a static IP address. This system does not provide file and print sharing resources, nor have the ability to print. Its use is not for a computer with analog modems or many direct DSL/cable connections. You can use this configuration for extreme tweaking and testing purposes. Many things may not function with this setup. No passwords save. The Event Log will display "errors" of not being able to start certain services. Built in Windows CDR-RW functions may no longer work. Please do not ask, "How do I fix" questions while using this configuration. The answer will be "Use SAFE." This information's intention is for reference only.

Notes 2: Configuration Information:

§ Automatic ~ With a service in this state, it will start at boot time. Some services, when no longer required, will also automatically stop when not needed. However, this is very rare. If you find you do not need a service, place it into Manual or Disabled.

§ Manual ~ Manual mode allows Windows to start a service when needed. However, very few services will start up when required in Manual mode. If you find you need a service, place it into Automatic.

§ Disabled ~ This setting will stop a service from starting, even if needed. Errors in the Event Viewer will show up complaining of that fact. Some services, while Disabled, will constantly complain. However, this situation is taken care of if placed in Manual. The service descriptions identifies those that should be in Manual vice Disabled.

XP SERVICES LIST:

Display Name	Process Name	DEFAULT Home	DEFAULT Pro	"SAFE"	Power User	Bare Bones
Alerter	svchost.exe *	Disabled *	Disabled *	Disabled	Disabled	Disabled
Application Layer Gateway Service	alg.exe	Manual	Manual	Manual	Disabled	Disabled
Application Management	svchost.exe	Manual	Manual	Manual	Manual	Manual
Automatic Updates	svchost.exe	Automatic	Automatic	Automatic	Disabled	Disabled
Background Intelligent Transfer Service	svchost.exe	Manual	Manual	Manual	Disabled	Disabled
ClipBook	clipsrv.exe	Disabled *	Disabled *	Disabled	Disabled	Disabled
COM+ Event System	svchost.exe	Manual	Manual	Manual	Disabled	Disabled
COM+ System Application	dllhost.exe	Manual	Manual	Manual	Disabled	Disabled
Computer Browser	svchost.exe	Automatic	Automatic	Disabled	Disabled	Disabled
Cryptographic Services	svchost.exe	Automatic	Automatic	Automatic	Disabled	Disabled
DCOM Server Process Launcher *	svchost.exe *	Automatic *	Automatic *	Automatic *	Automatic *	Disabled *
DHCP Client	svchost.exe	Automatic	Automatic	Automatic	Automatic	Disabled
Distributed Link Tracking Client	svchost.exe	Automatic	Automatic	Manual	Disabled	Disabled
Distributed Transaction Coordinator	msdtc.exe	Manual	Manual	Manual	Disabled	Disabled
DNS Client	svchost.exe	Automatic	Automatic	Automatic	Disabled	Disabled
Error Reporting Service	svchost.exe	Automatic	Automatic	Disabled	Disabled	Disabled
Event Log	services.exe	Automatic	Automatic	Automatic	Automatic	Automatic
Fast User Switching Compatibility	svchost.exe	Manual	Manual	Manual	Disabled	Disabled
Fax	fxssvc.exe	Not Installed	Not Installed	Not Installed	Not Installed	Not Installed
Fax Service	This service is renamed to Fax * after the installation of Service Pack 2.
FTP Publishing *	inetinfo.exe	Not Available	Not Installed	Not Installed	Not Installed	Not Installed
FTP Publishing Service *	This service is renamed to FTP Publishing * after the installation of Service Pack 2.
