|
Service |
Description |
Safely Disable? |
Ramifications if disabled |
Suggested setting |
Special Considerations |
|
Alerter |
Notifies selected users and computers
of administrative alerts |
Yes |
Programs that use administrative
alerts will not receive them. |
Disable |
|
|
Application Layer Gateway |
Provides support for
application-level protocol plug-ins and enables network/protocol
connectivity |
Maybe |
Programs that rely on this service,
such as MSN Messenger and Windows Messenger will not function. |
Enable |
Only enable when using the Windows
firewall or another firewall. Failure to do so can result in a
significant security hole. |
|
Application Management |
Processes installation, removal, and
enumeration requests for Active Directory IntelliMirror group policy
programs |
Yes |
Users will be unable to install,
remove, or enumerate any IntelliMirror programs. |
Disable |
|
|
Automatic Updates |
Enables the download and installation
of critical Windows updates |
Yes |
The operating system cannot
automatically install updates, but can still be manually updated at
the Windows Update Web site. |
Enable |
Automatic updates help keep your
computer current. If you do disable the service, perform regular,
manual updates. |
|
Background Intelligent Transfer |
Transfers data between clients and
servers in the background |
Yes |
Features such as Windows Update will
not work properly. |
Disable |
Enable this services if you enable
Automatic Updates. |
|
ClipBook |
Enables ClipBook Viewer to store
information and share it with remote computers |
Yes |
ClipBook
Viewer will not be able to share information with remote computers. |
Disable |
|
|
COM+ Event System/System Application |
Allows management of Component
Services by providing automatic distribution of events to
subscribing COM components |
No |
System Event Notification stops
working, which means that logon and logoff notifications will not
take place. Other applications, such as Volume Snapshot service,
will not work correctly. |
Enable |
|
|
Computer Browser |
Maintains an up-to-date list of
computers on your network, and supplies the list to programs that
request it. The Computer Browser service is used by Windows-based
computers that need to view network domains and resources. |
Yes |
Your computer will be unable to
locate other Windows computers on the network |
Enable |
Enable this service, if you need to
share files with other Windows computers. |
|
Cryptographic services |
Provides three management services:
Catalog Database Service, which confirms the signatures of Windows
files; Protected Root Service, which adds and removes Trusted Root
Certification Authority certificates from this computer; and Key
Service, which helps enroll this computer for certificates |
No |
The associated management services
will not function properly. |
Enable |
Required if you use the Automatic
Updates Windows service; Also used by other Windows services, such
as Task Manager. |
|
DHCP Client |
Allows the system to automatically
obtain IP addressing information, WINS server information, routing
information, and so forth; is required to update records in Dynamic
DNS |
Maybe |
The system will be unable to obtain
an IP address, WINS information, and the like, from a DHCP server
and will need to be configured with a static address. |
Enable |
You can disabled this service if you
do not use DHCP. |
|
Distributed Link Tracking Client |
Ensures that shortcuts and OLE links
continue to work after the target file is renamed or moved by
maintaining links in the file system |
Yes |
Link tracking will be unavailable.
Users on other computers won't be able to track links on this
computer. |
Disable |
|
|
Distributed Transaction Coordinator |
Coordinates transactions that span
multiple resource managers, such as databases, message queues, and
file systems |
Yes |
Distributed transactions will not
occur. |
Disable |
|
|
DNS Client |
Resolves and caches DNS names,
allowing the system to communicate with canonical names rather than
strictly by IP address |
No |
The system will be unable to resolve
a name and will be able to communicate only via IP address. A client
may be unable to communicate with its domain controller. |
Enable |
Stopping this service will result in
the inability for the computer to resolve names to IP addresses. |
|
Error Reporting |
Collects, stores, and reports
unexpected application crashes to Microsoft |
Yes |
Error Reporting will occur only for
kernel faults and some types of user mode faults. |
Disable |
|
|
Event Log |
Allows event log messages to be
viewed in Event log to assist in problem resolution |
No |
Administrators won't be able to view
logs, including the security log, increasing the difficulty of
diagnosing problems and detecting security breaches. |
Enable |
|
|
Fast User Switching Compatibility |
Enables management for applications
that require assistance in a multiple user environment |
Yes |
Fast User Switching will be
unavailable. |
Disable |
Doesn't work in domain environments
anyway. |
|
Help and Support |
Enables Help and Support Center to
run on this computer |
Yes |
The Help and Support Center will be
unavailable. |
