Windows 7 RTM Services

Monday, July 27, 2009

One of the first steps I take when I finish a fresh Windows XP or Vista install is to stop and/or disable all the unnecessary services on the current machine; Windows 7 is no different. In this post I will attempt to list all Windows 7 RTM services with their default state, safe state, and my notes on the service. If you have never explored the services of a Windows system, now would be a good time to do so. In Windows 7 there are three different ways to get to the services management console:

  1. Click the Microsoft Icon on the bottom left (old start menu), type services.msc in the search box and hit enter
  2. Right click on the Computer icon either on the desktop or start menu, select manage, in the window that opens go to Services and Applications and then click on Services
  3. Open the Control Panel, double click Administrative Tools (need to be in large or small icon view) and double click services

You should now see a list of services: the name, description, startup type, status, and log on as account. You may double click a service to bring up the options for it as well as read a description. I recommend you become familiar with a service before changing anything.

By default Microsoft sets many of these services to start automatically. This is done to ensure the Windows install works on a typical deployment. However running services that you do not need to run automatically can be a security risk as well as have the ability to slow down your system. One of the issues with Windows Vista was the number of services running by default and their unsecure state. Thankfully, Windows 7 has less of these unnecessary services starting by default. Windows 7 also has some new services that Vista or XP did not have and therefore I have created this list of all the services, their default state in Windows 7 RTM Ultimate 64 bit, their safe state, and my notes to assist you in deciding whether to set it to manual or disable. Keep in mind that the safe state will usually be Manual as Windows will still be able to start the service if needed. If you set the service to disable, it will not be able to start and you might encounter issues. Additionally the state that you should set the services varies depending on the purpose of the machine. An example would be a machine that does not have a printer would not need Printer Spooler enabled; if you disable this on a machine with a printer you will not be able to print.

Display Name

Service Name

Default

Safe Setting

Notes

ActiveX Installer (AxInstSV)

AxInstSV

Manual

Manual

Do not disable! This is for your own safety.

Adaptive Brightness

SensrSvc

Manual

Manual

Disable if no ambient light sensor on machine

Application Experience

AeLookupSvc

Manual (Started)

Manual

Application Host Helper Service

AppHostSvc

Not Installed

Not Installed

Application Identity

AppIDSvc

Manual

Manual

Application Information

Appinfo

Manual (Started)

Manual

Application Layer Gateway Service

ALG

Manual

Manual

Application Management

AppMgmt

Manual

Manual

ASP.NET State Service

aspnet_state

Not Installed

Not Installed

Background Intelligent Transfer Service

BITS

Manual

Manual

Used for Windows Updates

Base Filtering Engine

BFE

Automatic (Started)

Automatic

BitLocker Drive Encryption Service

BDESVC

Manual

Manual

Used for encyrption

Block Level Backup Engine Service

wbengine

Manual

Manual

Bluetooth Support Service

bthserv

Manual

Manual

Disable if no Bluetooth devices

BranchCache

PeerDistSvc

Manual

Manual

Disable if not on a network

Certificate Propagation

CertPropSvc

Manual

Disabled *

Disable if no smart card

Client for NFS

NfsClnt

Not Installed

Not Installed

CNG Key Isolation

KeyIso

Manual

Manual

COM+ Event System

EventSystem

Automatic (Started)

Automatic

COM+ System Application

COMSysApp

Manual (Started)

Manual

Computer Browser

Browser

Manual

Manual

If computer is not connected to a network

Credential Manager

VaultSvc

Manual

Manual

Cryptographic Services

CryptSvc

Automatic (Started)

Automatic

DCOM Server Process Launcher

DcomLaunch

Automatic (Started)

Automatic

Desktop Window Manager Session Manager

UxSms

Automatic (Started)

Automatic

DHCP Client

Dhcp

Automatic (Started)

Automatic

Can disable if static IP

Diagnostic Policy Service

DPS

Automatic (Started)

Automatic

Diagnostic Service Host

WdiServiceHost

Manual (Started)

Manual

Diagnostic System Host

WdiSystemHost

Manual (Started)

Manual

Disk Defragmenter

defragsvc

Manual

Manual

Distributed Link Tracking Client

TrkWks

Automatic (Started)

Disabled *

Disable if not on a network

Distributed Transaction Coordinator

MSDTC

Manual (Started)

Manual

DNS Client

Dnscache

Automatic (Started)

Automatic

Can disable if static DNS

Encrypting File System (EFS)

EFS

Manual

Manual

Extensible Authentication Protocol

EapHost

Manual

Manual

Fax

Fax

Manual

Manual

What is a fax?

Function Discovery Provider Host

fdPHost

Manual

Manual

Function Discovery Resource Publication

FDResPub

Automatic (Started)

Automatic

Group Policy Client

gpsvc

Automatic (Started)

Automatic

For corporate networks with AD

Health Key and Certificate Management

hkmsvc

Manual

Manual

HomeGroup Listener

HomeGroupListener

Manual

Manual

For home networks

HomeGroup Provider

HomeGroupProvider

Manual

Manual

For home networks

Human Interface Device Access

hidserv

Manual

Manual

IIS Admin Service

IISADMIN

Not Installed

Not Installed

IKE and AuthIP IPsec Keying Modules

IKEEXT

Manual

Manual

Indexing Service

CISVC

Not Installed

Not Installed

Slowed down Vista

Interactive Services Detection

UI0Detect

Manual

Manual

Internet Connection Sharing (ICS)

SharedAccess

Disabled

Disabled

Keep disabled unless your machine is a gateway

IP Helper

iphlpsvc

Automatic (Started)

Automatic

If no IPv6 you can disable

IPsec Policy Agent

PolicyAgent

Manual

Manual

KtmRm for Distributed Transaction Coordinator

KtmRm

Manual

Manual

Link-Layer Topology Discovery Mapper

lltdsvc

Manual

Manual

LPD Service

LPDSVC

Not Installed

Not Installed

Media Center Extender Service

Mcx2Svc

Disabled

Disabled

Message Queuing

MSMQ

Not Installed

Not Installed

Message Queuing Triggers

MSMQTriggers

Not Installed

Not Installed

Microsoft .NET Framework NGEN v2.0.50727

clr_optimization_v2.0.50727

Manual

Manual

Microsoft FTP Service

ftpsvc

Not Installed

Not Installed

Microsoft iSCSI Initiator Service

MSiSCSI

Manual

Disabled *

Disable unless you have iSCSI

Microsoft Software Shadow Copy Provider

swprv

Manual

Manual

Multimedia Class Scheduler

MMCSS

Automatic (Started)

Automatic

Net.Msmq Listener Adapter

NetMsmqActivator

Not Installed

Not Installed

Net.Pipe Listener Adapter

NetPipeActivator

Not Installed

Not Installed

Net.Tcp Listener Adapter

NetTcpActivator

Not Installed

Not Installed

Net.Tcp Port Sharing Service

NetTcpPortSharing

Disabled

Disabled

Netlogon

Netlogon

Manual

Disabled *

Disable if not in a corporate network

Network Access Protection Agent

napagent

Manual

Disabled *

Disable if not in a corporate network

Network Connections

Netman

Manual (Started)

Manual

Network List Service

netprofm

Manual (Started)

Manual

Network Location Awareness

NlaSvc

Automatic (Started)

Automatic

Network Store Interface Service

nsi

Automatic (Started)

Automatic

Offline Files

CscService

Automatic (Started)

Disabled *

Can disable if not using offline files

Parental Controls

WPCSvc

Manual

Disabled *

Can disable if not using

Peer Name Resolution Protocol

PNRPsvc

Manual

Manual

Peer Networking Grouping

p2psvc

Manual

Manual

Peer Networking Identity Manager

p2pimsvc

Manual

Manual

Performance Logs & Alerts

pla

Manual

Manual

Plug and Play

PlugPlay

Automatic (Started)

