Windows XP Services. What Can Be Turned Off? What
Needs To Be Left Alone?
Turning off certain services in Windows XP can really increase system
performance and at the same time lessen your risk of a hacker
exploiting or compromising your computer.
Unnessasary services can not only subject you to a security risk but
can also slow down the operation of your computer.
These are my personal settings and reccemendations for services that I
use and have gotten through much searching and reading.
I would advise anyone who is not very computer savvy ( or just
forgetful like me) to write down or print out any changes you
made just in case you need to go back to the original settings and may
not remember everything you did.
up your system prior to making any changes is also another very good
The first thing we need to do is go to Windows Services in Windows XP.
Click on Start,Control Panel, Administration Tools, and then Services
Below is a Step by Step set of screen shots to show you how to get to
Bear in mind that your View settings could make your system look a
little differently but the pathway is the same.
Click on Start then on Control Panel
In Control Panel click on Administration Tools
In Administration Tools Click on Services
Choose the service you wish to modify
Right click and select Properties
Once you have selected a service you wish to modify you have up to
three different buttons to disable a service, leave it automatic or to
set it as manual.
as a table with Default,Safe,Internet Gateway, and Gaming Configurations
- Announces users of administrative alerts. Usually useless unless you
are a part of a network with a system administrator.
Application Layer Gateway Service (MANUAL) - Used
to Assign Publish and Remove software services. On manual, it will
start only if needed.
Application Management Service (MANUAL)
- Used when you add or remove software
Automatic Updates (DISABLE/AUTOMATIC)
- Go to windowsupadate.microsoft.com for any updates. Leave
one on if you can not remember to check for updates. Before doing any
updates you should make a restore point to go back to just in case
things don't go as expected.
Background Intelligent transfer Service (Manual) - Used
for asincronous data transfer with http 1.1 servers.
to stare information (cut/copy/paste) and share them with other PCs.
Usually useless unless you are cutting and pasting to another user on
the same network.
COM+ Event System (MANUAL)
- There are almost no apps that use COM+, but on manual it will start
COM+ System Application (MANUAL)
- Same as above.
Computer Browser (DISABLE)
- A list with network computers. This service is not required for a
stand-alone system. If you wanna share files, it must be started. Most
users are not on a network and do not need this service. If you are on
a network you need to set this one to Automatic
Cryptographic Services Service (MANUAL)
- Provides the annoying boxes that pop up telling you a
you are about to install isn't digitally signed. If you disable this
service you'll be flooded with uncertified driver notifications.
DCOM Server Process Launcher (AUTOMATIC) -
Provides launch functionality for DCOM services. Added with SP2
DHCP Client (AUTOMATIC)
Gets a dynamic IP from your DHCP server. If you have a static IP( IP
that does not change) you can disable this service (very few home users
have static IP Addresses). Required for most DSL/Cable connections.
Distributed Link Tracking (DISABLE)
- Maintains links with NTFS files in your PC or a domain. Usually not
required unless you are on a network and share files between different
Distributed Transaction Coordinator (DISABLE) - Takes
care of the transactions that require multiple resources. Serves no
purpose for most home users.
DNS Client (AUTOMATIC)
- Takes care of DNS names and control functions of the Active Directory
domain. Helps on line. Leave it on.
Error Reporting Service (DISABLE)
- The box that pops up wanting you to report an application error or
system crash to Microsoft. I have heard that they actually use this
information but no one can confirm that anything is ever done. A waste
of resources in my opinion.I find cussing the application that crashed
to be much better for me therapeuticly.
Event log (AUTOMATIC)
This allows Event Log messages from the applications to be seen in
Event Viewer. This should be on; windows can get very upset if it's
Fast User Switching Compatibility (AUTOMATIC) -
Disable it if you do not have multiple accounts on your computer.
Fax Service (DISABLE)
- Not installed by default, so leave it off.
FTP Publishing Service (DISABLE)
- Used for having a FTP server or your network. Activate it only if you
really need it.
Help and Support (DISABLE)
- Resource eater. Disable it. Warning: it will auto-activate if you
access Start->Help or press F1. Usually you can find better
information by doing a goggle search.
HTTP SSL (AUTOMATIC)
- A security provision that allows use of HTTPS (banks and e-commerce
sites) Set it to Manual and it will kick in when needed but to be on
the safe side Automatic is reccomended.
Human Interface Device Access (DISABLE)
- Enables generic input access to Human Interface Devices
which activates and maintains the use of predefined hot buttons on
keyboards, remote controls, and other multimedia devices. If any of
your peripherals don't work, leave it on. If alls ok, disabled.
IIS Admin (DISABLE)
- Usually used with a local web server of ftp.