Display Name	Process Name	DEFAULT Home	DEFAULT Pro	"SAFE"	Power User	Bare Bones
HTTP SSL *	svchost.exe *	Manual *	Manual *	Manual *	Disabled *	Disabled *
Help and Support	svchost.exe	Automatic	Automatic	Manual *	Disabled	Disabled
Human Interface Device Access	svchost.exe	Disabled	Disabled	Disabled	Disabled	Disabled
IIS Admin	inetinfo.exe	Not Available	Not Installed	Not Installed	Not Installed	Not Installed
IMAPI CD-Burning COM Service	imapi.exe	Manual	Manual	Manual *	Disabled	Disabled
Indexing Service	cisvc.exe	Manual	Manual	Disabled	Disabled	Disabled
Internet Connection Firewall / Internet Connection Sharing *	This service is renamed to Windows Firewall/Internet Connection Sharing * after the installation of Service Pack 2.
IPSEC Services	lsass.exe	Automatic	Automatic	Automatic *	Disabled	Disabled
IPv6 Helper Service *	svchost.exe *	Not Installed *	Not Installed *	Not Installed *	Not Installed *	Not Installed *
Logical Disk Manager	svchost.exe	Manual	Automatic	Manual	Disabled	Disabled
Logical Disk Manager Administrative Service	dmadmin.exe	Manual	Manual	Manual	Disabled	Disabled
Message Queuing	mqsvc.exe	Not Available	Not Installed	Not Installed	Not Installed	Not Installed
Display Name	Process Name	DEFAULT Home	DEFAULT Pro	"SAFE"	Power User	Bare Bones
Message Queuing Triggers	mqtgsvc.exe	Not Available	Not Installed	Not Installed	Not Installed	Not Installed
Messenger	services.exe	Disabled *	Disabled *	Disabled	Disabled	Disabled
MS Software Shadow Copy Provider	dllhost.exe	Manual	Manual	Manual	Disabled	Disabled
Net Logon	lsass.exe	Manual	Manual *	Disabled	Disabled	Disabled
NetMeeting Remote Desktop Sharing	mnmsrvc.exe	Manual	Manual	Disabled	Disabled	Disabled
Network Connections	svchost.exe	Manual	Manual	Manual	Manual	Disabled
Network DDE	netdde.exe	Disabled *	Disabled *	Disabled	Disabled	Disabled
Network DDE DSDM	netdde.exe	Disabled *	Disabled *	Disabled	Disabled	Disabled
Network Location Awareness (NLA)	svchost.exe	Manual	Manual	Disabled *	Disabled	Disabled
Network Provisioning Service *	svchost.exe *	Manual *	Manual *	Disabled *	Disabled *	Disabled *
NT LM Security Support Provider	lsass.exe	Manual	Manual	Manual	Manual	Disabled
Peer Name Resolution Protocol *	svchost.exe *	Not Installed *	Not Installed *	Not Installed *	Not Installed *	Not Installed *
Peer Networking *	svchost.exe *	Not Installed *	Not Installed *	Not Installed *	Not Installed *	Not Installed *
Peer Networking Group Authentication *	svchost.exe *	Not Installed *	Not Installed *	Not Installed *	Not Installed *	Not Installed *
Peer Networking Identity Manager *	svchost.exe *	Not Installed *	Not Installed *	Not Installed *	Not Installed *	Not Installed *
Performance Logs and Alerts	smlogsvc.exe	Manual	Manual	Disabled	Disabled	Disabled
Plug and Play	services.exe	Automatic	Automatic	Automatic	Automatic	Automatic
Portable Media Serial Number	This service is renamed to Portable Media Serial Number Service * after the installation of Service Pack 2.
Portable Media Serial Number Service *	svchost.exe *	Manual *	Manual *	Disabled	Disabled	Disabled
Print Spooler	spoolsv.exe	Automatic	Automatic	Automatic	Automatic	Disabled
Protected Storage	lsass.exe	Automatic	Automatic	Automatic	Disabled	Disabled
QoS RSVP	rsvp.exe	Manual	Manual	Disabled	Disabled	Disabled
Remote Access Auto Connection Manager	svchost.exe	Manual	Manual	Manual	Disabled	Disabled
Remote Access Connection Manager	svchost.exe	Manual	Manual	Manual	Disabled	Disabled
Remote Desktop Help Session Manager	sessmgr.exe	Manual	Manual	Disabled	Disabled	Disabled
Remote Procedure Call (RPC)	svchost.exe	Automatic	Automatic	Automatic	Automatic	Automatic
Display Name	Process Name	DEFAULT Home	DEFAULT Pro	"SAFE"	Power User	Bare Bones
Remote Procedure Call (RPC) Locator	locator.exe	Manual	Manual	Manual	Manual	Disabled
Remote Registry Service	svchost.exe	Not Available	Automatic	Disabled	Disabled	Disabled
Removable Storage	svchost.exe	Manual	Manual	Manual	Disabled	Disabled
RIP Listener	svchost.exe	Not Installed *	Not Installed	Not Installed	Not Installed	Not Installed
Routing and Remote Access	svchost.exe	Disabled	Disabled *	Disabled	Disabled	Disabled
Secondary Logon	svchost.exe	Automatic	Automatic	Disabled	Disabled	Disabled
Security Accounts Manager	lsass.exe	Automatic	Automatic	Automatic	Disabled	Disabled
Security Center *	svchost.exe *	Automatic *	Automatic *	Disabled *	Disabled *	Disabled *
Server	svchost.exe	Automatic	Automatic	Disabled	Disabled	Disabled
Shell Hardware Detection	svchost.exe	Automatic	Automatic	Automatic	Disabled	Disabled
Simple Mail Transport Protocol (SMTP)	inetinfo.exe	Not Available	Not Installed	Not Installed	Not Installed	Not Installed
Simple TCP/IP Services	tcpsvcs.exe	Not Installed	Not Installed	Not Installed	Not Installed	Not Installed
Smart Card	SCardSvr.exe	Manual	Manual	Disabled	Disabled	Disabled
Smart Card Helper *	This service has been removed and combined with Smart Card after the installation of Service Pack 2.
SNMP Service	snmp.exe	Not Installed	Not Installed	Not Installed	Not Installed	Not Installed
SNMP Trap Service	snmptrap.exe	Not Installed	Not Installed	Not Installed	Not Installed	Not Installed
SSDP Discovery Service	svchost.exe	Manual	Manual	Disabled	Disabled	Disabled
System Event Notification	svchost.exe	Automatic	Automatic	Automatic	Disabled	Disabled
System Restore Service	svchost.exe	Automatic	Automatic	Disabled	Disabled	Disabled
Task Scheduler	svchost.exe	Automatic	Automatic	Automatic	Disabled	Disabled
TCP/IP NetBIOS Helper Service	svchost.exe	Automatic	Automatic	Disabled	Disabled	Disabled
Display Name	Process Name	DEFAULT Home	DEFAULT Pro	"SAFE"	Power User	Bare Bones
TCP/IP Printer Server	tcpsvcs.exe	Not Installed	Not Installed	Not Installed	Not Installed	Not Installed
Telephony	svchost.exe	Manual	Manual	Manual	Disabled	Disabled
Telnet	tlntsvr.exe	Not Available	Manual	Disabled	Disabled	Disabled
Terminal Services	svchost.exe	Manual	Manual	Manual	Disabled	Disabled
Themes	svchost.exe	Automatic	Automatic	Automatic	Disabled	Disabled
Uninterruptible Power Supply	ups.exe	Manual	Manual	Disabled	Disabled	Disabled
Universal Plug and Play Device Host	svchost.exe	Manual	Manual	Disabled	Disabled	Disabled
Upload Manager *	This service is removed after the installation of Service Pack 2.
