One of the first steps I take when I finish a fresh Windows XP or Vista install is to stop and/or disable all the unnecessary services on the current machine; Windows 7 is no different. In this post I will attempt to list all Windows 7 RTM services with their default state, safe state, and my notes on the service. If you have never explored the services of a Windows system, now would be a good time to do so. In Windows 7 there are three different ways to get to the services management console:
- Click the Microsoft Icon on the bottom left (old start menu), type services.msc in the search box and hit enter
- Right click on the Computer icon either on the desktop or start menu, select manage, in the window that opens go to Services and Applications and then click on Services
- Open the Control Panel, double click Administrative Tools (need to be in large or small icon view) and double click services
You should now see a list of services: the name, description, startup type, status, and log on as account. You may double click a service to bring up the options for it as well as read a description. I recommend you become familiar with a service before changing anything.
By default Microsoft sets many of these services to start automatically. This is done to ensure the Windows install works on a typical deployment. However running services that you do not need to run automatically can be a security risk as well as have the ability to slow down your system. One of the issues with Windows Vista was the number of services running by default and their unsecure state. Thankfully, Windows 7 has less of these unnecessary services starting by default. Windows 7 also has some new services that Vista or XP did not have and therefore I have created this list of all the services, their default state in Windows 7 RTM Ultimate 64 bit, their safe state, and my notes to assist you in deciding whether to set it to manual or disable. Keep in mind that the safe state will usually be Manual as Windows will still be able to start the service if needed. If you set the service to disable, it will not be able to start and you might encounter issues. Additionally the state that you should set the services varies depending on the purpose of the machine. An example would be a machine that does not have a printer would not need Printer Spooler enabled; if you disable this on a machine with a printer you will not be able to print.
Display Name | Service Name | Default | Safe Setting | Notes |
ActiveX Installer (AxInstSV) | AxInstSV | Manual | Manual | Do not disable! This is for your own safety. |
Adaptive Brightness | SensrSvc | Manual | Manual | Disable if no ambient light sensor on machine |
Application Experience | AeLookupSvc | Manual (Started) | Manual | |
Application Host Helper Service | AppHostSvc | Not Installed | Not Installed | |
Application Identity | AppIDSvc | Manual | Manual | |
Application Information | Appinfo | Manual (Started) | Manual | |
Application Layer Gateway Service | ALG | Manual | Manual | |
Application Management | AppMgmt | Manual | