Windows 7: Disable Unnecessary Services on a Domain Workstation

I finally took the plunge and installed Windows 7 on my Dell Netbook (Inspiron mini iM10-008B). I originally bought the Dell to make it into a Hackbook but after I realized how time-intensive the initial setup may be, I looked to installing Win 7 for instant newness gratification.

Initially, I was going to install the Enterprise version of Win 7 like I had done with Vista, but I decided on Ultimate since Ultimate is essentially the “Enterprise version for consumers” and I didn’t have to have a local Key server around to validate my install.

The Netbook I purchased came with only 1GB RAM so it’s especially important that I keep it running as efficiently as possible. I performed the basic tweak of setting Win 7 for Best Performance and then began checking out which services I could disable. I found Black Viper’s Service Configurations page and used that as a guide to modifying my own services. His recommendations appeared more geared towards machines that are not on a domain, so my setup is a bit different from his. I have a Windows 2008-based domain and, while I know it offers a lot of Vista/7 specific features, I don’t have time to explore them right all so my setup is geared towards a basic domain membership.

Ultimately, I was able to reduce initial memory usage to 480 MB. That’s a lot, but better than the ~600MB or so used by default. There are 144 services that I reviewed, including the AVG firewall service. So without further ado…

Name Description Start up
Application Experience Processes application compatibility cache requests for applications as they are launched Manual
Application Layer Gateway Service Provides support for 3rd party protocol plug-ins for Internet Connection Sharing Disabled
Application Identity Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced. Manual
Application Information Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks. Manual
Application Management Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start. Disabled
Windows Audio Endpoint Builder Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start Auto
Windows Audio Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start Auto
AVG Free8 WatchDog Auto
ActiveX Installer (AxInstSV) Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings. Disabled
BitLocker Drive Encryption Service BDESVC hosts the BitLocker Drive Encryption service. BitLocker Drive Encryption provides secure startup for the operating system, as well as full volume encryption for OS, fixed or removable volumes. This service allows BitLocker to prompt users for various actions related to their volumes when mounted, and unlocks volumes automatically without user interaction. Additionally, it stores recovery information to Active Directory, if available, and, if necessary, ensures the most recent recovery certificates are used. Stopping or disabling the service would prevent users from leveraging this functionality. Disabled
Base Filtering Engine The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications. Auto
Background Intelligent Transfer Service Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information. Manual
Computer Browser Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. Manual
Bluetooth Support Service The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated. Manual
Certificate Propagation Copies user certificates and root certificates from smart cards into the current user’s certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver. Disabled
Microsoft .NET Framework NGEN v2.0.50727_X86 Microsoft .NET Framework NGEN Manual
COM+ System Application Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Manual
Cryptographic Services Provides four management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Auto
Offline Files The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state. Disabled
DCOM Server Process Launcher The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running. Auto
Disk Defragmenter Provides Disk Defragmentation Capabilities. Manual
DHCP Client Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start. Auto
DNS Client The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer’s name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start. Auto
Wired AutoConfig The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service. Manual
Diagnostic Policy Service The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function. Disabled
Extensible Authentication Protocol The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication. Manual
Encrypting File System (EFS) Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files. Disabled
Windows Media Center Receiver Service Windows Media Center Service for TV and FM broadcast reception Disabled
Windows Media Center Scheduler Service Starts and stops recording of TV programs within Windows Media Center Disabled
Windows Event Log This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system. Auto
COM+ Event System Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. Auto
Fax Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network. Disabled
Function Discovery Provider Host The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services – Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources. Disabled
Function Discovery Resource Publication Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network. Disabled
Windows Font Cache Service Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance. Manual
Windows Presentation Foundation Font Cache 3.0.0.0 Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications. Manual
Group Policy Client The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is stopped or disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is stopped or disabled. Auto
Human Interface Device Access Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start. Disabled
Health Key and Certificate Management Provides X.509 certificate and key management services for the Network Access Protection Agent (NAPAgent). Enforcement technologies that use X.509 certificates may not function properly without this service Manual
HomeGroup Listener Makes local computer changes associated with configuration and maintenance of the homegroup-joined computer. If this service is stopped or disabled, your computer will not work properly in a homegroup and your homegroup might not work properly. It is recommended that you keep this service running. Disabled
HomeGroup Provider Performs networking tasks associated with configuration and maintenance of homegroups. If this service is stopped or disabled, your computer will be unable to detect other homegroups and your homegroup might not work properly. It is recommended that you keep this service running. Disabled
Windows CardSpace Securely enables the creation, management, and disclosure of digital identities. Disabled
IKE and AuthIP IPsec Keying Modules The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running. Auto
PnP-X IP Bus Enumerator The PnP-X bus enumerator service manages the virtual network bus. It discovers network connected devices using the SSDP/WS discovery protocols and gives them presence in PnP. If this service is stopped or disabled, presence of NCD devices will not be maintained in PnP. All pnpx based scenarios will stop functioning. Disabled
