Services
Microsoft pulled their services guide that I had linked to previously because the information was outdated due to SP2. Even the default settings for Services listed in Help & Support are still wrong. To date they haven’t updated a single page for SP2 let alone SP3. I’ve gotten these settings by doing a fresh install of both XP Home and Pro and exporting the Services configuration as a .csv file.
————————————————–
This is a tough subject folks. Most of the services that you may or may not need depend on your individual configuration. Some of the factors that you need to consider include: How you access the internet, if and how you are networked, if and how you are sharing files or printers, whether or not you want the GUI to be pretty, whether or not you have a 3rd party backup program, whether or not you remember to update things, etc…
The following table contains my recommended settings. They are based on hundreds of custom installs. They are also expressly NOT for machines in a domain (even if your IT guy was stupid enough to give you these permissions). Reading the notes provided is KEY to interpreting the recommendations.
Action: Adjust System Services *All Levels
Purpose: Free up system resources. Security.
More Info – No valid links at Microsoft see note in red above.
To edit your services:
Press the Windows + R keys > type services.msc (do not use msconfig). To edit a service, double-click on the entry.
Re-boot when finished.
If something stops working that was working before you edited the services, simply return it to the default value. If you have a concern as to whether nor not it is safe for you to disable a service you have 2 choices; disable it and see if it causes problems, or, set it to Manual. In most cases Manual lets the system start a service if needed.
Levels 3 and 4 are configured for max security and are not for machines with multiple users.
You can download this table in Word (.doc) format here.
Can’t view it? Try OpenOffice or Microsoft’s Word Viewer 2003 (both free).
|
A = Automatic M = Manual D = Disabled ***IMPORTANT*** Read what the Levels mean before continuing. Level 1 – Best setting for those who do not know how to easily recover from problems or when you are setting up a system for someone else and don’t want a phone call late at night from someone wanting tech support. Level 2 – More secure. For single user machines. Full networking abilities still available. Good for people with a home network, especially those with non-NT versions of Windows or Linux on their network. Level 3 – Even more secure. More system resources freed. Requires more configuration by user. Level 4 – Locked and loaded. Don’t even try it if you don’t know what you are doing. This will require you to enable services before applying any updates. Functionality may be hindered. |
|||||||
| Name |
XP Pro Default |
XP Home Default |
Level 1 |
Level 2 |
Level 3 |
Level 4 |
Notes |
| Alerter |
Disabled |
Disabled |
D |
D |
D |
D |
|
| Application Layer Gateway Service |
Manual |
Manual |
M |
M |
M |
M |
|
| Application Management |
Manual |
Manual |
M |
M |
M |
M |
|
| Automatic Updates |
Automatic |
Automatic |
A |
A |
A |
D |
You can’t disable this and still use Windows Update. |
| Background Intelligent Transfer Service |
Manual |
Manual |
M |
M |
M |
D |
You can’t disable this and still use Windows Update. |
| ClipBook |
Disabled |
Disabled |
D |
D |
D |
D |
|
| COM+ Event System |
Manual |
Manual |
M |
M |
M |
M |
|
| COM+ System Application |
Manual |
Manual |
M |
M |
M |
M |
|
| Computer Browser |
Automatic |
Automatic |
A |
A |
D |
D |
|
| Cryptographic Services |
Automatic |
Automatic |
A |
A |
A |
D |
Windows Update errors may occur if this is disabled. |
| DCOM Server Process Launcher |
Automatic |
Automatic |
A |
A |
A |
A |
|
| DHCP Client |
Automatic |
Automatic |
A |
A |
D Or A |
D |
*CAUTION* You’ll have to set your IP Address manually. You’ll need to know all your networks settings to do this. Not everyone will be able to disable this and still be able to connect to the internet or connect to game servers. Do not change this on an ICS gateway. |
| Distributed Link Tracking Client |
Automatic |
Automatic |
A |
M |
M |
M |
|
| Distributed Transaction Coordinator |
Manual |
Manual |
M |
M |
M |
M |
|
| DNS Client |
Automatic |
Automatic |
A |
A |
A |
A |
|
| Error Reporting Service |
Automatic |
Automatic |
A |
M |
M |
D |
|
| Event Log |
Automatic |
Automatic |
A |
A |
A |
A |
|
| Fast User Switching Compatibility |
Manual |
Manual |
A |
M |
D |
D |
Will require you to reboot machine to log in as another user. |
| Help and Support |
Automatic |
Automatic |
M |
M |
D |
D |
|
| HTTP SSL |
Manual |
Manual |
M |
M |
M |
M |
|
| Human Interface Device Access |
Disabled |
Disabled |
D |
D |
D |
D |
Best to leave this at whatever your value is already set to. Many USB devices use this these days (keyboards, special mice, remotes). You can try disabling this to see if your devices need it or not. |
| IMAPI CD-Burning COM Service |
Manual |
Manual |
A |
M |
M |
D |
|
| Indexing Service |
Manual |
Manual |
D |
D |
D |
D |
Worthless resource hog that fires up when it feels like it. |
| IPSEC Services |
Automatic |
Automatic |
A |
A |
D |
D |
|
| Logical Disk Manager |
Automatic |
Automatic |
M |
M |
M |
M |
|
| Logical Disk Manager Administrative Service |
Manual |
Manual |
M |
M |
M |
M |
|
| Messenger |
Disabled |
Disabled |
D |
D |
D |
D |
Security risk. |
| MS Software Shadow Copy Provider |
Manual |
Manual |
M |
M |
M |
M |
|
| Net Logon |
Manual |
Manual |
D |
D |
D |
D |
|
| NetMeeting Remote Desktop Sharing |
Manual |
Manual |
D |
D |
D |
D |
|
| Network Connections |
Manual |
Manual |
M |
M |
M |
M |
|
| Network DDE |
Disabled |
Disabled |
D |
D |
D |
D |
|
| Network DDE DSDM |
Disabled |
Disabled |
D |
D |
D |
D |
|
| Network Location Awareness (NLA) |
Manual |
Manual |
M |
M |
M |
M |
|
| Network Provisioning Service |
Manual |
Manual |
M |
M |
M |
M |
|
| NT LM Security Support Provider |
Manual |
Manual |
M |
M |
M |
M |
|
| Performance Logs and Alerts |
Manual |
Manual |
M |
M |
M |
M |
|
| Plug and Play |
Automatic |
Automatic |
A |
A |
A |
A |
|
| Portable Media Serial Number Service |
Manual |
Manual |
M |
M |
M |
D |
|
| Print Spooler |
Automatic |
Automatic |
A |
A |
A |
M |
|
| Protected Storage |
Automatic |
Automatic |
A |
A |
A |
D |
|
| QoS RSVP |
Manual |
Manual |
M |
D |
D |
D |
|
| Remote Access Auto Connection Manager |
Manual |
Manual |
M |
M |
M |
M |
|
| Remote Access Connection Manager |
Manual |
Manual |
M |
M |
M |
M |
|
| Remote Desktop Help Session Manager |
Manual |
Manual |
M |
M |
D |
D |
|
| Remote Procedure Call (RPC) |
Automatic |
Automatic |
A |
A |
A |
A |
|
| Remote Procedure Call (RPC) Locator |
Manual |
Manual |
M |
M |
M |
M |
|
| Remote Registry |
Automatic |
N/A |
D |
D |
D |
D |
Security risk. |
| Removable Storage |
Manual |
Manual |
M |
M |
M |
M |
|
| Routing and Remote Access |
Disabled |
Disabled |
D |
D |
D |
D |
|
| Secondary Logon |
Automatic |
Automatic |
A |
D |
D |
D |
|
| Security Accounts Manager |
Automatic |
Automatic |
A |
A |
