Windows XP Services. What Can Be Turned Off? What Needs To Be Left Alone?

Turning off certain services in Windows XP can really increase system performance and at the same time lessen your risk of a hacker exploiting or compromising your computer.
Unnessasary services can not only subject you to a security risk but can also slow down the operation of your computer.
These are my personal settings and reccemendations for services that I use and have gotten through much searching and reading.
I would advise anyone who is not very computer savvy ( or just forgetful like me)  to write down or print out any changes you made just in case you need to go back to the original settings and may not remember everything you did.
Backing up your system prior to making any changes is also another very good idea

The first thing we need to do is go to Windows Services in Windows XP.
Click on Start,Control Panel, Administration Tools, and then Services
Below is a Step by Step set of screen shots to show you how to get to Services.
Bear in mind that your View settings could make your system look a little differently but the pathway is the same.


Click on Start then on Control Panel


In Control Panel click on Administration Tools


In Administration Tools Click on Services


Choose the service you wish to modify


Right click and select Properties


Once you have selected a service you wish to modify you have up to three different buttons to disable a service, leave it automatic or to set it as manual.

List as a table with Default,Safe,Internet Gateway, and Gaming Configurations

Alerter (DISABLED) - Announces users of administrative alerts. Usually useless unless you are a part of a network with a system administrator.

Application Layer Gateway Service (MANUAL) - Used to Assign Publish and Remove software services. On manual, it will start only if needed.

Application Management Service (MANUAL) - Used when you add or remove software

Automatic Updates (DISABLE/AUTOMATIC) -  Go to windowsupadate.microsoft.com for any updates. Leave this one on if you can not remember to check for updates. Before doing any updates you should make a restore point to go back to just in case things don't go as expected.

Background Intelligent transfer Service (Manual) - Used for asincronous data transfer with http 1.1 servers.

ClipBook (DISABLE) - Used to stare information (cut/copy/paste) and share them with other PCs. Usually useless unless you are cutting and pasting to another user on the same network.

COM+ Event System (MANUAL) - There are almost no apps that use COM+, but on manual it will start if needed.

COM+ System Application (MANUAL) - Same as above.

Computer Browser (DISABLE) - A list with network computers. This service is not required for a stand-alone system. If you wanna share files, it must be started. Most users are not on a network and do not need this service. If you are on a network you need to set this one to Automatic

Cryptographic Services Service (MANUAL) -  Provides the annoying boxes that pop up telling you a driver you are about to install isn't digitally signed. If you disable this service you'll be flooded with uncertified driver notifications.

 DCOM Server Process Launcher (AUTOMATIC) - Provides launch functionality for DCOM services. Added with SP2

DHCP Client (AUTOMATIC) - Gets a dynamic IP from your DHCP server. If you have a static IP( IP that does not change) you can disable this service (very few home users have static IP Addresses). Required for most DSL/Cable connections.

Distributed Link Tracking (DISABLE) - Maintains links with NTFS files in your PC or a domain. Usually not required unless you are on a network and share files between different computers

Distributed Transaction Coordinator (DISABLE) - Takes care of the transactions that require multiple resources. Serves no purpose for most home users.

DNS Client (AUTOMATIC) - Takes care of DNS names and control functions of the Active Directory domain. Helps on line. Leave it on.

Error Reporting Service (DISABLE) - The box that pops up wanting you to report an application error or system crash to Microsoft. I have heard that they actually use this information but no one can confirm that anything is ever done. A waste of resources in my opinion.I find cussing the application that crashed to be much better for me therapeuticly.

Event log (AUTOMATIC) - This allows Event Log messages from the applications to be seen in Event Viewer. This should be on; windows can get very upset if it's turned off.

Fast User Switching Compatibility (AUTOMATIC) - Disable it if you do not have multiple accounts on your computer.

Fax Service (DISABLE) - Not installed by default, so leave it off.

FTP Publishing Service (DISABLE) - Used for having a FTP server or your network. Activate it only if you really need it.

Help and Support (DISABLE) - Resource eater. Disable it. Warning: it will auto-activate if you access Start->Help or press F1. Usually you can find better information by doing a goggle search.

 HTTP SSL (AUTOMATIC) - A security provision that allows use of HTTPS (banks and e-commerce sites) Set it to Manual and it will kick in when needed but to be on the safe side Automatic is reccomended.

Human Interface Device Access (DISABLE) -  Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If any of your peripherals don't work, leave it on. If alls ok, disabled.

IIS Admin (DISABLE) - Usually used with a local web server of ftp.

IMAPI CD-Burning COM Service (MANUAL) - Used to "burn" CDs. If you do not have a cd/dvd burner you can turn this one off

Indexing Service (MANUAL) -  Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language. This is a super resource eater.It indexes contents and properties on local and remote computers. some reccomend that this one be disabled.

Internet Connection - Firewall (ICF) / Sharing (ICS) Service (AUTOMATIC) -  Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network

IPSEC Services (MANUAL) - A host authentification device for data transfer and encryption operations on a domain

Logical Disk Manager (AUTOMATIC) - Vital to run managing and updating  the hard drives

Logical Disk Manager Administrative Service (MANUAL) -  Works in conjunction with Logical Disk Manager, but can be set to Manual and it will be started for configuration processes.

Machine Debug Manager  (MANUAL) - Manages local and remote debugging for Visual Studio debuggers

Message Queuing (DISABLE) - Not installed. Leave it this way.

Message Queuing Triggers (DISABLE) - Same as above.

Messenger  (DISABLE) Transmits and sends net and Alerter messages between clients and servers. This service is not related to Windows Messenger.

MS Software Shadow Copy Provider (MANUAL) - Used with Volume Shadow Copy Service.

Net Login (DISABLE) - Used to login to a Domain Controller. No domain then no need for this service

NetMeeting Remote Desktop Sharing (DISABLE) - Supports pass through authentication of logon events for computers in a domain. Allows a remote user with NetMeeting to access your computer. Useless for most users.Security bug. Disable it

Network Connections (AUTOMATIC) - Basicly this controls the network and your ability to connect to the internet. Required for network setup.

Network DDE (DISABLE) - Don't activate if you don't use the clipbook service.

Network DDE DSDM (DISABLE) - Same as above.

Network Location Awareness (NLA) (MANUAL) - Used with Internet Connection Sharing.

NT LM Security Suport Provider (MANUAL) - Not necesarry unless you use Message Queuing or a Telnet server.

Performance Logs and Alerts (DISABLE) - Gathers various performance info and logs it or activates an alert. A way to monitor sytem performance. If the box and network stats interest you set this to Manual. If you are like me and ignorance is bliss simply Disable it

Plug and Play (AUTOMATIC) - If you change any components, this service will detect it. Leave this one on.

Portable Media Serial Number (DISABLE) - Retrieves serial numbers from connected mobile music players. Disable it if everything works fine.

Print Spooler (AUTOMATIC) - If you have no printer either locally or a network sever then you can safely disable this one otherwise leave it on Automatic
.
Protected Storage (AUTOMATIC) - Allows saving local password or Auto complete web information. Let it on if you use autocomplete. If you do not use auto complete you can safely turn off this service. While this service is not needed, most users will want it to avoid constantly having to type passwords. However, be aware it does carry risks, especially if your firewall security and security patch updating is lax.

QoS RSVP (DISABLE) - Supposedly this will provide a load balancing that shifts bandwidth between applications. Usally this one is another uneeded service.

Remote Access Auto Connection Manager (AUTOMATIC/MANUAL) - Created a connection to a program when it requires an address. Best to set this one to Manual and if you have problems change it to Automatic

Remote Access Connection Manager (MANUAL) - Creates a network connection Definatly required if you are using internet connection sharing.

Remote Desktop Help Session Manager (DISABLE) - Manages and controls remote assistance. If this service is stopped remote desktop assistance will not work. Unless you really need  remote assistance this is a potential security breach. If the time were to come that you did need it you can always turn it back on

Remote Procedure Call (RPC) (AUTOMATIC) - Critical importance. Let it on automatic. Almost no one knows what this service actually does but if you turn it off your computer will be pretty much useless LEAVE IT ON AUTOMATIC

Remote procedure Call (RPC) Locator (MANUAL) - Manages the RPC service data base. As important as Remote Procedure Call is better not turn this one off.

Remote Registry Service (DISABLE) - A no brainer, do you really want someone to be able to edit your registry remotely? I sure don't. Security breach.

Removable Storage (MANUAL/DISABLE) - If you have devises like zip drives,tape drives or maybe a graphics pen you will need this one set to manual otherwise you can set this one as disabled. If you have trouble with your cd rom after disabling this one set to Manual or Automatic

Routing and Remote Access (DISABLE) - Allows LAN or WAN dial in access to your computer. Very doubtful that any home users ever need this one.

ScriptBlocking Service (AUTOMATIC) Installed by Symantec and relates to malicious script blocking.

Secondary Logon (AUTOMATIC/DISABLE) - This one enables logon with alternate credentials. This can be a useful feature but can present a security compromise. Usally can be turned off safely.

Security Accounts Manager (AUTOMATIC/DISABLE) -  Related to the Secondary Logon function and another security info warehouse, similar to Protected Storage.Could be a potential security breach. Same as above

Security Center (AUTOMATIC) Monitors security settings and configurations.

Server (DISABLE/AUTOMATIC) - If you are part of a network leave this one on. If you are not part of a LAN then you can turn this one off.

Shell Hardware Detection (AUTOMATIC) - Autoplay for memory cards. You decide. Disable only you don't have memory cards.

Smart Card (DISABLE) - If you don't have a "Smart Card" you do not need this service.

Smart Card Helper (DISABLE) - Same as above.

SSDP Discovery Service (DISABLE) - Enables the discovery of UPnP devices on your network. A UPnP device is external (not inside the computer case) and a part of the local network. Not on a network you sure don't need it Huge security risk. Disable it.

System Event Notification (AUTOMATIC) - Whether or not your system actually needs this will depend on what you have installed but many applications are dependent on this one. Best to leave it on.

System Restore Service (AUTOMATIC) - Some people reccomend turning this service off because it is a resource hog but if you do then you do not have a back up point to restore your system. Very good service for those of us who may not be very discriminating when it comes to downloading things from the web.

Task Scheduler (AUTOMATIC) -  I just think of this as an aid to my memory as I get older and more forgetful. It's used in conjunction with programs that like to run on a schedule, such as virus scanners, backups, defrag utilities, etc. If you can remember every task that needs to be done without help, disable this service.

TCP/IP NetBIOS Helper Service (DISABLE) - If you don't use Netbios, disable it. It's also a security breach.

Telephony (MANUAL) -  Basically controls all dialup activity and in some cases DSL/Cable activity..

Telnet (DISABLE) -  A remote login 'feature' that is a major security hole. Unless you have a specific reason to use this, keep it disabled. Even Microsoft has changed the default to Disabled with the release of SP2, Disable it.

Terminal Services (MANUAL/DISABLE) - Used for Fast User Switching, Remote Desktop & Remote Assistance.  Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers.  If you use any of these services  set this to manual. If not, disabled is the way to go.

Themes (MANUAL/DISABLE) - Provides user with theme management. If you like themes in XP set this one to Manual. If you do not use themes then you can disable it. If you have multiple users who use themes you may wish to set this one to Automatic.

Uninterruptible Power Supply (DISABLE) - If you don't have an Uninterruptible Power Supply, turn it off.

Universal Plug and Play Device Host (MANUAL) - Security breach but used with SSDP Discovery Service,detcts and configurs your UPnP devices in your network. Can be disabled.

Upload Manager (DISABLE) - Pretty much a useless service. Obsolete.

Volume Shadow Copy (MANUAL/DISABLE) -  Related to using the Microsoft Backup Utility. If you use it, you might want to set this to Manual, but otherwise --- Should have the same setting as MS Software Shadow Copy Provider.

Software Shadow Copy Provider Service. - Same as above.

Webclient (MANUAL) - Most users outside of Microsoft can not tell whether this service is needed or not. Has been tried as Disabled,Manual, or Automatic with no discernable differEnces noted. Microsoft does reccomend setting to Automatic so who knows.

Windows Audio (AUTOMATIC) -  Controls all audio functions. If you don't have sound capability, disable.

Windows Firewall/Internet Connection Sharing (AUTOMATIC) - Leave this on Automatic even if you're running a third-party firewall - and if you aren't running one, stop what you're doing right now, turn off the machine and don't start it up again until you have one installed and running. Yes, it's that important.

Windows Image Acquisition (MANUAL) -  Controls web cams, cameras, and scanners.

Windows Installer (MANUAL) - Used to install applications that use .msi installation files.

Windows Management Instrumentation (AUTOMATIC) - Windows requires it. If you don't want your computer to work, JUST set this to Disabled.

Windows Management Instrumentation Driver Extension (AUTOMATIC) - Same as above Supposedly not available in XP Home

Windows Time (DISABLE) - Connects to a server to get correct time. Only needed if you want to synchronize your clock to a time server.

Wireless Zero Configuration (DISABLE) - Auto configuration for wireless devices. Turn off if you don't have wireless devises

WMI Performance Adapter (MANUAL) -  Provides performance library information from WMI HiPerf providers.

Workstation (AUTOMATIC) -If the Workstation service is disabled, the system cannot connect to any shared file resources or shared print resources on a network. Only use this workaround on stand-alone systems (such as many home systems) that do not connect to a network.