IMAPI CD-Burning COM Service (MANUAL)
- Used to "burn" CDs. If you do not have a cd/dvd burner you can turn
this one off
Indexing Service (MANUAL)
- Indexes contents and properties of files on local and
computers; provides rapid access to files through flexible querying
language. This is a super resource eater.It indexes contents and
properties on local and remote computers. some reccomend that this one
Internet Connection - Firewall (ICF) / Sharing (ICS) Service (AUTOMATIC)
- Provides network address translation, addressing, name
resolution and/or intrusion prevention services for a home or small
IPSEC Services (MANUAL)
- A host authentification device for data transfer and encryption
operations on a domain
Logical Disk Manager (AUTOMATIC)
- Vital to run managing and updating the hard drives
Logical Disk Manager Administrative Service (MANUAL)
- Works in conjunction with Logical Disk Manager, but can be
to Manual and it will be started for configuration processes.
Machine Debug Manager (MANUAL)
- Manages local and remote debugging for Visual Studio debuggers
Message Queuing (DISABLE)
- Not installed. Leave it this way.
Message Queuing Triggers (DISABLE)
- Same as above.
Transmits and sends net and Alerter messages between clients and
servers. This service is not related to Windows Messenger.
MS Software Shadow Copy Provider (MANUAL) - Used
with Volume Shadow Copy Service.
Net Login (DISABLE)
- Used to login to a Domain Controller. No domain then no need for this
NetMeeting Remote Desktop Sharing (DISABLE)
- Supports pass through authentication of logon events for computers in
a domain. Allows a remote user with NetMeeting to access your computer.
Useless for most users.Security bug. Disable it
Network Connections (AUTOMATIC)
- Basicly this controls the network and your ability to connect to the
internet. Required for network setup.
Network DDE (DISABLE)
- Don't activate if you don't use the clipbook service.
Network DDE DSDM (DISABLE)
- Same as above.
Network Location Awareness (NLA) (MANUAL) - Used
with Internet Connection Sharing.
NT LM Security Suport Provider (MANUAL)
- Not necesarry unless you use Message Queuing or a Telnet server.
Performance Logs and Alerts (DISABLE)
- Gathers various performance info and logs it or activates an alert. A
way to monitor sytem performance. If the box and network stats interest
you set this to Manual. If you are like me and ignorance is bliss
simply Disable it
Plug and Play (AUTOMATIC)
- If you change any components, this service will detect it. Leave this
Portable Media Serial Number (DISABLE)
- Retrieves serial numbers from connected mobile music players. Disable
it if everything works fine.
Print Spooler (AUTOMATIC)
If you have no printer either locally or a network sever then you can
safely disable this one otherwise leave it on Automatic
Protected Storage (AUTOMATIC)
- Allows saving local password or Auto complete web information. Let it
on if you use autocomplete. If you do not use auto complete you can
safely turn off this service. While this service is not needed, most
users will want it to avoid constantly having to type passwords.
However, be aware it does carry risks, especially if your firewall
security and security patch updating is lax.
QoS RSVP (DISABLE)
Supposedly this will provide a load balancing that shifts bandwidth
between applications. Usally this one is another uneeded service.
Remote Access Auto Connection Manager (AUTOMATIC/MANUAL)
- Created a connection to a program when it requires an address. Best
to set this one to Manual and if you have problems change it to
Remote Access Connection Manager (MANUAL) -
Creates a network connection Definatly required if you are using
internet connection sharing.
Remote Desktop Help Session Manager (DISABLE)
- Manages and controls remote assistance. If this service is stopped
remote desktop assistance will not work. Unless you really
remote assistance this is a potential security breach. If the time were
to come that you did need it you can always turn it back on
Remote Procedure Call (RPC) (AUTOMATIC)
- Critical importance. Let it on automatic. Almost no one knows what
this service actually does but if you turn it off your computer will be
pretty much useless LEAVE IT ON AUTOMATIC
Remote procedure Call (RPC) Locator (MANUAL) -
Manages the RPC service data base. As important as Remote Procedure
Call is better not turn this one off.
Remote Registry Service (DISABLE)
- A no brainer, do you really want someone to be able to edit your
registry remotely? I sure don't. Security breach.
Removable Storage (MANUAL/DISABLE)
- If you have devises like zip drives,tape drives or maybe a graphics
pen you will need this one set to manual otherwise you can set this one
as disabled. If you have trouble with your cd rom after disabling this
one set to Manual or Automatic
Routing and Remote Access (DISABLE)
- Allows LAN or WAN dial in access to your computer. Very doubtful that
any home users ever need this one.