A |
A |
|
| Security Center |
Automatic |
Automatic |
A |
D |
D |
D |
|
| Server |
Automatic |
Automatic |
A |
A |
D |
D |
You will no longer be able to share files or printers from your computer with this setting. (You can still access network shares though.) If you need to share a file temporarily, open services.msc and start it. |
| Shell Hardware Detection |
Automatic |
Automatic |
A |
A |
A |
A |
|
| Smart Card |
Manual |
Manual |
M |
M |
D |
D |
|
| SSDP Discovery Service |
Manual |
Manual |
M |
M |
M |
M |
|
| System Event Notification |
Automatic |
Automatic |
A |
A |
A |
A |
|
| System Restore Service |
Automatic |
Automatic |
A |
D |
D |
D |
DO NOT disable this if you don’t use a 3rd party backup program! |
| Task Scheduler |
Automatic |
Automatic |
A |
A |
A |
A |
|
| TCP/IP NetBIOS Helper |
Automatic |
Automatic |
A |
A |
D |
D |
You may need this if you have an old OS using NetBIOS on your network. Makes life easier to have this on if you have a Linux box in your network. |
| Telephony |
Manual |
Manual |
M |
M |
M |
M |
Needed if you have a modem. I do not disable this because it causes entries in the error logs. If you don’t care about this, disable it. |
| Telnet |
Disabled |
N/A |
D |
D |
D |
D |
Security risk. |
| Terminal Services |
Manual |
Manual |
M |
D |
D |
D |
Security risk. |
| Themes |
Automatic |
Automatic |
A |
A |
A or D |
D |
Makes XP Pretty. Up to user preference. |
| Uninterruptible Power Supply |
Manual |
Manual |
M |
D |
D |
D |
Got UPS you need it. |
| Universal Plug and Play Device Host |
Manual |
Manual |
M |
M |
D |
D |
Security risk. If things you connect to outside of your machine stop working after you disable this, set it back to manual. |
| Volume Shadow Copy |
Manual |
Manual |
M |
M |
M |
M |
|
| WebClient |
Automatic |
Automatic |
A |
M |
D |
D |
|
| Windows Audio |
Automatic |
Automatic |
A |
A |
A |
A |
|
| Windows Firewall/Internet Connection Sharing (ICS)* |
Automatic |
Automatic |
A* |
D* |
D* |
D* |
DO NOT Disable this if you don’t use a 3rd party firewall or your machine is an ICS gateway. |
|
*Do you need this service running even if you aren’t using the Windows Firewall or ICS? The truth is as of this writing, I don’t know. I’ve tried both enabled and disabled. When this is disabled something is going on. I have the network icon in the notification area. When this service is disabled the icon will not show up unless I right-click on My Network Neighborhood. So clearly disabling it is affecting something. Having said that, there are no related errors in the logs and I’ve noticed no apparent effects in functionality. This service may cause problems on a high-speed network. See: http://support.microsoft.com/?kbid=842264 |
|||||||
| Windows Image Acquisition(WIA) |
Manual |
Manual |
M |
M |
M |
D |
If you don’t have a digital a camera or a scanner attached to your computer, you can disable this. |
| Windows Installer |
Manual |
Manual |
M |
M |
M |
M |
|
| Windows Management Instrumentation |
Automatic |
Automatic |
A |
A |
A |
A |
|
| Windows Management Instrumentation Driver Extensions |
Manual |
N/A |
M |
M |
M |
M |
|
| Windows Time |
Automatic |
Automatic |
A |
A |
A |
D |
I like to keep the time on my computers accurate w/o having to think about it. |
| Wired AutoConfig | Manual | Manual | M | M | M | M | |
| Wireless Zero Configuration |
Automatic |
Automatic |
D |
D |
D |
D |
Keep this on Auto if you use wireless networking. |
| WMI Performance Adapter |
Manual |
Manual |
M |
D |
D |
D |
|
| Workstation |
Automatic |
Automatic |
A |
A |
A |
A |
|