Version 1.

Windows XP services that can be disabled June 15, 2005

By Scott Lowe

One of the most effective ways to secure a Windows workstation is to turn off unnecessary services. This reference sheet lists the Windows XP SP 2
services, describes each service's function, specifies whether you can safely disable the service, and outlines the ramifications of disabling the service.
The list assumes the machines is running Windows XP SP2 in a corporate network environment. The list offers one of the following three possibilities for
safely disabling each service:
• YES = You can disable the service without causing any problems.
• MAYBE = The computer's role dictates whether you should or should not disable the service--read the special considerations for further
• NO = The service is critical to proper Windows operation and should not be disabled.

Service Description Safely Ramifications if disabled Suggested Special

Disable? setting Considerations

Alerter Notifies selected users and computers of Yes Programs that use administrative Disable
administrative alerts alerts will not receive them.

Application Provides support for application-level Maybe Programs that rely on this service, Enable Only enable when using
Layer protocol plug-ins and enables such as MSN Messenger and the Windows firewall or
Gateway network/protocol connectivity Windows Messenger will not another firewall. Failure
function. to do so can result in a
significant security hole.

Application Processes installation, removal, and Yes Users will be unable to install, Disable
Management enumeration requests for Active Directory remove, or enumerate any
IntelliMirror group policy programs IntelliMirror programs.

Automatic Enables the download and installation of Yes The operating system cannot Enable Automatic updates help
Updates critical Windows updates automatically install updates, but keep your computer
can still be manually updated at the current. If you do disable
Windows Update Web site. the service, perform
regular, manual updates.

Background Transfers data between clients and Yes Features such as Windows Update Disable Enable this services if
Intelligent servers in the background will not work properly. you enable Automatic
Transfer Updates.

Windows XP services that can be disabled

Service Description Safely Ramifications if disabled Suggested Special

Disable? setting Considerations

ClipBook Enables ClipBook Viewer to store Yes ClipBook Viewer will not be able to Disable
information and share it with remote share information with remote
computers computers.

COM+ Event Allows management of Component No System Event Notification stops Enable
System/Syste Services by providing automatic working, which means that logon
m Application distribution of events to subscribing COM and logoff notifications will not take
components place. Other applications, such as
Volume Snapshot service, will not
work correctly.

Computer Maintains an up-to-date list of computers Yes Your computer will be unable to Enable Enable this service, if you
Browser on your network, and supplies the list to locate other Windows computers on need to share files with
programs that request it. The Computer the network other Windows
Browser service is used by Windows- computers.
based computers that need to view
network domains and resources.

Cryptographic Provides three management services: No The associated management Enable Required if you use the
services Catalog Database Service, which services will not function properly. Automatic Updates
confirms the signatures of Windows files; Windows service; Also
Protected Root Service, which adds and used by other Windows
removes Trusted Root Certification services, such as Task
Authority certificates from this computer; Manager.
and Key Service, which helps enroll this
computer for certificates

DHCP Client Allows the system to automatically obtain Maybe The system will be unable to obtain Enable You can disabled this
IP addressing information, WINS server an IP address, WINS information, service if you do not use
information, routing information, and so and the like, from a DHCP server DHCP.
forth; is required to update records in and will need to be configured with
Dynamic DNS a static address.

Windows XP services that can be disabled

Service Description Safely Ramifications if disabled Suggested Special

Disable? setting Considerations

Distributed Ensures that shortcuts and OLE links Yes Link tracking will be unavailable. Disable
Link Tracking continue to work after the target file is Users on other computers won't be
Client renamed or moved by maintaining links in able to track links on this computer.
the file system

Distributed Coordinates transactions that span Yes Distributed transactions will not Disable
Transaction multiple resource managers, such as occur.
Coordinator databases, message queues, and file

DNS Client Resolves and caches DNS names, No The system will be unable to Enable Stopping this service will
allowing the system to communicate with resolve a name and will be able to result in the inability for
canonical names rather than strictly by IP communicate only via IP address. A the computer to resolve
address client may be unable to names to IP addresses.
communicate with its domain

Error Collects, stores, and reports unexpected Yes Error Reporting will occur only for Disable
Reporting application crashes to Microsoft kernel faults and some types of
user mode faults.

Event Log Allows event log messages to be viewed No Administrators won't be able to view Enable
in Event log to assist in problem logs, including the security log,
resolution increasing the difficulty of
diagnosing problems and detecting
security breaches.