Volume Shadow Copy	vssvc.exe	Manual	Manual	Manual	Disabled	Disabled
WebClient	svchost.exe	Automatic	Automatic	Disabled	Disabled	Disabled
Windows Audio	svchost.exe	Automatic	Automatic	Automatic	Automatic	Automatic
Windows Firewall / Internet Connection Sharing *	svchost.exe *	Automatic *	Automatic	Automatic	Disabled	Disabled
Windows Image Acquisition (WIA)	svchost.exe	Manual	Manual	Manual	Disabled	Disabled
Windows Installer	msiexec.exe	Manual	Manual	Manual	Manual	Manual
Windows Management Instrumentation	svchost.exe	Automatic	Automatic	Automatic	Automatic	Automatic
Windows Management Instrumentation Driver Extension	svchost.exe	Not Available	Manual	Manual	Manual	Disabled
Windows Time	svchost.exe	Automatic	Automatic	Disabled	Disabled	Disabled
Wireless Zero Configuration	svchost.exe	Automatic	Automatic	Disabled	Disabled	Disabled
WMI Performance Adapter	wmiapsrv.exe	Manual	Manual	Disabled	Disabled	Disabled
Workstation	svchost.exe	Automatic	Automatic	Automatic	Automatic	Automatic
World Wide Web Publishing *	inetinfo.exe *	Not Available	Not Installed	Not Installed	Not Installed	Not Installed
World Wide Web Publishing Service *	This service is renamed to World Wide Web Publishing * after the installation of Service Pack 2.

An "*" (asterisk) indicates changes froService Pack 1a to Service Pack 2.

Here is someone else’s chart of Windows XP Services that provides more explanations of the purpose of the service:

Service	Purpose	Comments	Recommendations	Dependencies
Alerter	Notifies users of administrative alerts.	Not required under normal circumstances.	Disabled.	Workstation
Application Layer Gateway Service	Provides support for third-party plug-ins for Internet Connection Sharing/Internet Connection Firewall.	Required if using Internet Connection Sharing/Internet Connection Firewall to connect to the Internet.	Automatic if needed, Disabled if not.
Application Management	Used to Assign, Publish, and Remove software services.	If you can not modify your software installation of certain applications, set to Automatic or Manual.	Manual
Automatic Updates	Used to check if there are critical or other updates available for download.	You can also manually update due to the long lag time from when an update is available and when XP reports it. NOTE: Manual update by the Windows Update Web site requires Cryptographic Services to be running.	Disabled
Background Intelligent Transfer Service	Used to transfer asynchronous data using HTTP 1.1 servers.	It is not known if any programs actually use this feature. Use FTP instead.	Disabled	Remote Procedure Call (RPC), Workstation
ClipBook	Used to store information (cut/paste) and share it with other computers.	You may not have enough need for this to allow this service to always be running.	Disabled	Network DDE
COM+ Event System	Required for System Event Notification. Required if you want to run BootVis with the "optimize system" option.	You will receive, in the Event Log, a entry from "DCOM" that this service is not running if it is Disabled. It is not known if any programs actually use COM+, but if it is set to Manual, many services report to it, so it will start anyway.	Disabled	Remote Procedure Call (RPC)
COM+ System Application	Required for System Event Notification.	You will receive, in the Event Log, a entry from "DCOM" that this service is not running if it is Disabled. It is not known if any programs actually use COM+, but if it is set to Manual, many services report to it, so it will start anyway.	Disabled	Remote Procedure Call (RPC)
Computer Browser	Maintains a listing of computers located on the network.	This service is not needed on a standalone system.	Disabled	Server, Workstation
Cryptographic Services	Confirms signatures of Windows files.	You may see a message that about uncertified drivers if this is disabled. Required for Windows Update to function in manual mode. You can start it when checking, then end it when done.	Disabled	Remote Procedure Call (RPC)
DHCP Client	Receives a Dynamic IP address from your DHCP server.	Required for ICS/Internet client and also if you run IPSEC, disable on a standalone system or one that has a static IP address.	Automatic if required on your network, Disabled if not.	AFD Networking Support Environment. NetBios over TCP/IP. TCP/IP Protocol Driver.
Distributed Link Tracking Client	Maintains links with NTFS files within your computer or across a domain.	It is not known if any programs actually use this feature.	Disabled	Remote Procedure Call (RPC).
Distributed Transaction Coordinator	Takes care of transactions that span multiple resources.	Required if using Message Queuing.	Disabled	Remote Procedure Call (RPC). Security Accounts Manager.
DNS Client	Resolves DNS names and Active Directory domain controller functions.	This service is not needed on all systems, but is required if using IPSEC.	Disabled	TCP/IP Protocol Driver
Error Reporting Service	Sends reports to Microsoft when application errors occurs.	Uses memory and resources. Strictly optional.	Disabled	Remote Procedure Call (RPC)
Event Log	Allows Event Log messages from applications to be viewed in Event Viewer.	The Event Log is useful when you need to see what problems have occurred that are hidden from the normal user. Windows Management Instrumentation also Requires Event Log Service to be running.	Automatic
Fast User Switching Compatibility		Unless you have many users on a system, you probably do not even need this service to be running.	Disabled	Terminal Services
Fax Service		Not installed by default, but if needed, you may install it later from the installation CD.	Leave not installed or Disabled	Plug and Play, Print Spooler, Remote Procedure Call (RPC), Telephony
FTP Publishing Service		Not installed by default, but if needed, you may install it later from the installation CD. Used to provide a FTP server on your network.	Leave not installed or Disabled	IIS Admin
Help and Support		Required for Microsoft online help documents.	Disabled unless you really want it.	Remote Procedure Call (RPC)
Human Interface Device Access		Not all peripherals require this service. (May be needed by cameras and similar devices.)	Disabled unless you really need it; Automatic if you do.	Remote Procedure Call (RPC)
IIS Admin		Not installed by default, but if needed, you may install it later from the installation CD. Usually used in conjunction with local Web site or FTP servers.	Leave not installed or Disabled unless you really need it.	Remote Procedure Call (RPC), Security Accounts Manager
IMAPI CD-Burning COM Service	Used for "drag and drop" CD burn capability.		Disabled unless needed, then Manual.
Indexing Service		This is a major resource user. You can remove the function using "Add/Remove Programs"	Disabled or even better, uninstalled.	Remote Procedure Call (RPC)
Internet Connection Firewall and Internet Connection Sharing	Used to allow multiple computers on your network to access the Internet using only one account.	This service is installed on the "modem" computer.	Automatic if using this function, Disabled if not required.	Application Layer Gateway Service, Network Connections, Network Location Awareness, Remote Access Connection Manager
IPSEC Services		May be required on some domains, but the "average" user will not need this. If you are concerned about security, enable this feature.	Disabled	IPSEC driver, Remote Procedure Call (RPC), TCP/IP Protocol Driver
Logical Disk Manager	Needed to run the Disk Management MMC console for dynamic volumes.		Disabled	Plug and Play, Remote Procedure Call (RPC)
Logical Disk Manager Administrative Service	Needed to run the Disk Management MMC console for dynamic volumes.		Disabled	Logical Disk Manager, Plug and Play, Remote Procedure Call (RPC)
Message Queuing		Not installed by default, but if needed, you may install it later off of the WinXP CD. May be used on some domains, but the "average" home user will never need this service.	Leave not installed or Disabled	Distributed Transaction Coordinator, Message Queuing access control, NT LM Security Support Provider, Reliable Multicast Protocol driver, Remote Procedure Call (RPC) Server
Message Queuing Triggers		Not installed by default, but if needed, you may install it later from the installation CD. Required if you use Message Queuing service.	Leave not installed or Disabled	Message Queuing
Messenger	Sends messages between clients and servers.	Not needed under normal "home" conditions.	Disabled	NetBIOS Interface, Plug and Play, Remote Procedure Call (RPC)- Workstation
MS Software Shadow Copy Provider	Used in conjunction with the Volume Shadow Copy Service. Microsoft Backup also uses these services.		Disabled	Remote Procedure Call (RPC)
Net Login	Used for logging onto a Domain Controller.		Disabled	Workstation
NetMeeting Remote Desktop Sharing	Enables you to access your computer using NetMeeting.	This may create a big open door for the unwanted. If you are concerned about security, Disable this function. Even if you are not worried, you can still disable it.	Disabled
Network Connections	Required for managing network connectivity.	Set to disabled if you have no network or you do not change the configurations a lot. If your Internet connectivity is effected after disabling this function, set it back to Automatic!	Automatic if needed, Disabled if not.	Remote Procedure Call (RPC)
Network DDE	.	Not used by most programs. Unless you use remote ClipBook, Disable it.	Disabled	Network DDE DSDM
Network DDE DSDM		Not used by most programs. Unless you use remote ClipBook, Disable it.	Disabled	AFD Networking Support Environment, TCP/IP Protocol Driver
Network Location Awareness (NLA)	Required for use with the Internet Connection Sharing Service (server only.)		Disabled unless running ICS/ICF.
