|
Service Name |
Description |
Recommended State |
|
Alerter |
Makes
it possible to automatically send messages
to registered users about certain system
events or alerts when they happen. |
Disabled it you don’t need to alert users
about system events over the network |
|
Application Layer Gateway Service |
Allows 3rd party software plugins
to interface with the Internet Connection
Sharing and Internet Connection Firewall. |
Disabled if not using Internet Connection
Sharing/Firewall – Manual if using Internet
Connection Sharing Firewall |
|
Application Management |
Used
to provide software installation services
such as Assign, Publish and Remove. It
handles deployment of software for computers
joined to a domain. |
Manual |
|
Automatic Updates |
Enables automatic monitoring, download and
installation of Windows Updates. |
Disabled if you are manually monitoring when
Microsoft issues updates – Automatic other
wise |
|
Clipbook Service |
Is
used to access the machines clipboard
remotely using the NetDDE service. |
Disabled for security reasons |
|
Computer Browser |
Enables the computer to participate in the
election for maintaining the browser list. |
Automatic it on a network and there is no
master browser – Disabled if not wanting to
participate in a browser list |
|
COM+
Event System |
Provides automatic distribution of events to
COM+ components. |
Manual |
|
COM+
System Application Service |
Manages the configuration and tracking of
COM+ based components. |
Manual |
|
Cryptographic Services |
Provides three types of services
Catalog database service – confirms the
signatures of Windows files (Window File
Protection) and whether drivers are signed
correctly
Protected root service – adds and removes
Trusted Root Certification Authority
certificates from this computers
Key
service – helps enroll this computer for
certificates |
Automatic |
|
DCOM
Server Process Launcher |
Provides launch functionality for DCOM
services |
Automatic |
|
DHCP
Client |
DHCP
(Dyanamic Host Configuration Protocol) is
used to store network configuration at a
central place (DHCP server). The DHCP client
will automatically contact the DHCP server
(Port 67) and acquire what network
configuration it should use. |
Automatic if using dynamic IP and on a
network with a DHCP server – Disabled if
using a static IP address |
|
Directory Replicator / File Replication
Service (FRS) |
It
provides control replication /
synchronization of directories and files
among multiple servers. It is used by the
Distributed File System (DFS) to
automatically synchronize file catalogs. |
Manual if on a simple home network –
automatic if running a Domain Controller
(DC) |
|
Distributed File System (DFS) |
The
DFS manages logical volumes distributed
across a local or wide area network. |
Disabled if on a simple home network |
|
Distributed Link Tracking Client |
Maintains shortcuts and Object Linking and
Embedding (OLE) links to target files when
placed on a NTFS partition |
Disabled if on a simple home network –
automatic if connected to a domain and uses
a NTFS file system |
|
Distributed Link Tracking Server |
Stores information so that files moved
between volumes can be tracked for each
volume in the domain |
Disabled if on a simple home network –
manual if running a domain controller (DC) |
|
Distributed Transaction Coordinator |
Coordinates transactions that are
distributed across two or more databases,
message queues, file systems or other
transaction protected resource managers |
Manual if on a simple home network |
|
DNS
Client |
The
DNS Client acts like a local DNS server and
is used whenever an application requires to
resolve a Domain Name System (DNS) name |
Automatic to minimize traffic for the cost
of memory – disabled if not wanting DNS
caching and want every application to do
their own DNS lookup |
|
Error
Reporting Service |
The
Error Reporting Service provides an
infrastructure for collecting, storing and
reporting kernel mode, operating system and
application faults to Microsoft |
Disabled if not connected to internet |
|
Event
Log |
This
service tracks events and logs them. |
Automatic |
|
Fast
User Switching Compatibility (FUS) |
Allows several users to be simultaneously
logged locally on the same machine, and then
switch between each of these user’s
sessions. |
Manual |
|
Fax
Service |
Helps
you send & receive faxes. This service gets
installed if fax capable modem is installed
in your machine. |
Manual |
|
Help
and Support Service |
This
service supports the Help and Support client
application and enables requests from the
client application to Microsoft’s Help and
Support Center |
Automatic |
|
HTTP
SSL / SSL for HTTP.SYS |
This
service implements the secure hypertext
transfer protocol (HTTPS) for the HTTP
service, using the Secure Socket Layer
(SSL). SSL is a proposed open standard for
establishing a secure communications channel
to prevent the interception of critical
information such as credit card numbers. |
Manual |
|
IMAPI
CD-Burning COM Service |
Supports the burning of CD-ROM/RW through
the IMAPI (Image Mastering Applications
Programming Interface) without the need of 3rd
party burning software. Can be extended with
WinXP PowerToy ISO Burner). |
Manual |
|
Indexing Service |
Indexes contents & properties of files on
local & remote computers; provides rapid
access to files through flexible querying
language. |
Manual |
|
Internet Connection Firewall (ICF) /
Internet Connection Sharing (ICS) |
Provides network address translation (NAT),
addressing and name resolution services for
all computers on your home network, so they
can access the Internet through the shared
network or dial-up connection. |
Automatic |
|
Intersite Messaging |
Allows sending and receiving messages
between Windows Advanced Server sites. This
service is used for mail-based replication
between sites. |
Disabled if on a simple home network |
|
IPSEC
Policy Agent Service |
Manages the Internet Protocol Security
(IPSEC) policy & starts the Internet
Security Association Key Management Protocol
(ISAKMP) / Oakley Internet Key Exchange
(IKE) & the IP Security driver. |
Automatic |
|
Keberos Key Distribution Center |
It
provides two services (TCPIP Port 88):
Authentication Service: Issues
Ticket-Granting Tickets (TGTS) to allow
connection to the Ticket-Granting Service in
a trusted domain.
