Windows xp services

1,095 views

Published on

Windows xp services

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,095
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Windows xp services

  1. 1. Windows XP ServicesA list of all the standard services [update: SP 2 defaults are shown in Green] DefaultServiceNa Service Process Description Status &me (Key) notesAlerter Alerter Services.exe Distribute Manual. administrative May be [HKLMSYSTEM alerts to specific disabled if CurrentControlSet users or machines. the alerts ServicesAlerterPara are not meters] e.g. Performance needed. Monitor thresholds [HKLMSYSTEM are distributed as CurrentControlSet alerts. ServicesSysmonLog Log Requires the Queries<alertname>] Messenger and Workstation services to be started.Application ALG alg.exe Support for Internet ManualLayer ConnectionGateway Sharing and theService Internet Connection FirewallApplication appmgt Services.exe or Installation ManualManageme svchost.exe servicesnt (Add/Remove Programs) - Assign, Publish, and Remove.Automatic wuaUserv svchost.exe -k Enable the Automatic.Updates wugroup download and If the installation of service is critical Windows stopped, updates. the operating system can be
  2. 2. manually updated at the Windows Update Web site.Background BITS svchost.exe -k Transfer files using AutomaticIntelligent BITSgroup idle network switch toTransfer bandwidth, manual ifService maintain file you have transfers through problems - network Q314862 disconnections and computer restarts.Clipbook Clipsrv Clipsrv.exe Provides support DisabledServer for the Clipbook Viewer, which allows the clipboard of the source machine to be accessed remotely.COM+ Event svchost.exe -k netsvcs Automatic ManualEvent System distribution ofSystem events to subscribing COM components.Computer Browser Services.exe Collects the names Automatic.Browser of NetBIOS resources on the If the network, creating a machine is list so that it can not participate as a connected master browser or to a LAN basic browser (one (stand- that takes part in alone), or browser elections). will not participate This maintained list as a of resources master (computers) is browser or displayed in take part in Network elections,
  3. 3. Neighborhood and then feel Server Manager. If free to disabled you can change the still map drives, but status to cant browse the manual (or whole network. disabled) This does not equate to disabling TCP/IP so internet browsing is still possible.Cryptograp CryptSvc svchost.exe Management of Automatichic Services Certification Authority certificates. Driver Catalog Database, Protected Root and Key certificate Services.DCOM DcomLaunc svchost.exe Launch DCOM AutomaticServer h servicesProcessLauncherDHCP Dhcp Services.exe or Manage network AutomaticClient svchost.exe configuration by On a registering and stand- updating IP alone addresses and machine: DNS names. DisableDistributed TrkWks Services.exe or Send notification of AutomaticLink svchost.exe files moving Can be setTracking between NTFS to manualClient volumes in a if you dont network domain. need this function.Distributed msdtc MSDTC.exe Coordinate ManualTransaction transactions that Can be setCoordinator are distributed to Disabled
  4. 4. across two or more if you dont databases, need this message queues, function. file systems, or other transaction protected resource managers.DNS Client Dnscache Services.exe Resolves and Automatic caches Domain Name System (DNS) names.Directory Replicator Lmrepl.exe Replicate specified AutomaticReplicator files & folders(Server between Domainonly) computers. Controllers The host is the need this export server, and to replicate the target the machines are Netlogon called import share. computers. Replication is configured under Server in the Control Panel.Error Ersvc svchost.exe Report errors back AutomaticReporting to Microsoft in If youService Redmond. never want to report system crash info. to Microsoft set this to disabled.EventLog EventLog Services.exe Record System, Automatic Security, and Application Events. Viewed with the MMC Event Viewer (eventvwr.exe in NT).