Fast User Enables management for applications Yes Fast User Switching will be Disable Doesn't work in domain
Switching that require assistance in a multiple user unavailable. environments anyway.
Compatibility environment

Help and Enables Help and Support Center to run Yes The Help and Support Center will Enable
Support on this computer be unavailable.

Windows XP services that can be disabled

Service Description Safely Ramifications if disabled Suggested Special

Disable? setting Considerations

HID Input Enables generic input access to Human Maybe Hot buttons controlled by this Disable Required for some "hot
Interface Devices (HID), which activates service will no longer function. buttons" on newer
and maintains the use of predefined hot keyboards. Can be safely
buttons on keyboards, remote controls, enabled if these buttons
and other multimedia devices don't work with this
service disabled.

IMAPI CD- Manages CD recording using Image Maybe This computer will be unable to Enable This service can be
Burning COM Mastering Applications Programming record CDs. disabled if you don't have
Interface (IMAPI) a CD-RW drive in your

Indexing Indexes contents and properties of files Yes Files will not be indexed. Indexing Disable Uninstall this service if
Service on local and remote computers; provides can speed searching. you don't plan to use it.
rapid access to files through flexible
querying language

Internet Provides network address translation, Maybe Networking services such as Disable If you share your Internet
Connection - addressing, name resolution and/or Internet sharing, name resolution, connection, you must
Firewall (ICF) / intrusion prevention services for a home addressing and/or intrusion enable this service.
Sharing (ICS) or small office network prevention will be unavailable.

IPSEC Provides end-to-end security between Maybe TCP/IP security between clients Disable If you connect over an
services clients and servers on TCP/IP networks and servers on the network will be IPSec secured
impaired. connection, don't disable
this service.

Logical Disk Waits for new drives to be added and Yes New disks will not be detected by Enable Leaving this service
Manager passes required information to the LDM the system. enabled makes it easy to
administrative service; required to ensure add new drives to the
dynamic disk information is up to date system. In a very high
security environment, this
should not be allowed.

Windows XP services that can be disabled

Service Description Safely Ramifications if disabled Suggested Special

Disable? setting Considerations

Logical Disk Starts and allows configuration to take Yes None; runs only when needed. N/A Started by the Logical
Manager place when a new drive is detected or a Disk Manager service
Administrative partition/drive is configured only when needed. Do
not disable if you have
the Logical Disk Manager
Service enabled.

Machine Manages Visual Studio debugging Yes Visual Studio debugging Disable
Debug information will not be available.

Messenger Transmits net send and Alerter service Yes Alerter messages will not be Disable
messages between clients and servers. transmitted.
This service is not related to Windows

Microsoft Manages software-based volume shadow Yes Software-based volume shadow Disable Leave set at Manual if
Software copies taken by the Volume Shadow copies cannot be managed. you intend to use
Shadow Copy Copy service Windows Backup.

NetMeeting Enables an authorized user to access this Yes Remote desktop sharing will be Disable If you use NetMeeting,
Remote computer remotely by using NetMeeting unavailable. don't disable this service.
Desktop over a corporate intranet

Network Manages the network and dial-up No Network configuration will not be Enable
Connections connections for the server, including possible; new connections can't be
network status notification and created and services that need
configuration network information may fail.

Network DDE Provides network transport and security Yes DDE transport and security will be Disable
for Dynamic Data Exchange (DDE) for unavailable.
programs running on the same computer
or on different computers

Windows XP services that can be disabled

Service Description Safely Ramifications if disabled Suggested Special

Disable? setting Considerations

Network DDE Manages Dynamic Data Exchange (DDE) Yes DDE network shares will be Disable
DSDM network shares unavailable.

Network Collects and stores network configuration Maybe Services such as ICS & ICF will not Disable Enable if this computer
Location and location information and notifies function. has Internet Connection
Awareness applications when this information Sharing enabled or if you
(NLA) changes. This service is a part of ICS are using the Internet
Connection Firewall.

NT LM Allows users to log on to the network Maybe Users with versions of Windows Disable Enable this service if this
Security using NTLM prior to Windows 2000 will be computer needs to log on
Support unable to log in to the network. to pre-Windows 2000
Provider computers or domains

Performance Collects performance data for the Yes Performance information will no Disable
Logs and computer or other computers and writes it longer be logged or displayed.
Alerts to a log or displays it on the screen

Plug and Play Allows an administrator to add hardware No The system will be unstable and Enable
to a server and have the server incapable of detecting hardware
automatically detect and configure it changes.

