Posted on by —

I finally took the plunge and installed Windows 7 on my Dell Netbook (Inspiron mini iM10-008B). I originally bought the Dell to make it into a Hackbook but after I realized how time-intensive the initial setup may be, I looked to installing Win 7 for instant newness gratification. Initially, I was going to install the Enterprise version of Win 7 like I had done with Vista, but I decided on Ultimate since Ultimate is essentially the “Enterprise version for consumers” and I didn’t have to have a local Key server around to validate my install. The Netbook I purchased came with only 1GB RAM so it’s especially important that I keep it running as efficiently as possible. I performed the basic tweak of setting Win 7 for Best Performance and then began checking out which services I could disable. I found page and used that as a guide to modifying my own services. His recommendations appeared more geared towards machines that are not on a domain, so my setup is a bit different from his. I havea Windows 2008-based domain and, while I know it offers a lot of Vista/7 specific features, I don’t have time to explore them right all so my setup is geared towards a basic domain membership. Ultimately, I was able to reduce initial memory usage to 480 MB. That’s a lot, but better than the ~600MB or so used by default. There are 144 services that I reviewed, including the AVG firewall service. So without further ado… Name Description Start up Application Experience Processes application compatibility cache requests for applications as they are launched Manual Application Layer Gateway Service Provides support for 3rd party protocol plug-ins for Internet Connection Sharing Disabled Application Identity Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced. Manual Application Information Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users willbe unable to launch applications with the additional administrative privileges they may require to perform desired user tasks. Manual Application Management Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start. Disabled Windows Audio Endpoint Builder Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start Auto Windows Audio Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start Auto AVG Free8 WatchDog AutoActiveX Installer (AxInstSV) Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings. Disabled BitLocker Drive Encryption Service BDESVC hosts the BitLocker Drive Encryption service. BitLocker Drive Encryption provides secure startup for the operating system, as well as full volume encryption for OS, fixed or removable volumes. This service allows BitLocker to prompt users for various actions related to their volumes when mounted, and unlocks volumes automatically without user interaction. Additionally, it stores recovery information to Active Directory, if available, and, if necessary, ensures the most recent recovery certificates are used. Stopping or disabling the service would prevent users from leveraging thisfunctionality. Disabled Base Filtering Engine The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications. Auto Background Intelligent Transfer Service Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information. Manual Computer Browser Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. Manual BluetoothSupport Service The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated. Manual Certificate Propagation Copies user certificates and root certificates from smart cards into the current user’s certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver. Disabled Microsoft .NET Framework NGEN v2.0.50727_X86 Microsoft .NET Framework NGEN Manual COM+ System Application Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Manual Cryptographic Services Provides four management services: Catalog DatabaseService, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Auto Offline Files The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state. Disabled DCOM Server Process Launcher The DCOMLAUNCH service launches COM and DCOM servers in response to objectactivation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running. Auto Disk Defragmenter Provides Disk Defragmentation Capabilities. Manual DHCP Client Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start. Auto DNS Client The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer’s name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start. Auto Wired AutoConfig The Wired AutoConfig (DOT3SVC)service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service. Manual Diagnostic Policy Service The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function. Disabled Extensible Authentication Protocol The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If youdisable this service, this computer is prevented from accessing networks that require EAP authentication. Manual Encrypting File System (EFS) Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files. Disabled Windows Media Center Receiver Service Windows Media Center Service for TV and FM broadcast reception Disabled Windows Media Center Scheduler Service Starts and stops recording of TV programs within Windows Media Center Disabled Windows Event Log This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system. Auto COM+ Event System Supports System Event Notification Service (SENS), which provides automaticdistribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. Auto Fax Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network. Disabled Function Discovery Provider Host The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services – Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources. Disabled Function Discovery Resource Publication Publishes thiscomputer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network. Disabled Windows Font Cache Service Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance. Manual Windows Presentation