Ticket-Granting Service (TGS): Issues
tickets for making connections to computers
in the local domain for clients having a
TGT. |
Disabled if on a simple home network |
|
License Logging Service |
Is
used to provide license tracking on a server
or Domain Controller (DC). |
Disabled if on a simple home network.
Automatic if you have a reason MS License
for your installation. |
|
Logical Disk Manager |
Logical Disk Manager Watchdog Service that
detects the appearance/disappearance of hard
drives and partitions they contain. |
Automatic |
|
Logical Disk Manager Administrative Service |
Administrative service for disk management
requests. This service is started only when
configuring a drive or partition or when a
new drive is detected. |
Manual |
|
Messenger |
Is
used to send/show messages and alerts on the
local machine or to remote machines. |
Disabled – WinXP SP2 for security reasons |
|
MS
Software Shadow Copy |
Manages software-based volume shadow copies
taken by the Volume Shadow Copy service. |
Manual |
|
Net
Logon |
Responsible for network authentication
including the following sub-components:
Maintains a synced domain directory database
between the Primary Domain Controller (PDC)
and Backup Domain Controller (BDCs). Handles
authentication of respective accounts on the
Domain Controllers (DC). Handles the process
authentication of domain accounts on
networked machines. |
Automatic if connected to a domain |
|
Netmeeting Remote Desktop Sharing |
Allows authorized people to remotely access
your Windows desktop using NetMeeting. |
Disabled for security if not using
NetMeeting. Manual if using this feature |
|
Network Connections |
Manages objects in the Network and Dial-up
Connections folder, in which you can view
both local area network and remote
connections |
Manual if on a simple network or using
dialup |
|
Network DDE |
Supports network transport and security of
DDE (Dynamic Data Exchange) connections |
Disabled for security measures |
|
Network DDE DSDM |
The
DSDM (Distributed Share Database Manager)
manages the shared DDE (Dynamic Date
Exchange) network conversations (from shares
like : \\computername\ndde$). |
Disabled for security measures |
|
Network Location Awareness (NLA) |
Collects and stores network configuration
and location information, and notifies
applications when this information changes. |
Manual |
|
Network Provisioning Service |
Manages XML configuration files on a domain
basis for automatic network provisioning |
Manual |
|
NT LM
Security Support Provider (SSP) |
Local
Security Authority (LSA) for the system (the
service name is only used for historical
reasons). The LSA handles all authentication
before a user is allowed to access a
resource, which can be done in several ways:
NTLM
– LM, NTLM, and NTLM2
Kerberos
SChannel – SSL & TLS
Digest |
Manual |
|
Performance Logs and Alerts |
Handles and performance logs and alerts
which are configured with Perfmon.exe. The
service will stop automatically if there is
no performance data to collect. |
Manual |
|
Plug
and Play (PnP) |
Enable automatic detection, installation and
activation of new PnP devices attached to
the computer. |
Automatic |
|
Print
Spooler |
Is
used to print files local or from remote,
and to store/send print job to available
print devices. The print spooler also allows
one to pool together several printers
attached to the machine and make them act
like one printer. |
Automatic if using a printer |
|
Protected Storage |
Is
used to encrypt and secure information like
this:
SSL
certificates
Passwords for programs (like Outlook)
Info
stored by Profile Assistant
Info
maintained by MS Wallet
Digitally signed S/MIME keys |
Automatic |
|
QoS
RSVP |
Quality of Service (QoS) ReSerVation
Protocol (RSVP) can help QoS aware programs
and control applets, to get enough of the
bandwidth. This is done by providing network
signaling and local traffic control setup
functionality. |
Manual |
|
Remote Access Auto Connection Manager |
Automatically creates a connection to a
remote network, whenever a program
references a remote DNS or NETBIOS name of
address. |
Disabled if not using a modem connection or
Virtual Private Network (VPN). |
|
Remote Access Connection Manager |
Used
to connect, maintain and disconnect dial-up
and VPN connections from your computer to
the internet or other remote connctions with
Internet Protocol Security (IPSEC) for
higher security. |
Disabled if not using a modem connection or
Virtual Private Network (VPN). |
|
Remote Procedure Call (RPC) |
The
service provides the endpoint mapper and
other miscellaneous PRC services.