Portable Retrieves the serial number of any Yes Protected content might not be Disable
Media Serial portable media player connected to this downloaded to the device.
Number computer

Print Spooler Manages all local and network print Maybe Printing on the local machine will be Enable Disable this service if you
queues and controls all printing jobs unavailable. don't have a printer.

Protected Protects sensitive information such as Yes Protected information will be Enable
Storage private keys from exposure except to inaccessible.
allowed persons and services

Windows XP services that can be disabled

Service Description Safely Ramifications if disabled Suggested Special

Disable? setting Considerations

QoS RSVP Provides network signaling and local, Yes QoS aware applications with either Disable Enable this service if you
traffic-control, set-up functionality for not function, or will not have their use QoS aware
(Quality of Service) QoS-aware programs complete functionality. applications.
and control applets

Remote Detects unsuccessful attempts to connect Yes Users will need to manually Enable
Access Auto to a remote network or computer and connect to other systems.
Connection provides alternative methods for
Manager connection

Remote Manages dial-up and virtual private Maybe The operating system may not Enable This service is run on
Access network (VPN) connections from this function properly. demand by the Remote
Connection computer to the Internet or other remote Access Manager
Manager networks

Remote Manages and controls Remote Yes Remote Assistance will be Disable
Desktop Help Assistance unavailable.

Remote Allows processes to communicate No The system will not boot. Don't Enable
Procedure internally and across the network with disable this service.
Call (RPC) each other

Remote Provides RPC name services similar to No Systems that are running third-party Enable
Procedure DNS services for IP utilities looking for RPC information
Call (RPC) will be unable to find it. OS
Locator components do not use this
service, but programs such as
Exchange do.

Windows XP services that can be disabled

Service Description Safely Ramifications if disabled Suggested Special

Disable? setting Considerations

Remote Provides a mechanism to remotely Maybe Remote systems will be unable to Disable Some programs require
Registry manage the system registry connect to the local registry. this functionality in order
Hfnetchk uses this mechanism. to operate.
Disabling it can affect the patch
utility's operation.

Removable Manages and catalogs removable media Yes Programs that are dependent on Enable
Storage and operates automated removable Removable Storage, such as
media devices Backup and Remote Storage, will
operate more slowly.

Routing and Enables multiprotocol LAN-to-LAN, LAN- Yes Routing and Remote Access Disable Better yet, don't install
Remote to-WAN, virtual private network (VPN), services will be unavailable. this service at all.
Access and network address translation (NAT)
routing services for clients and servers on
this network

Secondary Enables starting processes under Yes Users will be unable to use the Disable
Logon alternate credentials. If this service is "Run As" feature to elevate
stopped, this type of logon access will be privileges.

Security Stores account information for local Yes Services that rely on requests to Enable If you use don't use
Accounts security accounts, which, when started, the SAM database will not function DHCP to obtain an IP
Manager allows other services to access the SAM properly. Group Policy objects may address, this service can
not operate properly. be disabled.

Server Allows the sharing of local resources such Yes Resources can't be shared, RPC Disable This service must be
as files and printers, as well as named requests will be denied, and named enabled on Windows XP
pipe communication pipe communication will fail. computers that share files
or printers.

Shell Provides notifications for AutoPlay Yes CD-ROMs and other devices will Enable Much easier to leave this
Hardware hardware events not automatically function. enabled, and not much of
Detection a security risk.

Windows XP services that can be disabled

Service Description Safely Ramifications if disabled Suggested Special

Disable? setting Considerations

Smart Card Manages access to smart cards read by Yes This computer will be unable to Disable If you're using a smart
this computer read smart cards. card reader, enable this

Smart Card Provides support for earlier smart card Yes The computer will be unable to read Disable If you're using a smart
Helper readers attached to the computer legacy smart cards. card reader, enable this

SSDP Used to locate UPnP devices on your Yes Your computer will be unable to Disable
Discovery home network. Used in conjunction with located uPnP devices on the
Universal Plug and Play Device Host, it network.
detects and configures UPnP devices on
your home network

System Event Required to record entries in the event Yes Certain notifications will no longer Disable Leave enabled for
Notification logs; notifies COM+ subscribers about work. For example, synchronization laptops to that power
logon and power-related events won't work, as it depends on notifications are passed
connectivity information and to the user.
Network Connect/Disconnect and
Logon/Logoff notifications.

System Performs system restore functions, Yes Automatic system restoration will Disable While this service does
Restore including saving periodic checkpoints not be possible. use up some system
resources, it can be
invaluable for stand alone
machines, particularly
when a software install
goes bad.