Enable |
|
|
HID Input |
Enables generic input access to Human
Interface Devices (HID), which activates and maintains the use of
predefined hot buttons on keyboards, remote controls, and other
multimedia devices |
Maybe |
Hot buttons controlled by this
service will no longer function. |
Disable |
Required for some "hot buttons" on
newer keyboards. Can be safely enabled if these buttons don't work
with this service disabled. |
|
IMAPI CD-Burning COM |
Manages CD recording using Image
Mastering Applications Programming Interface (IMAPI) |
Maybe |
This computer will be unable to
record CDs. |
Enable |
This service can be disabled if you
don't have a CD-RW drive in your system. |
|
Indexing Service |
Indexes contents and properties of
files on local and remote computers; provides rapid access to files
through flexible querying language |
Yes |
Files will not be indexed. Indexing
can speed searching. |
Disable |
Uninstall this service if you don't
plan to use it. |
|
Internet Connection - Firewall (ICF)
/ Sharing (ICS) |
Provides network address translation,
addressing, name resolution and/or intrusion prevention services for
a home or small office network |
Maybe |
Networking services such as Internet
sharing, name resolution, addressing and/or intrusion prevention
will be unavailable. |
Disable |
If you share your Internet
connection, you must enable this service. |
|
IPSEC services |
Provides end-to-end security between
clients and servers on TCP/IP networks |
Maybe |
TCP/IP security between clients and
servers on the network will be impaired. |
Disable |
If you connect over an IPSec secured
connection, don't disable this service. |
|
Logical Disk Manager |
Waits for new drives to be added and
passes required information to the LDM administrative service;
required to ensure dynamic disk information is up to date |
Yes |
New disks will not be detected by the
system. |
Enable |
Leaving this service enabled makes it
easy to add new drives to the system. In a very high security
environment, this should not be allowed. |
|
Logical Disk Manager Administrative |
Starts and allows configuration to
take place when a new drive is detected or a partition/drive is
configured |
Yes |
None; runs only when needed. |
N/A |
Started by the Logical Disk Manager
service only when needed. Do not disable if you have the Logical
Disk Manager Service enabled. |
|
Machine Debug Manager |
Manages Visual Studio debugging |
Yes |
Visual Studio debugging information
will not be available. |
Disable |
|
|
Messenger |
Transmits net send and Alerter
service messages between clients and servers. This service is not
related to Windows Messenger |
Yes |
Alerter messages will not be
transmitted. |
Disable |
|
|
Microsoft Software Shadow Copy
Provider |
Manages software-based volume shadow
copies taken by the Volume Shadow Copy service |
Yes |
Software-based volume shadow copies
cannot be managed. |
Disable |
Leave set at Manual if you intend to
use Windows Backup. |
|
NetMeeting Remote Desktop Sharing |
Enables an authorized user to access
this computer remotely by using NetMeeting over a corporate
intranet |
Yes |
Remote desktop sharing will be
unavailable. |
Disable |
If you use NetMeeting, don't disable
this service. |
|
Network Connections |
Manages the network and dial-up
connections for the server, including network status notification
and configuration |
No |
Network configuration will not be
possible; new connections can't be created and services that need
network information may fail. |
Enable |
|
|
Network DDE |
Provides network transport and
security for Dynamic Data Exchange (DDE) for programs running on the
same computer or on different computers |
Yes |
DDE transport and security will be
unavailable. |
Disable |
|
|
Network DDE DSDM |
Manages Dynamic Data Exchange (DDE)
network shares |
Yes |
DDE network shares will be
unavailable. |
Disable |
|
|
Network Location Awareness (NLA) |
Collects and stores network
configuration and location information and notifies applications
when this information changes. This service is a part of ICS |
Maybe |
Services such as ICS & ICF will not
function. |
Disable |
Enable if this computer has Internet
Connection Sharing enabled or if you are using the Internet
Connection Firewall. |
|
NT LM Security Support Provider |
Allows users to log on to the network
using NTLM |
Maybe |
Users with versions of Windows prior
to Windows 2000 will be unable to log in to the network. |
Disable |
Enable this service if this computer
needs to log on to pre-Windows 2000 computers or domains |
|
Performance Logs and Alerts |
Collects performance data for the
computer or other computers and writes it to a log or displays it on
the screen |
Yes |
Performance information will no
longer be logged or displayed. |
Disable |
|
|
Plug and Play |
Allows an administrator to add
hardware to a server and have the server automatically detect and
configure it |
No |
The system will be unstable and
incapable of detecting hardware changes. |
Enable |
|
|
Portable Media Serial Number |
Retrieves the serial number of any
portable media player connected to this computer |
Yes |
Protected content might not be