Remote Procedure Call (RPC) is a protocol is
a protocol used by the Windows operating
system. RPC provides an inter-process
communication mechanism that allows a
program running on one computer to
seamlessly execute code on a remote system.
|
Automatic, vital part |
|
Remote Procedure Call (RPC) Locator |
Name
service provider that maintains a database
with available RPC services on the server,
where local RPC services can register
themselves. A client can then contact the
RPC locator on the server to locate and
access the wanted RPC service. |
Manual |
|
Remote Registry Service |
Allows remote registry manipulation, for
authorized users. |
Disabled, for security measures |
|
Resultant Set of Policy Provider (RSoP) |
Enables you to connect to a Windows domain
controller, access the Windows Management
(WMI) database for that computer, and
simulate RSoP for Group Policy settings that
would be applied to a user or computer
located in Active Directory on a Windows
2000 or later domain. |
Manual |
|
Routing and Remote Access Service (RRAS) |
Routing service of LAN-to-LAN, LAN-to-WAN,
virtual private network (VPN) and network
address translation (NAT). |
Disabled for security reasons |
|
RunAs
Service / Secondary Logon |
Enables starting processes under alternate
credentials. |
Disabled |
|
Task
Schedule |
Makes
it possible to schedule a command or program
to execute at a specific time and date. This
service is also known as the AT service and
is required for the AT command. The Task
Scheduler listens to a dynamic TCP port
starting from 1025, depending whether other
applications try to acquire a dynamic TCP
port. |
Disabled |
|
Security Accounts Manager (SAM) |
Stores security information for local user
accounts. |
Automatic |
|
Security Center |
Monitors system security settings and
configurations |
Disabled |
|
Server |
The
Server service provides Server Message Block
(SMB) service, which enables sharing of your
local resources to the network (such as
printer and files). It also enables name
pipe communication between applications
running on other computers and your
computer, which is used for RPC. |
Automatic if wanting to share files and
printers |
|
Shell
Hardware Detection |
It is
reported that this service affects Autoplay,
which is an extension of Autorun. The
Autoplay feature allows one to specify what
application to use for a certain type of
media like data and audio CD (but also
scanners and cameras). |
Disabled |
|
Smart
Card |
Manages and controls access to a smart card
inserted into a smart card reader attached
to the computer. |
Manual |
|
Smart
Card Helper |
Provides support for legacy smart card
readers attached to the computer. |
Manual |
|
Special Administration Conole Helper |
Special Administration Console (ISAC)
connects to a machine that has this service
running. ISAC can perform remote management
tasks in case Windows on the machine stops
functioning due to s stop error message. |
Manual |
|
SSDP
Discovery Service |
The
Simple Service Discovery Protocol (SSDP)
enables the detection of Universal Plug and
Play (UpnP) devices on your home network.
This service listens for UPnP connections at
TCP port 5000 and UDP port 1900. |
Disabled unless working with UPnP devices. |
|
System Event Notification |
System Event Notification Service (SENS)
tracks system events such as Windows logon,
network and power events. Notifies COM+
Event System subscribers of these events. |
Automatic |
|
System Restore Service |
Performs system restore functions that takes
images of your registry and files and
enables one to return to a previous image.
It will automatically create restore points
when events like install large software
packages or service packs occur. |
Automatic |
|
TCP/IP NetBIOS Helper Service |
Enables support for NetBIOS over TCP/IP
(NetBT) service and NetBIOS name resolution.