  5. 5. FastUserSwitchingFast User Compatibility svchost.exe Enable multiple ManualSwitching users to login toCompatibilit the same PCy simultaneously.Fax Service Fax faxsvc.exe Send and receive Automatic faxes or ManualHelp and helpsvc svchost.exe Help and Support Automatic.Support Center If stopped the help system will stop working.Human HidServ svchost.exe Support for extra DisabledInterface keyboard hotDevice buttons and otherAccess multimedia input devices.HTTP SSL HTTPFilter svchost.exe Support for HTTPS Manual (Secure Socket Layer) websites such as banking and e-commerce.IMAPI CD- ImapiServic imapi.exe CD-Rom Burning ManualBurning e If you haveCOM problemsService changing to Automatic may help.Indexing cisvc cisvc.exe Index the contents ManualService and properties of For files on local and improved remote computers. performanc [ RESOURCE e Disable HOG ] or Uninstall thru C.Panel add/remov eIPSEC PolicyAgent lsass.exe Manage IP security Automatic
  6. 6. Policy policy and starts May beAgent the changed to ISAKMP/Oakley Manual if (IKE) and the IP IPSec is security driver. not needed.License LicenseServ Llssrv.exe License tracking on If disabledLogging ice a server or DC thenService (Domain licensing(Server) Controller). status alerts will not be generated.Logical Disk Dmserver services.exe or Required by the AutomaticManager svchost.exe MMC Disk Management plug- in.Logical Disk Dmadmin dmadmin.exe /com Administrative ManualManager service for diskAdministrati managementve Service requestsMessage mqsvc.exe Message QueuingQueuingMessage mqtgsvc.exe Message QueuingQueuingTriggersMS swprv dllhost.exe Microsoft Backup ManualSoftware Utility Disable ifShadow you neverCopy useProvider ShadowService Copy features.Messenger Messenger Services.exe Process the receipt Disabled or delivery of pop- vulnerabilit up messages sent y once via NET SEND. used to Not related to send pop- Windows up spam. Messenger
  7. 7. Network Netman svchost.exe -k netsvcs Manage objects in ManualConnection the Network ands Dial-Up Connections folder (LAN and remote connections.)Net Logon Netlogon Lsass.exe Network Automatic (Local Security Authentication: For stand- Authority Subsystem) maintains a synced alone domain directory machines database between never the PDC and connected BDC(s), handles to a authentication of domain set respective to Manual. accounts on the DCs, and authenticates domain accounts on networked machines.NetMeeting Nmnsrvc mnmsrvc.exe Allows authorized Manual.Remote people to remotely A goodDesktop access your idea toSharing Windows desktop Disable using NetMeeting. unless you plan to allow remote connection s.Network NetDDE Netdde.exe Support the DisabledDDE network transport of DDE (Dynamic Data Exchange) connections. Requires Network DDE DSDM to be started. See Clipbook serviceNetwork NetDDEdsd Netdde.exe Manage shared DisabledDDE DSDM m DDE conversations (from shares like:
  8. 8. computernamend de$). See Clipbook serviceNLA - nla svchost.exe Part of Internet ManualNetwork ConnectionLocation Sharing (ICS) andAwareness the Internet Connection Firewall (ICF)Network xmlprov svchost.exe Manage XML ManualProvisioning configuration filesService on a domain basisNT LM NtLmSsp Services.exe Extends NT ManualSecurity security to RemoteSupport Procedure CallProvider (RPC) programs using various transports other than named pipes. RPC activity is quite common, and most RPC apps dont use named pipes.Performanc sysmonLog smlogsvc.exe Configure Manual.e Logs and performance logs May beAlerts (XP) and alerts. disabled if the alertsAlerts and are notPerformanc needed.e Logs (Win2K)Plug and PlugPlay Services.exe Plug and Play. AutomaticPlay Do not disable this service.Universal UPNPhost svchost.exe Device Host detect ManualPlug and and configurePlay Host external UPnP devices. UPnP<>PnP
  9. 9. Portable WmdmPmS svchost.exe Retrieves the serial ManualMedia N number of any Disable ifSerial portable media you neverNumber player connected use DRMService to this computer. music devices.Print Spooler Spoolsv.exe The NT printing Automatic -Spooler or (Spoolss.exe in NT4) subsystem. If you printSpooler documents . If no printing is ever done set to manual (or disabled) Restarting this service will cancel all pending print jobs. ProtectedStorageProtected Pstores.exe Encrypt and store Automatic.Storage secure info: SSL certificates, passwords for Outlook, Outlook Express, Profile Assistant, MS Wallet, and digitally signed S/MIME keys.QoS RSVP rsvp rsvp.exe -s Provide network Manual signaling and local traffic control setup functionality for QoS-aware programs and control applets.Remote Rasauto svchost.exe -k netsvcs Activates ManualAccess automatic dial-up May beAuto when a URL link is disabled if