Foundation Font Cache 3.0.0.0 Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications. Manual Group Policy Client The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service isstopped or disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is stopped or disabled. Auto Human Interface Device Access Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start. Disabled Health Key and Certificate Management Provides X.509 certificate and key management services for the Network Access Protection Agent (NAPAgent). Enforcement technologies that use X.509 certificates may not function properly without this service Manual HomeGroup Listener Makes local computer changes associated withconfiguration and maintenance of the homegroup-joined computer. If this service is stopped or disabled, your computer will not work properly in a homegroup and your homegroup might not work properly. It is recommended that you keep this service running. Disabled HomeGroup Provider Performs networking tasks associated with configuration and maintenance of homegroups. If this service is stopped or disabled, your computer will be unable to detect other homegroups and your homegroup might not work properly. It is recommended that you keep this service running. Disabled Windows CardSpace Securely enables the creation, management, and disclosure of digital identities. Disabled IKE and AuthIP IPsec Keying Modules The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE andAuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running. Auto PnP-X IP Bus Enumerator The PnP-X bus enumerator service manages the virtual network bus. It discovers network connected devices using the SSDP/WS discovery protocols and gives them presence in PnP. If this service is stopped or disabled, presence of NCD devices will not be maintained in PnP. All pnpx based scenarios will stop functioning. Disabled IP Helper Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer. Disabled CNG Key Isolation The CNG key isolation service is hosted in the LSA process. The serviceprovides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements. Manual KtmRm for Distributed Transaction Coordinator Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start. Manual Server Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Auto WorkstationCreates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Auto Link-Layer Topology Discovery Mapper Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly. Disabled TCP/IP NetBIOS Helper Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Auto Media Center Extender Service Allows Media Center Extenders to locate and connect to the computer. Disabled MultimediaClass Scheduler Enables relative prioritization of work based on system-wide task priorities. This is intended mainly for multimedia applications. If this service is stopped, individual tasks resort to their default priority. Manual Windows Firewall Windows Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network. Auto Distributed Transaction Coordinator Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start. Manual Microsoft iSCSI Initiator Service Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on itwill fail to start. Disabled Windows Installer Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start. Manual Network Access Protection Agent The Network Access Protection (NAP) agent service collects and manages health information for client computers on a network. Information collected by NAP agent is used to make sure that the client computer has the required software and settings. If a client computer is not compliant with health policy, it can be provided with restricted network access until its configuration is updated. Depending on the configuration of health policy, client computers might be automatically updated so that users quickly regain full network access without having to manually update their computer. Manual Netlogon Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this serviceis stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start. Auto Network Connections Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. Manual Network List Service Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change. Manual Net.Tcp Port Sharing Service Provides ability to share TCP ports over the net.tcp protocol. Disabled Network Location Awareness Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Auto NetworkStore Interface Service This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start. Auto Peer Networking Identity Manager Provides identity services for the Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Grouping services. If disabled, the Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Grouping services may not function, and some applications, such as HomeGroup and Remote Assistance, may not function correctly. Disabled Peer Networking Grouping Enables multi-party communication using Peer-to-Peer Grouping. If disabled, some applications, such as HomeGroup, may not function. Disabled Program Compatibility Assistant Service This service provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detectsknown compatibility problems. If this service is stopped, PCA will not function properly. Manual BranchCache This service caches network content from peers on the local subnet. Disabled Performance Logs & Alerts Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start. Manual Plug and Play Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. Auto PNRP Machine Name Publication Service This service publishes a machine name using the Peer Name Resolution Protocol. Configuration is managed via the netsh context ‘p2p pnrp peer’ Disabled Peer Name Resolution Protocol Enables serverless peer nameresolution over the Internet using the Peer Name Resolution Protocol (PNRP). If disabled, some peer-to-peer and collaborative applications, such as Remote Assistance, may not function. Disabled