NT LM Security Support Provider		Not needed unless you are running Message Queuing or Telnet server.	Disabled unless needed.
Performance Logs and Alerts	Collects performance data on a schedule and sends the information to a log or triggers an alert.		Disabled
Plug and Play	The basis of the Plug and Play (PnP) environment.	NOTE: PnP is not related to UPnP. UPnP is used for connectivity on networks using TCP/IP to devices such as scanners or printers. Your sound card is PnP. Do not disable Plug and Play service.	Automatic
Portable Media Serial Number	Retrieves serial numbers from portable music players connected to your computer.	It is not known if any devices actually require this.	Disabled unless a device ceases to function properly.
Print Spooler	Queues up print jobs for later printing.	This service is Required if you have printers, even if they are network printers. If this does not fit your needs, Disable it.	Automatic if needed, Disabled otherwise.	Remote Procedure Call (RPC)
Protected Storage	Allows for the saving of local passwords or even Web site information (AutoComplete.)	This service is set to Automatic by default. If you are concerned about security reasons, you may want to disable this feature to make theft of information more difficult.	Disabled	Remote Procedure Call (RPC)
QoS RSVP	Provides traffic control on a network using IPSEC and applications that support QoS, plus have an adapter that supports it.	The QoS Packet Driver is installed by default on any TCP/IP connections. You can uninstall it if it is not needed on your network.	Disabled	AFD Networking Support Environment, Remote Procedure Call (RPC), TCP/IP Protocol Driver
Remote Access Auto Connection Manager	Creates a connection to a network when a program requests a remote address.	This service may be required for your Internet connection. If things cease to function after disabling this service, set it to Automatic.	Disabled unless required for your Internet connection.	Remote Access Connection Manager, Telephony
Remote Access Connection Manager	Creates a network connection.	This service is required for dial-up networking and if you use Internet Connection Sharing. If things cease to function after disabling this service, set it to Automatic.	Disabled unless required for your Internet connection.	Telephony
Remote Desktop Help Session Manager	Manages and controls Remote Assistance.	If you do not want or need to use this feature, Disable it.	Disabled unless using it.	Remote Procedure Call (RPC)
Remote Procedure Call (RPC)	This service is vital. Just about everything depends on this service to be running.	This is also the only service that you can not disable using the Services MMC.	Automatic.