Automatic

PnP-X IP Bus Enumerator

IPBusEnum

Manual

Manual

PNRP Machine Name Publication Service

PNRPAutoReg

Manual

Manual

Portable Device Enumerator Service

WPDBusEnum

Manual (Started)

Manual

Power

Power

Automatic (Started)

Automatic

Print Spooler

Spooler

Automatic (Started)

Automatic

Can disable if no printer

Problem Reports and Solutions Control Panel Support

wercplsupport

Manual

Manual

Program Compatibility Assistant Service

PcaSvc

Manual

Manual

Protected Storage

ProtectedStorage

Manual

Manual

Quality Windows Audio Video Experience

QWAVE

Manual

Manual

Remote Access Auto Connection Manager

RasAuto

Manual

Manual

Remote Access Connection Manager

RasMan

Manual

Manual

Remote Desktop Configuration

SessionEnv

Manual

Manual

Remote Desktop Services

TermService

Manual

Manual

Remote Desktop Services UserMode Port Redirector

UmRdpService

Manual

Manual

Remote Procedure Call (RPC)

RpcSs

Automatic (Started)

Automatic

Remote Procedure Call (RPC) Locator

RpcLocator

Manual

Manual

Remote Registry

RemoteRegistry

Manual

Disabled *

Should disable

RIP Listener

iprip

Not Installed

Not Installed

Routing and Remote Access

RemoteAccess

Disabled

Disabled

RPC Endpoint Mapper

RpcEptMapper

Automatic (Started)

Automatic

SeaPort

SeaPort

Not Installed

Not Installed

Secondary Logon

seclogon

Manual

Manual

Disable if only one user

Secure Socket Tunneling Protocol Service

SstpSvc

Manual

Manual

Security Accounts Manager

SamSs

Automatic (Started)

Automatic

Security Center

wscsvc

Automatic (Delayed Start, Not Started)

Automatic (Delayed Start)

Server

LanmanServer

Automatic (Started)

Automatic

Shell Hardware Detection

ShellHWDetection

Automatic (Started)

Automatic

Simple TCP/IP Services

simptcp

Not Installed

Not Installed

Smart Card

SCardSvr

Manual

Disabled *

Disable if no smart card

Smart Card Removal Policy

SCPolicySvc

Manual

Disabled *

Disable if no smart card

SNMP Service

SNMP

Not Installed

Not Installed

SNMP Trap

SNMPTRAP

Manual

Disabled *

Disable if not using SNMP

Software Protection

sppsvc

Automatic (Delayed Start, Not Started)

Automatic (Delayed Start)

SPP Notification Service

sppuinotify

Manual

Manual

SSDP Discovery

SSDPSRV

Manual (Started)

Manual

Superfetch

SysMain

Automatic (Started)

Automatic

System Event Notification Service

SENS

Automatic (Started)

Automatic

Tablet PC Input Service

TabletInputService

Manual

Manual

Disable if not on tablet

Task Scheduler

Schedule

Automatic (Started)

Automatic

TCP/IP NetBIOS Helper

lmhosts

Automatic (Started)

Automatic

Telephony

TapiSrv

Manual

Manual

Telnet

TlntSvr

Not Installed

Not Installed

Themes

Themes

Automatic (Started)

Automatic

Thread Ordering Server

THREADORDER

Manual

Manual

TPM Base Services

TBS

Manual

Manual

UPnP Device Host

upnphost

Manual

Manual

User Profile Service

ProfSvc

Automatic (Started)

Automatic

Virtual Disk

vds

Manual

Manual

Volume Shadow Copy

VSS

Manual

Manual

Used for system restore. Disable if backing up via different method.