ScriptBlocking Service (AUTOMATIC)
Installed by Symantec and relates to malicious script blocking.
Secondary Logon (AUTOMATIC/DISABLE)
- This one enables logon with alternate credentials. This can be a
useful feature but can present a security compromise. Usally can be
turned off safely.
Security Accounts Manager (AUTOMATIC/DISABLE)
- Related to the Secondary Logon function and another
info warehouse, similar to Protected Storage.Could be a potential
security breach. Same as above
Security Center (AUTOMATIC)
Monitors security settings and configurations.
- If you are part of a network leave this one on. If you are not part
of a LAN then you can turn this one off.
Shell Hardware Detection (AUTOMATIC)
- Autoplay for memory cards. You decide. Disable only you don't have
Smart Card (DISABLE)
- If you don't have a "Smart Card" you do not need this service.
Smart Card Helper (DISABLE)
- Same as above.
SSDP Discovery Service (DISABLE)
- Enables the discovery of UPnP devices on your network. A UPnP device
is external (not inside the computer case) and a part of the local
network. Not on a network you sure don't need it Huge security risk.
System Event Notification (AUTOMATIC)
- Whether or not your system actually needs this will depend on what
you have installed but many applications are dependent on this one.
Best to leave it on.
System Restore Service (AUTOMATIC)
- Some people reccomend turning this service off because it is a
resource hog but if you do then you do not have a back up point to
restore your system. Very good service for those of us who may not be
very discriminating when it comes to downloading things from the web.
Task Scheduler (AUTOMATIC)
- I just think of this as an aid to my memory as I get older
more forgetful. It's used in conjunction with programs that like to run
on a schedule, such as virus scanners, backups, defrag utilities, etc.
If you can remember every task that needs to be done without help,
disable this service.
TCP/IP NetBIOS Helper Service (DISABLE)
- If you don't use Netbios, disable it. It's also a security breach.
- Basically controls all dialup activity and in some cases
remote login 'feature' that is a major security hole. Unless you have a
specific reason to use this, keep it disabled. Even Microsoft has
changed the default to Disabled with the release of SP2, Disable it.
Terminal Services (MANUAL/DISABLE)
- Used for Fast User Switching, Remote Desktop & Remote
Assistance. Allows multiple users to be connected
to a machine as well as the display of desktops and applications to
remote computers. If you use any of these services
to manual. If not, disabled is the way to go.
Provides user with theme management. If you like themes in XP set this
one to Manual. If you do not use themes then you can disable it. If you
have multiple users who use themes you may wish to set this one to
Uninterruptible Power Supply (DISABLE)
- If you don't have an Uninterruptible Power Supply, turn it off.
Universal Plug and Play Device Host (MANUAL)
- Security breach but used with SSDP Discovery Service,detcts and
configurs your UPnP devices in your network. Can be disabled.
Upload Manager (DISABLE)
- Pretty much a useless service. Obsolete.
Volume Shadow Copy (MANUAL/DISABLE)
- Related to using the Microsoft Backup Utility. If you use
you might want to set this to Manual, but otherwise --- Should have the
same setting as MS Software Shadow Copy Provider.
Software Shadow Copy Provider Service. - Same as above.
users outside of Microsoft can not tell whether this service is needed
or not. Has been tried as Disabled,Manual, or Automatic with no
discernable differEnces noted. Microsoft does reccomend setting to
Automatic so who knows.
Windows Audio (AUTOMATIC)
- Controls all audio functions. If you don't have sound
Windows Firewall/Internet Connection Sharing (AUTOMATIC)
- Leave this on Automatic even if you're running a third-party firewall
- and if you aren't running one, stop what you're doing right now, turn
off the machine and don't start it up again until you have one
installed and running. Yes, it's that important.
Windows Image Acquisition (MANUAL)
- Controls web cams, cameras, and scanners.
Windows Installer (MANUAL)
- Used to install applications that use .msi installation files.
Windows Management Instrumentation (AUTOMATIC) -
Windows requires it. If you don't want your computer to work, JUST set
this to Disabled.
Windows Management Instrumentation Driver Extension (AUTOMATIC) -
Same as above Supposedly not available in XP Home
Windows Time (DISABLE)
- Connects to a server to get correct time. Only needed if you want to
synchronize your clock to a time server.
Wireless Zero Configuration (DISABLE)
- Auto configuration for wireless devices. Turn off if you don't have
WMI Performance Adapter (MANUAL)
- Provides performance library information from WMI HiPerf
the Workstation service is disabled, the system cannot connect to any
shared file resources or shared print resources on a network. Only use
this workaround on stand-alone systems (such as many home systems) that
do not connect to a network.