Remote Procedure Call (RPC) Locator	Manages the RPC name service database.	May not be needed by most users. If something on your network breaks after you disable this service, set it back to Manual or Automatic.	Disabled unless required for your network.	Workstation
Remote Registry Service		This is one of those not needed services. If you are concerned about security, disable this service.	Disabled
Removable Storage	Used for managing removable media.	Disable this service if you do not have items like tape backup devices, etc. If your CD ROM/DVD Drive stops working properly, place this service into Automatic. Normally, this service is not needed.	Disabled	Remote Procedure Call (RPC)
RIP Listener		Not installed by default. If you do not know what it is, you do not need it.	Leave not installed or Disabled	Remote Procedure Call (RPC)
Routing and Remote Access		If you do not know what it is, you do not need it.	Leave not installed or Disabled	NetBIOSGroup, Remote Procedure Call (RPC)
Secondary Logon	Enables starting processes under alternate credentials.	It is not known if any programs use this service,	Disabled
Security Accounts Manager	Like Protected Storage, it saves security information for local users.	This service is Required for IIS Admin.	Disabled unless needed.	Remote Procedure Call (RPC)
Server	Used for file and print sharing from your computer or if you use Message Queuing.	Workstation is needed to connect to another computer that has the files you are looking for. For security purposes, you may Disable this service if you do not require local printers and files to be shared across your network.	Disabled unless needed. If a device stops working properly, place this service into Automatic.
Shell Hardware Detection	Used for the autoplay of devices such as memory cards.	Set to Automatic if you are experiencing problems with laptop docking stations.	Disabled unless needed.	Remote Procedure Call (RPC)
Simple Mail Transport Protocol (SMTP)		Not installed by default, but if needed, you may install it later. Supports the use of a local (outbound) email server.	Leave not installed or Disabled	Event Log, IIS Admin
Simple TCP/IP Services	Supports some older UNIX networking services.	Not installed by default, but if needed, you may install it later.	Leave not installed or Disabled	AFD Networking Support Environment
Smart Card	Supports the use of a Smart Card for local or network computer authentication.	If you do not have a "Smart Card" you do not need this service.	Disabled	Plug and Play
Smart Card Helper	Supports the use of a Smart Card for local or network computer authentication.	If you do not have a "Smart Card," you do not need this service.	Disabled
SNMP Service	Supports the use of networking equipment that use SNMP as a mode of management.	Not installed by default, but if needed, you may install it later.	Leave not installed or Disabled	Event Log
SNMP Trap Service	Supports the use of networking equipment that use SNMP as a mode of management	Not installed by default, but if needed, you may install it later.	Leave not installed or Disabled	Event Log
SSDP Discovery Service	Used to locate UPnP devices on your home network. Used in conjunction with Universal Plug and Play Device Host, it detects and configures UPnP devices on your home network.	For security reasons and unless you have these devices, Disable this service. If any external device does not function as a result of this service being disabled, place it back in to Automatic. NOTE: UPnP is not related to PnP. UPnP is used for connectivity on networks using TCP/IP to devices such as scanners or printers. Your sound card is PnP. Do not disable Plug and Play service.	Disabled
System Event Notification	Used in conjunction with COM+ Event System, this service notifies particular services when system events, such as logon and power events occurs.	Not needed by most users or programs	Disabled	COM+ Event System
System Restore Service	Creates system snap shots or restore points for returning to at a later time.	Heavy resource uses. If not using System Restore, disable.	Disabled	Remote Procedure Call (RPC)
Task Scheduler	This service is used to schedule maintenance, Microsoft Backup sessions or maybe even AutoUpdate.	You can do these manually if desired. NOTE: BootVis Requires Task Scheduler and COM+ Event System to be running if you want to take advantage of the "optimize system" function, due to the pre-fetching function built into XP. Pre-fetching only occurs on boot up, so if you do not care about a few extra seconds of boot time, you can disable Task Scheduler.	Disabled unless using the programs mentioned here.	Remote Procedure Call (RPC)