downloaded to the device. |
Disable |
|
|
Print Spooler |
Manages all local and network print
queues and controls all printing jobs |
Maybe |
Printing on the local machine will be
unavailable. |
Enable |
Disable this service if you don't
have a printer. |
|
Protected Storage |
Protects sensitive information such
as private keys from exposure except to allowed persons and
services |
Yes |
Protected information will be
inaccessible. |
Enable |
|
|
QoS RSVP |
Provides network signaling and local,
traffic-control, set-up functionality for (Quality of Service)
QoS-aware programs and control applets |
Yes |
QoS aware applications with either
not function, or will not have their complete functionality. |
Disable |
Enable this service if you use QoS
aware applications. |
|
Remote Access Auto Connection
Manager |
Detects unsuccessful attempts to
connect to a remote network or computer and provides alternative
methods for connection |
Yes |
Users will need to manually connect
to other systems. |
Enable |
|
|
Remote Access Connection Manager |
Manages dial-up and virtual private
network (VPN) connections from this computer to the Internet or
other remote networks |
Maybe |
The operating system may not function
properly. |
Enable |
This service is run on demand by the
Remote Access Manager |
|
Remote Desktop Help Session Manager |
Manages and controls Remote
Assistance |
Yes |
Remote Assistance will be
unavailable. |
Disable |
|
|
Remote Procedure Call (RPC) |
Allows processes to communicate
internally and across the network with each other |
No |
The system will not boot. Don't
disable this service. |
Enable |
|
|
Remote Procedure Call (RPC) Locator |
Provides RPC name services similar to
DNS services for IP |
No |
Systems that are running third-party
utilities looking for RPC information will be unable to find it. OS
components do not use this service, but programs such as Exchange
do. |
Enable |
|
|
Remote Registry |
Provides a mechanism to remotely
manage the system registry |
Maybe |
Remote systems will be unable to
connect to the local registry. Hfnetchk uses this mechanism.
Disabling it can affect the patch utility's operation. |
Disable |
Some programs require this
functionality in order to operate. |
|
Removable Storage |
Manages and catalogs removable media
and operates automated removable media devices |
Yes |
Programs that are dependent on
Removable Storage, such as Backup and Remote Storage, will operate
more slowly. |
Enable |
|
|
Routing and Remote Access |
Enables multiprotocol LAN-to-LAN,
LAN-to-WAN, virtual private network (VPN), and network address
translation (NAT) routing services for clients and servers on this
network |
Yes |
Routing and Remote Access services
will be unavailable. |
Disable |
Better yet, don't install this
service at all. |
|
Secondary Logon |
Enables starting processes under
alternate credentials. If this service is stopped, this type of
logon access will be unavailable |
Yes |
Users will be unable to use the "Run
As" feature to elevate privileges. |
Disable |
|
|
Security Accounts Manager |
Stores account information for local
security accounts, which, when started, allows other services to
access the SAM |
Yes |
Services that rely on requests to the
SAM database will not function properly. Group Policy objects may
not operate properly. |
Enable |
If you use don't use DHCP to obtain
an IP address, this service can be disabled. |
|
Server |
Allows the sharing of local resources
such as files and printers, as well as named pipe communication |
Yes |
Resources can't be shared, RPC
requests will be denied, and named pipe communication will fail. |
Disable |
This service must be enabled on
Windows XP computers that share files or printers. |
|
Shell Hardware Detection |
Provides notifications for AutoPlay
hardware events |
Yes |
CD-ROMs and other devices will not
automatically function. |
Enable |
Much easier to leave this enabled,
and not much of a security risk. |
|
Smart Card |
Manages access to smart cards read by
this computer |
Yes |
This computer will be unable to read
smart cards. |
Disable |
If you're using a smart card reader,
enable this service. |
|
Smart Card Helper |
Provides support for earlier smart
card readers attached to the computer |
Yes |
The computer will be unable to read
legacy smart cards. |
Disable |
If you're using a smart card reader,
enable this service. |
|
SSDP
Discovery |
Used to locate UPnP devices on your
home network. Used in conjunction with Universal Plug and Play
Device Host, it detects and configures UPnP devices on your home
network |
Yes |
Your computer will be unable to
located uPnP devices on the network. |
Disable |
|
|
System Event Notification |
Required to record entries in the
event logs; notifies COM+ subscribers about logon and power-related
events |
Yes |
Certain notifications will no longer
work. For example, synchronization won't work, as it depends on
connectivity information and Network Connect/Disconnect and
Logon/Logoff notifications. |
Disable |
Leave enabled for laptops to that
power notifications are passed to the user. |
|
System Restore |
Performs system restore functions,