  10. 10. Connection clicked. theManager machineor Required for some has noRemote but not all RAS, internetAccess ADSL or Cable access.AutoDial connections.ManagerRemote Rasman svchost.exe -k netsvcs Required for most Manual.Access but not all RAS, RequiredConnection ADSL or Cable for InternetManager connections. Connection Sharing or accessing remote servers via RAS.Remote RDSessMgr sessmgr.exe Remote Desktop ManualDesktop Help Session May beHelp Manager. disabled ifSession RDP isManager never used.Remote RpcSs svchost -k rpcss This RPC AutomaticProcedure subsystem isCall (RPC) crucial to the Do notService operations of any disableor RPC activitiesRemote taking place on a ManyProcedure system (e.g. essentialCall (RPC) DCOM) services are dependent on RPC.Remote RpcLocator Locator.exe Maintain the RPC Manual.Procedure name serverCall (RPC) database, requiresLocator the RPC service (below) to be started. Database of available server applications.Remote RemoteRegi regsvc.exe Allow remote Automatic
  11. 11. Registry stry registry A goodService (XP manipulation. idea toPro only) disable this, unless you have some reason to allow remote registry editing.Removable Ntmssvc svchost.exe -k netsvcs Manage removable Manual.Storage media, drives, and libraries.RIP Listen for RIP To use theListener announcements RIP(XP - from routers and Listeneroption) modify the routing service, table accordingly. your adjacent routers must support the RIP v1 protocol. Youll find the RIP Listener service under Add/Remo ve Windows Componen ts - Networking Services.Routing and RemoteAcc svchost.exe -k netsvcs Allow incoming DisabledRemote ess connections viaAccess dial in or VPN. (WAN Routing)Secondary secLogon services.exe or Enables starting AutomaticLogon (Win svchost.exe processes under You may
  12. 12. XP) alternate want toRunAs (Win credentials. stop this2K) service if you never use RunAsSecurity SamSs lsass.exe Stores security AutomaticAccounts information forManager local user(Win 2K) accounts.Security wscsvc svchost.exe Monitor system AutomaticCenter security settings You may and configurations. want to disable this if firewall and virus updates are controlled via other means.Server LanmanServ Services.exe Support for peer-to Automatic er peer file sharing, May be print sharing, and disabled if named pipe you dont sharing via SMB host file or services. print shares. (Admin$ shares) ShellHWDetectionShell svchost.exe CD Autoplay Automatic.HardwareDetectionSmart Card ScardSrv SCardSvr.exe Manages and Manual controls access to If you a smart card never use inserted into a smart smart card reader cards, attached to the Disable computer.Smart Card ScardDrv SCardSvr.exe legacy smart card RemovedHelper readers in XP SP2
  13. 13. SNMP Snmp snmp.exe Agents that AutomaticService monitor the activity (if installed) in network devices and report to the network console workstation.SSDP SSDPSRV svchost.exe Simple Service ManualDiscovery Discovery Protocol. May beService Enables discovery disabled if of UPnP devices on as is likely your home network you dont have any UPnP devices)System SENS svchost.exe -k netsvcs Track system Automatic.Event events such asNotification Windows logon, network, and power events. Notifiy COM+ Event System subscribers of these events.System srservice svchost.exe Creates system AutomaticRestore snap shots.Service [ RESOURCE If the HOG ] machines configurati on has been cloned/bac ked up - turn off System Restore in Control Panel, System.Task Schedule atsvc.exe or This service is AutomaticScheduler mstask.exe required toor Schedule schedule background tasks (run at a specific
  14. 14. date & time) Under NT its a Resource Hog. Under XP its used by some auto- tuning operations.TCP/IP lmHosts Services.exe Support for name AutomaticNetBIOS resolution in a If notHelper Windows 2000 requiredor domain. may be setTCP/IP (Netbios/Wins) to manual.NetBIOS An alternative toHelper DNS lookup.ServiceTelephony TapiSrv Tapisrv.exe Telephony API Manual (TAPI) support for programs that control telephony devices and IP based voice connections. e.g unimodem modems.Telnet TlntSvr tlntsvr.exe Allows a remote Disabled(Win 2K) user to log on to Very the system and run insecure, console programs presents a using the security command line. risk when running.Terminal TermServic svchost.exe Required for Fast ManualServices e User Switching, If not Remote Desktop required and Remote may be Assistance DisabledThemes Themes svchost.exe XP Active Desktop Automatic Themes, and quick Set to launch toolbars Manual or [ RESOURCE Disabled if HOG ] you dont like