Task Enables a user to configure and schedule Yes Tasks will not be run at their Disable
Scheduler automated tasks on this computer scheduled times.

Windows XP services that can be disabled

Service Description Safely Ramifications if disabled Suggested Special

Disable? setting Considerations

TCP/IP Required for software distribution in a Yes NetBIOS over TCP/IP clients Disable For small networks, this
NetBIOS Group Policy (may be used to distribute including Netlogon and Messenger service may be essential
Helper patches) and provides support for might stop responding. Disabling if you share files with
NetBIOS over TCP/IP and NetBIOS name may also affect the ability to share others. For larger
lookups resources. networks with central file
servers, keep disabled on

Telephony Provides Telephony API (TAPI) support Yes The function of all dependent Disable Only needed for
for clients using programs that control programs will be impaired. modem/fax modem use.
telephony devices and IP-based voice

Telnet Enables a remote user to log on to this Yes Remote user access to programs Disable
computer and run programs; supports might be unavailable.
various TCP/IP Telnet clients, including
UNIX- and Windows-based computers

Terminal Allows users to connect interactively to a Yes May make your computer Disable
Services remote computer; Remote Desktop, Fast unreliable. To prevent remote use
User Switching, Remote Assistance, and of this computer, clear the check
Terminal Server depend on this service. boxes in the Remote tab of the
System properties control panel

Themes Provides user experience theme Yes Themes cannot be used. Disable

Uninterruptibl Manages an uninterruptible power supply Yes The UPS cannot communicate with Disable
e Power (UPS) connected to the computer the computer.

Universal Plug Used in conjunction with SSDP Discovery Yes Your computer will be unable to Disable
and Play Service, it detects and configures UPnP located uPnP devices on the
Device Host devices on your home network network.

Windows XP services that can be disabled

Service Description Safely Ramifications if disabled Suggested Special

Disable? setting Considerations

Upload Manages synchronous and asynchronous Yes Certain file transfers will not take Disable
Manager file transfers between clients and servers. place.
Driver data is anonymously uploaded
from these transfers and used by
Microsoft to help users find needed
drivers. The Driver Feedback Server asks
the client's permission to upload the
computer's hardware profile and then
search the Internet for information about
how to obtain the appropriate driver or get

Volume Manages and implements volume Yes Shadow copies will be unavailable Disable Enable this service if you
Shadow Copy shadow copies used for backup and other for backup and the backup may fail. use Windows Backup on
purposes this desktop.

WebClient Enables Windows-based programs to Yes These functions will not be Disable
create, access, and modify Internet-based available.

Windows Manages audio devices for Windows- Yes Audio devices and effects will not Enable Even though it can be
Audio based programs function properly. disabled, without this
service, you will get no

Windows Provides image acquisition services for Yes Programs that require images, such Enable This service is required
Image scanners and cameras as Windows Movie Maker, won't for some scanners and
Acquisition function properly. cameras. If you don't
(WIA) have a scanner or a
camera, you can disable
this service.

Windows Adds, modifies, and removes applications Yes People can install no programs, or Enable
Installer provided as a Windows Installer (*.msi) make use of Add/Remove
package programs.

Windows XP services that can be disabled

Service Description Safely Ramifications if disabled Suggested Special

Disable? setting Considerations

Windows Provides system management No System management and Enable

Management information; required to implement performance information will be
Instrumentatio performance alerts using Performance unavailable.
n (WMI) Logs and Alerts

WMI Driver Monitors all drivers and event trace Yes (extension of WMI only) Enable
Extensions providers that are configured to publish
Windows Management Instrumentation
(WMI) or event trace information

Windows Uses NTP to keep computers in the Yes Time synchronization won't take Enable
Time domain synchronized place.

Wireless Zero Automatically configured WiFi (802.11) Maybe You will have to manually configure Disable Enable this service if
Configuration network adapters wireless networking. you're using wireless

WMI Provides performance library information Yes This service runs only when Enable
Performance from Windows Management Performance Data Helper is
Adapter Instrumentation (WMI) providers to clients activated.
on the network

Workstation Provides network connections and Yes The computer will be unable to Enable
communications using the Microsoft connect to remote Microsoft
Network services Network resources.

Scott Lowe has held a variety of jobs in the information technology field. Although he has been involved primarily in IT management and
network/systems engineering, he has also served as a DBA, help desk technician, and several other job roles. He is currently the IT
Director for Elmira College, a small private college located in Elmira, NY.

Cheat sheet: Windows XP services that can be disabled

Version history
Version: 1.0
Published: June 15, 2005