including saving periodic checkpoints |
Yes |
Automatic system restoration will not
be possible. |
Disable |
While this service does use up some
system resources, it can be invaluable for stand alone machines,
particularly when a software install goes bad. |
|
Task Scheduler |
Enables a user to configure and
schedule automated tasks on this computer |
Yes |
Tasks will not be run at their
scheduled times. |
Disable |
|
|
TCP/IP NetBIOS Helper |
Required for software distribution in
a Group Policy (may be used to distribute patches) and provides
support for NetBIOS over TCP/IP and NetBIOS name lookups |
Yes |
NetBIOS over TCP/IP clients including
Netlogon and Messenger might stop responding. Disabling may also
affect the ability to share resources. |
Disable |
For small networks, this service may
be essential if you share files with others. For larger networks
with central file servers, keep disabled on desktops. |
|
Telephony |
Provides Telephony API (TAPI) support
for clients using programs that control telephony devices and
IP-based voice connections |
Yes |
The function of all dependent
programs will be impaired. |
Disable |
Only needed for modem/fax modem use. |
|
Telnet |
Enables a remote user to log on to
this computer and run programs; supports various TCP/IP Telnet
clients, including UNIX- and Windows-based computers |
Yes |
Remote user access to programs might
be unavailable. |
Disable |
|
|
Terminal Services |
Allows users to connect interactively
to a remote computer; Remote Desktop, Fast User Switching, Remote
Assistance, and Terminal Server depend on this service. |
Yes |
May make your computer unreliable. To
prevent remote use of this computer, clear the check boxes in the
Remote tab of the System properties control panel item. |
Disable |
|
|
Themes |
Provides user experience theme
management |
Yes |
Themes cannot be used. |
Disable |
|
|
Uninterruptible Power Supply |
Manages an uninterruptible power
supply (UPS) connected to the computer |
Yes |
The UPS cannot communicate with the
computer. |
Disable |
|
|
Universal Plug and Play Device Host |
Used in conjunction with SSDP
Discovery Service, it detects and configures UPnP devices on your
home network |
Yes |
Your computer will be unable to
located uPnP devices on the network. |
Disable |
|
|
Upload Manager |
Manages synchronous and asynchronous
file transfers between clients and servers. Driver data is
anonymously uploaded from these transfers and used by Microsoft to
help users find needed drivers. The Driver Feedback Server asks the
client's permission to upload the computer's hardware profile and
then search the Internet for information about how to obtain the
appropriate driver or get support. |
Yes |
Certain file transfers will not take
place. |
Disable |
|
|
Volume Shadow Copy |
Manages and implements volume shadow
copies used for backup and other purposes |
Yes |
Shadow copies will be unavailable for
backup and the backup may fail. |
Disable |
Enable this service if you use
Windows Backup on this desktop. |
|
WebClient |
Enables Windows-based programs to
create, access, and modify Internet-based files |
Yes |
These functions will not be
available. |
Disable |
|
|
Windows Audio |
Manages audio devices for
Windows-based programs |
Yes |
Audio devices and effects will not
function properly. |
Enable |
Even though it can be disabled,
without this service, you will get no sound. |
|
Windows Image Acquisition (WIA) |
Provides image acquisition services
for scanners and cameras |
Yes |
Programs that require images, such as
Windows Movie Maker, won't function properly. |
Enable |
This service is required for some
scanners and cameras. If you don't have a scanner or a camera, you
can disable this service. |
|
Windows Installer |
Adds, modifies, and removes
applications provided as a Windows Installer (*.msi) package |
Yes |
People can install no programs, or
make use of Add/Remove programs. |
Enable |
|
|
Windows Management Instrumentation (WMI) |
Provides system management
information; required to implement performance alerts using
Performance Logs and Alerts |
No |
System management and performance
information will be unavailable. |
Enable |
|
|
Windows Time |
Uses NTP to keep computers in the
domain synchronized |
Yes |
Time synchronization won't take
place. |
Enable |
|
|
Wireless Zero Configuration |
Automatically configured WiFi
(802.11) network adapters |
Maybe |
You will have to manually configure
wireless networking. |
Disable |
Enable this service if you're using
wireless networking. |
|
WMI
Driver Extensions |
Monitors all drivers and event trace
providers that are configured to publish Windows Management
Instrumentation (WMI) or event trace information |
Yes |
(extension of WMI only) |
Enable |
|
|
WMI
Performance Adapter |
Provides performance library
information from Windows Management Instrumentation (WMI) providers
to clients on the network |
Yes |
This service runs only when
Performance Data Helper is activated. |
Enable |
|
|
Workstation |
Provides network connections and
communications using the Microsoft Network services |
Yes |
The computer will be unable to
connect to remote Microsoft Network resources. |
Enable |
|