IP Helper Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer. Disabled
CNG Key Isolation The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements. Manual
KtmRm for Distributed Transaction Coordinator Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start. Manual
Server Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Auto
Workstation Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Auto
Link-Layer Topology Discovery Mapper Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly. Disabled
TCP/IP NetBIOS Helper Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Auto
Media Center Extender Service Allows Media Center Extenders to locate and connect to the computer. Disabled
Multimedia Class Scheduler Enables relative prioritization of work based on system-wide task priorities. This is intended mainly for multimedia applications. If this service is stopped, individual tasks resort to their default priority. Manual
Windows Firewall Windows Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network. Auto
Distributed Transaction Coordinator Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start. Manual
Microsoft iSCSI Initiator Service Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start. Disabled
Windows Installer Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start. Manual
Network Access Protection Agent The Network Access Protection (NAP) agent service collects and manages health information for client computers on a network. Information collected by NAP agent is used to make sure that the client computer has the required software and settings. If a client computer is not compliant with health policy, it can be provided with restricted network access until its configuration is updated. Depending on the configuration of health policy, client computers might be automatically updated so that users quickly regain full network access without having to manually update their computer. Manual
Netlogon Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start. Auto
Network Connections Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. Manual
Network List Service Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change. Manual
Net.Tcp Port Sharing Service Provides ability to share TCP ports over the net.tcp protocol. Disabled
Network Location Awareness Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Auto
Network Store Interface Service This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start. Auto
Peer Networking Identity Manager Provides identity services for the Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Grouping services. If disabled, the Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Grouping services may not function, and some applications, such as HomeGroup and Remote Assistance, may not function correctly. Disabled
Peer Networking Grouping Enables multi-party communication using Peer-to-Peer Grouping. If disabled, some applications, such as HomeGroup, may not function. Disabled
Program Compatibility Assistant Service This service provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detects known compatibility problems. If this service is stopped, PCA will not function properly. Manual
BranchCache This service caches network content from peers on the local subnet. Disabled
Performance Logs & Alerts Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start. Manual
Plug and Play Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. Auto
PNRP Machine Name Publication Service This service publishes a machine name using the Peer Name Resolution Protocol. Configuration is managed via the netsh context ‘p2p pnrp peer’ Disabled
Peer Name Resolution Protocol Enables serverless peer name resolution over the Internet using the Peer Name Resolution Protocol (PNRP). If disabled, some peer-to-peer and collaborative applications, such as Remote Assistance, may not function. Disabled
IPsec Policy Agent Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool “netsh ipsec”. If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Firewall is not available when this service is stopped. Manual
Power Manages power policy and power policy notification delivery. Auto
User Profile Service This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully logon or logoff, applications may have problems getting to users’ data, and components registered to receive profile event notifications will not receive them. Auto
Protected Storage Provides protected storage for sensitive data, such as passwords, to prevent access by unauthorized services, processes, or users. Manual
Quality Windows Audio Video Experience Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization. Disabled
Remote Access Auto Connection Manager Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address. Disabled
Remote Access Connection Manager Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start. Manual
Routing and Remote Access Offers routing services to businesses in local area and wide area network environments. Manual
Remote Registry Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. Manual
RPC Endpoint Mapper Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly. Auto
Remote Procedure Call (RPC) Locator In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility. Manual
Remote Procedure Call (RPC) The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running Auto
Security Accounts Manager The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled. Auto
Smart Card Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start. Disabled
Task Scheduler Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. Auto
Smart Card Removal Policy Allows the system to be configured to lock the user desktop upon smart card removal. Disabled
Windows Backup Provides Windows Backup and Restore capabilities. Manual
Secondary Logon Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Manual
System Event Notification Service Monitors system events and notifies subscribers to COM+ Event System of these events. Manual
Adaptive Brightness Monitors ambient light sensors to detect changes in ambient light and adjust the display brightness. If this service is stopped or disabled, the display brightness will not adapt to lighting conditions. Disabled
Remote Desktop Configuration Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates. Manual
Internet Connection Sharing (ICS) Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. Disabled
Shell Hardware Detection Provides notifications for AutoPlay hardware events. Auto
SNMP Trap Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start. Manual
Print Spooler Loads files to memory for later printing Disabled
Software Protection Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service. Manual
SPP Notification Service Provides Software Licensing activation and notification Manual
SSDP Discovery Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start. Manual
Secure Socket Tunneling Protocol Service Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers. Manual
Windows Image Acquisition (WIA) Provides image acquisition services for scanners and cameras Manual