TCP/IP NetBIOS Helper Service	Legacy support for NetBios over TCP/IP.	If your network does not use NetBios, disable this function.	Disabled	AFD Networking Support Environment, NetBios over TCP/IP
TCP/IP Printer Server	Used for setting up a local UNIX print server	Not installed by default. If you do not need this function, leave it uninstalled.	Leave not installed or Disabled	Print Spooler, TCP/IP Protocol Driver
Telephony	Controls telephony devices on the local computer.	This service is required for dial-up modem connectivity.	Automatic if you require dial-up connectivity, Disabled otherwise.	Plug and Play, Remote Procedure Call (RPC)
Telnet	Allows remote logon to the local computer through the telnet function.	For security reasons, this service should be Disabled unless you specifically require its functionality.	Disabled	NT LM Security Support Provider, Remote Procedure Call (RPC), TCP/IP Protocol Driver
Terminal Services	Allows remote logon to the local computer.	This service is required for Fast User Switching, Remote Desktop and Remote Assistance. For security reasons, this service should be Disabled unless you specifically require its functionality.	Disabled	Remote Procedure Call (RPC)
Themes	Used to display XP themes and colors on your desktop.	If you do not care about the "new" XP look, disable this service to save memory.	Disabled
Uninterruptible Power Supply		If your UPS connects using USB, it may not need this service to run. Windows Update also has a "patch" for this service.	Disabled
Universal Plug and Play Device Host	Used in conjunction with SSDP Discovery Service, it detects and configures UPnP devices on your home network.	For security reasons and unless you have these devices, Disable this service. If any external device does not function as a result of this service being disabled, place it back in to Automatic. NOTE: UPnP is not related to PnP. UPnP is used for connectivity on networks using TCP/IP to devices such as scanners or printers. Your sound card is PnP. Do not disable Plug and Play service.	Disabled	SSDP Discovery Service
Upload Manager	As with BITS, this service manages file transfers between clients and servers on the network.	This service is not required for basic File and Print sharing. If you are comfortable with using FTP, use that.	Disabled	Remote Procedure Call (RPC)
Volume Shadow Copy	Used in conjunction with the MS Software Shadow Copy Provider Service.	MS Backup also uses these services.	Disabled	Remote Procedure Call (RPC)
WebClient		For security reasons you may want to set this service to Disabled.	Disabled	WebDav Client Redirector
Windows Audio	This service is required if you want to hear audio.	If your computer does not have a sound card, Disable this service.	Automatic if you have a sound card, Disabled if you do not.	Plug and Play, Remote Procedure Call (RPC)
Windows Image Acquisition (WIA)	Used for some scanners and cameras.	If, after Disabling this service, your scanner or camera fails to function properly, enable this service.	Disabled	Remote Procedure Call (RPC)
Windows Installer	This service is required for software programs that install using MSI files.		Automatic	Remote Procedure Call (RPC)
Windows Management Instrumentation	This service is required if you want to see the "Dependencies" tab in service configuration and you want everything to go smoothly.	Disabling this service is not recommended.	Automatic	Event Log, Remote Procedure Call (RPC)
Windows Management Instrumentation Driver Extension		Not as vital as Windows Management Instrumentation, but it is recommend leaving this service in Manual.	Manual
Windows Time	Automatically sets your clock by contacting a server on the Internet.	Great idea if your network is always connected to the Internet, but otherwise, the Event Log fills up with "can not find server" messages.	Disabled unless you use it.
Wireless Zero Configuration	Automatic configuration for wireless network devices.	If you do not have any wireless network devices in use, Disable this service.	Disabled	NDIS Usermode I/O Protocol, Remote Procedure Call (RPC)
WMI Performance Adapter		Unknown uses	Disabled	Remote Procedure Call (RPC)
Workstation	Used to connect local computer to remote computers, for example, Internet connectivity and local File and Print sharing. Many services depend on Workstation to be functioning.	Leave it on Automatic.	Automatic
World Wide Web Publishing Service	Used for setting up a local web server.	Not installed by default. If you do not need this function, leave it uninstalled.	Leave not installed or Disabled	IIS Admin

Resources

Tweak your XP computer for best performance for high-end applications like video editing