It is used for resolving Fully Qualified
Domain Name (FQDN) in Universal Naming
Convention (UNC) for NetBIOS over TCP/IP
(NetBT) to find the actual physical address. |
Disabled, if on a simple home network |
|
Telephony |
It
provides Telephony API (TAPI) support for
programs that control telephony devices. The
telephony service enables applications to
act as clients to telephony equipment such
as PBXs, telephones and modems. |
Manual |
|
Telnet |
Allows a remote user to log on to the system
and run console programs using the command
line.By default this service listens on TCP
port 23. |
Disabled for security measures |
|
Terminal Services |
Terminal Services allow multiple users to be
connected interactively to the computer as
they were logged on locally. Terminal
Services also provides the feature of
displaying the desktops and applications to
remote computers. |
Disabled for security reasons. Manual if
using Remote Desktop (Administration),
Remote Assistance, Fast User Switching |
|
Terminal Services Licensing |
The
Terminal Services License Service stores the
Client Access Licenses (CALs) that have been
issued for a Terminal server, and tracks the
licenses that have been issued to client
computers or terminals. If this service is
turned off, the server will be unavailable
to issue Terminal Server licenses to clients
when they are requested. If another License
Server is discoverable on a DC in the
forest, the requesting Terminal Server will
attempt to use it. |
Disabled |
|
Terminal Services Session Directory |
The
Terminal Services Session Directory allows
clusters of load-balanced Terminal Servers
to properly route a user’s connection
request to the server where the user already
has a session running. |
Disabled |
|
Themes Service |
Provides user experience theme management. |
Automatic |
|
Uninterruptible Power Supply (UPS) |
This
service is used to supply support for an UPS
(Uninterruptible Power Supply) if such
exists. |
Manual |
|
Universal Plug and Play Device Host |
Provides support to host Universal Plug and
Play (UPnP) Devices. UPnP is an extension
for working with PnP-devices not attached
directly to the computer but accessed
through the network, like
scanners/Printers/Gateways. |
Manual |
|
Upload Manager |
Microsoft’s own protocol for transferring
files from your computer to Microsoft. It is
used for example by Microsoft Driver
feedback to upload the hardware profile for
your computer to find the driver that fits
your computer. |
Disabled |
|
Utility Manager |
Starts and configures the accessability
tools from one window. |
Manual |
|
Virtual Disk Service (VDS) |
Virtual Disk Service (VDS) implements a
single uniform inferface for managing disks.
Each hardware vendor writes a VDS “provider”
that translates the general purpose VDS APIs
into specific instructions for their
hardware. |
Manual |
|
Volume Shadow Copy |
Manages and implements Volume Shadow copies
used for backup and other purposes. |
Manual |
|
WebClient |
Enables windows-based programs like Web
Publishing Wizard, to create access and
modify Internet-based files on the Internet
file servers using the WebDAV protocol. The
WebDAV protocol is a file access protocol
described in eXtendable Markup Language
(XML) that travels over Hypertext Transfer
Protocol (HTTPP). |
Disabled |
|
Windows Audio |
Manages audio devices for Windows based
programs |
Automatic |
|
Windows Image Acquisition (WIA) |
Provides image acquisition services for
scanners or cameras. It is used for
transferring the pictures from a camera or
scanner to the computer. |
Manual if using a digital camera or scanner,
otherwise disabled |
|
Windows Installer |
Installs, repairs and removes software
according to instructions contained in .MSI
files. |
Manual |
|
Windows Management Instrumentation (WMI) |
Windows Management Instrumentation (WMI) is
an implementation of Distributed Management
Task Force’s (DMTF) Web-Based Enterprise
Management (WBEM). WBEM is a set of open
industry-defined specifications that unify
and extend the management of
enterprise-computing environment. WMI makes
it possible for drivers, services,
applications to return information in form
of data or events into the CIM. |
Automatic |
|
Windows Management Instrumentation Driver
Extensions |
This
service monitors all drivers and event trace
providers that are configured to publish WMI
or event trace information. |
Manual |
|
Windows Time |
Makes
it possible to synchronize the computer
clock with another system using the Network
Time Protocol (NTP) on TCPIP port 123 (UDP). |
Automatic |
|
Wireless Zero Configuration |
Provides automatic configuration for 802.11
adapters. |
Disabled, if not using wireless network with
a 802.11 network device. |
|
WMDM
PMSP Service / Portable Media Serial Number |
The
sevice supports the Secure Digital Music
Initiative (SDMI) and enables the WMDM
(Windows Media Device Manager) to retrieve
the serial number from portable music
devices using Pre-Message Security Protocol
(PMSP), so media content can be copied
securely to the device. |
Manual |
|
WMI
Performance Adapter |
Provides performance library information
from WMI (Windows Management
Instrumentation) HiPerf providers to
Performance Data Helper (PDH) clients. |
Manual |
|
Workstation |
The
workstation service is a user-mode wrapper
for the Microsoft Networks redirector. Both
local file system requests and remote file
or print network requests are routed through
the Workstation service. |
Automatic when in simple home network |