Microsoft Software Shadow Copy Provider Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start. Manual
Superfetch Maintains and improves system performance over time. Auto
Tablet PC Input Service Enables Tablet PC pen and ink functionality Disabled
Telephony Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service. Manual
TPM Base Services Enables access to the Trusted Platform Module (TPM), which provides hardware-based cryptographic services to system components and applications. If this service is stopped or disabled, applications will be unable to use keys protected by the TPM. Manual
Remote Desktop Services Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item. Manual
Themes Provides user experience theme management. Disabled
Thread Ordering Server Provides ordered execution for a group of threads within a specific period of time. Manual
Distributed Link Tracking Client Maintains links between NTFS files within a computer or across computers in a network. Auto
Windows Modules Installer Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer. Manual
Interactive Services Detection Enables user notification of user input for interactive services, which enables access to dialogs created by interactive services when they appear. If this service is stopped, notifications of new interactive service dialogs will no longer function and there might not be access to interactive service dialogs. If this service is disabled, both notifications of and access to new interactive service dialogs will no longer function. Manual
Remote Desktop Services UserMode Port Redirector Allows the redirection of Printers/Drives/Ports for RDP connections Manual
UPnP Device Host Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start. Manual
Desktop Window Manager Session Manager Provides Desktop Window Manager startup and maintenance services Disabled
Credential Manager Provides secure storage and retrieval of credentials to users, applications and security service packages. Manual
Virtual Disk Provides management services for disks, volumes, file systems, and storage arrays. Manual
Volume Shadow Copy Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start. Manual
Windows Time Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Manual
Block Level Backup Engine Service The WBENGINE service is used by Windows Backup to perform backup and recovery operations. If this service is stopped by a user, it may cause the currently running backup or recovery operation to fail. Disabling this service may disable backup and recovery operations using Windows Backup on this computer. Manual
Windows Biometric Service The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process. Disabled
Windows Connect Now – Config Registrar WCNCSVC hosts the Windows Connect Now Configuration which is Microsoft’s Implementation of Wi-Fi Protected Setup (WPS) protocol. This is used to configure Wireless LAN settings for an Access Point (AP) or a Wi-Fi Device. The service is started programmatically as needed. Disabled
Windows Color System The WcsPlugInService service hosts third-party Windows Color System color device model and gamut map model plug-in modules. These plug-in modules are vendor-specific extensions to the Windows Color System baseline color device and gamut map models. Stopping or disabling the WcsPlugInService service will disable this extensibility feature, and the Windows Color System will use its baseline model processing rather than the vendor’s desired processing. This might result in inaccurate color rendering. Manual
Diagnostic Service Host The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function. Disabled
Diagnostic System Host The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function. Disabled
WebClient Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. Manual
Windows Event Collector This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted. Manual
Problem Reports and Solutions Control Panel Support This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports and Solutions control panel. Disabled
Windows Error Reporting Service Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed. Disabled
Windows Defender Protection against spyware and potentially unwanted software Auto
WinHTTP Web Proxy Auto-Discovery Service WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol. Manual
Windows Management Instrumentation Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Auto
Windows Remote Management (WS-Management) Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix. Manual
WLAN AutoConfig The WLANSVC service provides the logic required to configure, discover, connect to, and disconnect from a wireless local area network (WLAN) as defined by IEEE 802.11 standards. It also contains the logic to turn your computer into a software access point so that other devices or computers can connect to your computer wirelessly using a WLAN adapter that can support this. Stopping or disabling the WLANSVC service will make all WLAN adapters on your computer inaccessible from the Windows networking UI. It is strongly recommended that you have the WLANSVC service running if your computer has a WLAN adapter. Auto
WMI Performance Adapter Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated. Manual
Windows Media Player Network Sharing Service Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play Disabled
Parental Controls This service is a stub for Windows Parental Control functionality that existed in Vista. It is provided for backward compatibility only. Disabled
Portable Device Enumerator Service Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices. Manual
Security Center The WSCSVC (Windows Security Center) service monitors and reports security health settings on the computer. The health settings include firewall (on/off), antivirus (on/off/out of date), antispyware (on/off/out of date), Windows Update (automatically/manually download and install updates), User Account Control (on/off), and Internet settings (recommended/not recommended). The service provides COM APIs for independent software vendors to register and record the state of their products to the Security Center service. The Action Center (AC) UI uses the service to provide systray alerts and a graphical view of the security health states in the AC control panel. Network Access Protection (NAP) uses the service to report the security health states of clients to the NAP Network Policy Server to make network quarantine decisions. The service also has a public API that allows external consumers to programmatically retrieve the aggregated security health state of the system. Auto
Windows Search Provides content indexing, property caching, and search results for files, e-mail, and other content. Auto
Windows Update Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API. Auto
Windows Driver Foundation – User-mode Driver Framework Manages user-mode driver host processes. Auto
WWAN AutoConfig This service manages mobile broadband (GSM & CDMA) data card/embedded module adapters and connections by auto-configuring the networks. It is strongly recommended that this service be kept running for best user experience of mobile broadband devices. Manual