Web Management Service

WMSVC

Not Installed

Not Installed

WebClient

WebClient

Manual

Manual

If disabled you cannot surf the web

Windows Audio

AudioSrv

Automatic (Started)

Automatic

Windows Audio Endpoint Builder

AudioEndpointBuilder

Automatic (Started)

Automatic

Windows Backup

SDRSVC

Manual

Manual

Disable if you do not backup

Windows Biometric Service

WbioSrvc

Manual

Manual

Disable if no biometric device

Windows CardSpace

idsvc

Manual

Manual

Windows Color System

WcsPlugInService

Manual

Manual

Windows Connect Now - Config Registrar

wcncsvc

Manual

Manual

Windows Defender

WinDefend

Automatic (Delayed Start, Not Started)

Automatic (Delayed Start)

Windows Driver Foundation - User-mode Driver Framework

wudfsvc

Manual

Manual

Windows Error Reporting Service

WerSvc

Manual

Manual

Disable if you do not want Windows error reports

Windows Event Collector

Wecsvc

Manual

Manual

Windows Event Log

EventLog

Automatic (Started)

Automatic

Windows Firewall

MpsSvc

Automatic (Started)

Automatic

Disable if using third party firewall

Windows Font Cache Service

FontCache

Manual

Manual

Windows Image Acquisition (WIA)

stisvc

Manual

Manual

Windows Installer

msiserver

Manual

Manual

Will not be able to install anything if disabled

Windows Live Family Safety

fsssvc

Not Installed

Not Installed

Additional component to parental controls

Windows Management Instrumentation

Winmgmt

Automatic (Started)

Automatic

Windows Media Center Receiver Service

ehRecvr

Manual

Manual

Disable if you do not share media via Windows Media Player

Windows Media Center Scheduler Service

ehSched

Manual

Manual

Disable if you do not share media via Windows Media Player

Windows Media Player Network Sharing Service

WMPNetworkSvc

Manual (Started)

Disabled *

Disable if you do not share media via Windows Media Player

Windows Modules Installer

TrustedInstaller

Manual

Manual

Windows Presentation Foundation Font Cache 3.0.0.0

FontCache3.0.0.0

Manual

Manual

Windows Process Activation Service

WAS

Not Installed

Not Installed

Windows Remote Management (WS-Management)

WinRM

Manual

Manual

Windows Search

WSearch

Automatic (Delayed Start, Started)

Disabled

Disable to increase speed and do not search on the desktop

Windows Time

W32Time

Manual

Manual

Disable if you do not want to update the time with a server

Windows Update

wuauserv

Automatic (Delayed Start, Not Started)

Automatic (Delayed Start)

Disable if you do not want Windows updates (bad idea)

WinHTTP Web Proxy Auto-Discovery Service

WinHttpAutoProxySvc

Manual (Started)

Manual

Wired AutoConfig

dot3svc

Manual

Manual

For ethernet 802.1X authentication

WLAN AutoConfig

Wlansvc

Manual

Manual

Disable if no wireless LAN adapter

WMI Performance Adapter

wmiApSrv

Manual

Manual

Workstation

LanmanWorkstation

Automatic (Started)

Automatic

Do not disable

World Wide Web Publishing Service

W3SVC

Not Installed

Not Installed

Install to run a webserver

WWAN AutoConfig

WwanSvc

Manual

Manual

Disable if no wireless broadband adapter

I hope this can assist you in securing your Windows 7 machine and gives a slightly better understanding of the services in Windows 7. In my opinion the default state of most of these services are set correctly to assist in compatiability with systems, however a good system administrator will need to tweak these to make their system secure and slightly quicker. As always please do not hesitate to comment with questions or opinions.

Till Next Time,

Jorge Orchilles

Comments

2 Responses to “Windows 7 RTM Services”
Post a Comment | Post Comments (Atom)

stoneface said...

webclient service is NOT needed to 'surf the web.'

August 4, 2009 at 2:21 PM
Halla Abin said...