IPsec Policy Agent Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool “netsh ipsec”. If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Firewall is not available when this service is stopped. Manual Power Manages power policy and power policy notification delivery. Auto User Profile Service This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully logon orlogoff, applications may have problems getting to users’ data, and components registered to receive profile event notifications will not receive them. Auto Protected Storage Provides protected storage for sensitive data, such as passwords, to prevent access by unauthorized services, processes, or users. Manual Quality Windows Audio Video Experience Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization. Disabled Remote Access Auto Connection Manager Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address. Disabled Remote Access Connection Manager Manages dial-up and virtual private network (VPN)connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start. Manual Routing and Remote Access Offers routing services to businesses in local area and wide area network environments. Manual Remote Registry Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. Manual RPC Endpoint Mapper Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly. Auto Remote Procedure Call (RPC) Locator In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this servicedoes not provide any functionality and is present for application compatibility. Manual Remote Procedure Call (RPC) The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running Auto Security Accounts Manager The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled. Auto Smart Card Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. Ifthis service is disabled, any services that explicitly depend on it will fail to start. Disabled Task Scheduler Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. Auto Smart Card Removal Policy Allows the system to be configured to lock the user desktop upon smart card removal. Disabled Windows Backup Provides Windows Backup and Restore capabilities. Manual Secondary Logon Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Manual System Event Notification Service Monitors system events and notifies subscribers to COM+ Event System of these events.Manual Adaptive Brightness Monitors ambient light sensors to detect changes in ambient light and adjust the display brightness. If this service is stopped or disabled, the display brightness will not adapt to lighting conditions. Disabled Remote Desktop Configuration Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates. Manual Internet Connection Sharing (ICS) Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. Disabled Shell Hardware Detection Provides notifications for AutoPlay hardware events. Auto SNMP Trap Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on thiscomputer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start. Manual Print Spooler Loads files to memory for later printing Disabled Software Protection Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service. Manual SPP Notification Service Provides Software Licensing activation and notification Manual SSDP Discovery Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services thatexplicitly depend on it will fail to start. Manual Secure Socket Tunneling Protocol Service Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers. Manual Windows Image Acquisition (WIA) Provides image acquisition services for scanners and cameras Manual Microsoft Software Shadow Copy Provider Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start. Manual Superfetch Maintains and improves system performance over time. Auto Tablet PC Input Service Enables Tablet PC pen and ink functionality Disabled Telephony Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers thatare also running the service. Manual TPM Base Services Enables access to the Trusted Platform Module (TPM), which provides hardware-based cryptographic services to system components and applications. If this service is stopped or disabled, applications will be unable to use keys protected by the TPM. Manual Remote Desktop Services Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item. Manual Themes Provides user experience theme management. Disabled Thread Ordering Server Provides ordered execution for a group of threads within a specific period of time. Manual Distributed Link Tracking Client Maintains links between NTFS files within a computer or across computers in a network. Auto Windows Modules Installer Enables installation, modification, and removal of Windows updates andoptional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer. Manual Interactive Services Detection Enables user notification of user input for interactive services, which enables access to dialogs created by interactive services when they appear. If this service is stopped, notifications of new interactive service dialogs will no longer function and there might not be access to interactive service dialogs. If this service is disabled, both notifications of and access to new interactive service dialogs will no longer function. Manual Remote Desktop Services UserMode Port Redirector Allows the redirection of Printers/Drives/Ports for RDP connections Manual UPnP Device Host Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail tostart. Manual Desktop Window Manager Session Manager Provides Desktop Window Manager startup and maintenance services Disabled Credential Manager Provides secure storage and retrieval of credentials to users, applications and security service packages. Manual Virtual Disk Provides management services for disks, volumes, file systems, and storage arrays. Manual Volume Shadow Copy Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start. Manual Windows Time Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Manual Block Level Backup Engine Service The WBENGINE service is used byWindows Backup to perform backup and recovery operations. If this service is stopped by a user, it may cause the currently running backup or recovery operation to fail. Disabling this service may disable backup and recovery operations using Windows Backup on this computer. Manual Windows Biometric Service The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process. Disabled Windows Connect Now – Config Registrar WCNCSVC hosts the Windows Connect Now Configuration which is Microsoft’s Implementation of Wi-Fi Protected Setup (WPS) protocol. This is used to configure Wireless LAN settings for an Access Point (AP) or a Wi-Fi Device. The service is started programmatically as needed. Disabled Windows Color System The WcsPlugInService service hosts third-party Windows Color System color device model andgamut map model plug-in modules. These plug-in modules are vendor-specific extensions to the Windows Color System baseline color device and gamut map models. Stopping or disabling the WcsPlugInService service will disable this extensibility feature, and the Windows Color System will use its baseline model processing rather than the vendor’s desired processing. This might result in inaccurate color rendering. Manual Diagnostic Service Host The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function. Disabled Diagnostic System Host The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function. Disabled WebClient Enables Windows-based programs to create, access, and modifyInternet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. Manual Windows Event Collector This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted. Manual Problem Reports and Solutions Control Panel Support This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports and Solutions control panel. Disabled Windows Error Reporting Service Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic andrepair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed. Disabled Windows Defender Protection against spyware and potentially unwanted software Auto WinHTTP Web Proxy Auto-Discovery Service WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol. Manual Windows Management Instrumentation Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Auto Windows Remote Management(WS-Management) Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix. Manual WLAN AutoConfig The WLANSVC serviceprovides the logic required to configure, discover, connect to, and disconnect from a wireless local area network (WLAN) as defined by IEEE 802.11 standards. It also contains the logic to turn your computer into a software access point so that other devices or computers can connect to your computer wirelessly using a WLAN adapter that can support this. Stopping or disabling the WLANSVC service will make all WLAN adapters on your computer inaccessible from the Windows networking UI. It is strongly recommended that you have the WLANSVC service running if your computer has a WLAN adapter. Auto WMI Performance Adapter Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated. Manual Windows Media Player Network Sharing Service Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play Disabled ParentalControls This service is a stub for Windows Parental Control functionality that existed in Vista. It is provided for backward compatibility only. Disabled Portable Device Enumerator Service Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices. Manual Security Center The WSCSVC (Windows Security Center) service monitors and reports security health settings on the computer. The health settings include firewall (on/off), antivirus (on/off/out of date), antispyware (on/off/out of date), Windows Update (automatically/manually download and install updates), User Account Control (on/off), and Internet settings (recommended/not recommended). The service provides COM APIs for independent software vendors to register and record the state of their products to the Security Center service. The Action Center (AC) UI uses the service to providesystray alerts and a graphical view of the security health states in the AC control panel. Network Access Protection (NAP) uses the service to report the security health states of clients to the NAP Network Policy Server to make network quarantine decisions. The service also has a public API that allows external consumers to programmatically retrieve the aggregated security health state of the system. Auto Windows Search Provides content indexing, property caching, and search results for files, e-mail, and other content. Auto Windows Update Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API. Auto Windows Driver Foundation – User-mode Driver Framework Manages user-mode driver host processes. Auto WWAN AutoConfig This service manages mobile broadband(GSM & CDMA) data card/embedded module adapters and connections by auto-configuring the networks. It is strongly recommended that this service be kept running for best user experience of mobile broadband devices. Manual So far, I have been able to perform all my necessary network functions with no errors being reported at the server or client level. I am posting this primarily as a future reference for myself. Follow at your own risk. About Chrissy is a PowerShell MVP who has worked in IT for nearly 20 years, and currently serves as a Sr. Database Engineer in Belgium. Always an avid scripter, she attended the Monad session at Microsoft’s Professional Developers Conference in Los Angeles back in 2005 and has worked and played with PowerShell ever since. Chrissy is currently pursuing an MS in Systems Engineering at Regis University and helps maintain in her spare time. She holds a number of certifications, including those relating to SQL Server, SuSE Linux, SharePoint and networksecurity. She recently became co-lead of the . You can follow her on Twitter at .

Posted in , ,