So far, I have been able to perform all my necessary network functions with no errors being reported at the server or client level. I am posting this primarily as a future reference for myself. Follow at your own risk.

Posted in Active Directory, Networking, Windows
10 comments on “Windows 7: Disable Unnecessary Services on a Domain Workstation
  1. Great post, Chrissy! I'm still tweaking Win7 and trying to get as much horsepower as I can out of it. If you're still in Laffy, I owe you a cup of Joe for this post!

  2. Спасибо! а еще посты на эту тему будут?

  3. onemorenerd says:

    Security Center – Auto
    What for?

  4. onemorenerd says:

    Security Center – Auto
    What for?

  5. Amache says:

    liked your setup, thanks for sharing.
    it appeared you do not use homegroup or home networking, as those were the areas i felt differed from my setup.
    thanks again.
    bill

  6. Hey buddy! Check out BlackViper.com. This guy has been posting different Win32/64 service configs for some time.

  7. Edmund WR3 says:

    Excellent posting. I have tried your suggestions at our small office network and I could not agree more. However, based on the last four months in using WIN7, I'll be buying an Apple iMac for my home use.

  8. Steven says:

    Hej,

    Your numbers only show Win7 it's not meant to be run on a nettop.
    Install openSUSE on it and you'll get a fully operational OS with GUI and everything using 100 MB of RAM…
    Installed Win7 on a i7 quad core laptop and was very disappointed with the performance. Now it's running OS11.3 with minimal tweaking and it's flying…

  9. NoClaim says:

    if something goes wrong how do i reset everything to default setting.Will system restore do?

  10. NoClaim says:

    what if something goes wrong,can i reset everything to default with system restore

2 Pings/Trackbacks for "Windows 7: Disable Unnecessary Services on a Domain Workstation"
  1. [...] System services [type in start->search->services.msc] .Here is a suggested lists for Wndows7 http://blog.netnerds.net/2009/10…5.Use a better registry cleaner like "CCleaner" ,.With this you can check out registry [...]

Add Comment Register



Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">