  15. 15. themes.UPS or UPS Ups.exe Support for an ManualUninterrupti Uninteruptable Not everyble Power Power Supply UPS willSupply (UPS) physically need or connected to the use this machine. service.Universal UPNPhost svchost.exe Device Host detect ManualPlug and and configurePlay Host external UPnP devices. UPnP<>PnPUpload uploadmgr svchost.exe Upload Manager. RemovedManager in XP SP2Volume VSS vssvc.exe MS Backup - A ManualShadow volume shadow If notCopy copy is a picture of required the volume at a may be particular moment disabled in time. That see MS means a computer Software can be backed up Shadow while files are open Copy and applications Provider running. ServiceWebClient WebClient svchost.exe Allow access to Automatic web-resident disk If not storage from an required ISP. WebDAV may be "internet disks" disabled such as Apples iDisk.Windows AudioSrv svchost.exe Sound Driver AutomaticAudio Note that disabling If no sound the sound driver card fitted wont stop sounds then from playing - you disable. just wont hear them.Windows SharedAcce svchost.exe -k netsvcs Network address Automatic.Firewall (XP ss translation, For better
  16. 16. SP2) addressing, and protection name resolution considerInternet services for all adding aConnection computers on your third partyFirewall home network firewall.(XP) through a dial-up connection.InternetConnectionSharing(Win 2K)Windows stisvc svchost.exe Required for some ManualImage but not allAcquisition cameras, scanners, and digital video cameras.Windows MSIServer MsiExec.exe /V Install, repair and ManualInstaller remove software according to instructions contained in .MSI files.Windows WinMgmt C:WINNTSystem32 WMI provides AutomaticManageme WBEMWinMgmt.exe systemnt managementInstrumenta information.tionWindows Wmi svchost.exe Provides systems ManualManageme managementnt information to andInstrumenta from drivers.tion DriverExtensionsWindows W32time services.exe Update the AutomaticTime computer clock by reference to an internet time source or a time server.Wireless WZCSVC svchost.exe Configure wireless Automatic
  17. 17. Zero network devices disable ifConfiguratio (802.11a/b/g). you dontn have any wireless devices.WMI WmiApSrv wmiapsrv.exe Collect ManualPerformanc performance librarye Adapter information. lanmanworkstationWorkstation Services.exe Communications Automatic and network connections. Services dependent on this being started: Alerter, Messenger, and Net Logon.Before changing any of the defaults - use the links above to find what exactly theservice does. The Elder Geek also has some good advice about services.It is inadvisable to disable a service without being aware of the consequences, alwaysstart by setting the service to manual, reboot and test for any problems.A service set to manual may be automatically restarted if another service is dependenton it.A service set to disabled will not restart even if its required to boot the machine!Stopping or disabling a service will generally save a small amount of memory and willreduce the number of software interrupts (cpu message queue.) The main reason fortinkering with services is to harden the system against security vulnerabilities. Disableeverything that you dont need or use - then any future problems with those servicescannot affect the machine.To document all the services currently installed:SC QUERY state= all |findstr "DISPLAY_NAME STATE">my_services.csvSome XP services communicate and send data directly to Microsoft, this is notgenerally something to lose sleep over. Managing the running of these services may bea consideration if confidentiality/anonymity is highly important to you.Removing a service completely
  18. 18. To delete a service, you may be tempted to hack the registry settings under(HKLM/SYSTEM/CurrentControlSet/Services) this is not a reliable or recommendedmethod, far better is to use the SC command:SC delete NameofServiceTodeleteEnable or Disable PortsMany services and applications rely on the use of a specific PORT - to determine if aparticular port is enabled for use, review the list of Service names and port numbersheld in the "services" file (windowssystem32driversetcservices)Installing a good firewall is the easiest way to manage this."The service we render to others is really the rent we pay for our room on this earth. It isobvious that man is himself a traveler; that the purpose of this world is not to have andto hold but to give and serve. There can be no other meaning." - Sir Wilfred T. GrenfellRelated:SC - Service ControlTASKLIST - List running tasks and servicesWinMSD - List running servicesServiceStatus.ps1 - List all services (Powershell)Safe Mode - Press F8 during bootup to start with mimimal services running.Recovery - The Recovery ConsoleWMIC SERVICE - WMI access to servicesDRIVERQUERY - display device drivers and properties (Resource Kit)DComCnfg - Disable/configure DCOMMicrosoft.com - WinXP services - default settingsMicrosoft.com - Win2003 services - 138 page Word DocMicrosoft.com - Managing System Services.doc - 2003The Elder Geek - Services GuideThe Register - Part 1 & 2 - Review of Win XP ServicesSysinternals - how to disable every serviceSecurityFocus - Securing Windows ServicesWikipedia - Windows serviceQ137890 - SRVANY - create a User-Defined ServiceQ288129 - Grant users the right to manage servicesQ263201 - Default ProcessesQ244905 - How to disable a service at bootQ314056 - What is SvcHostQ825826 - Troubleshoot missing network connection icons

×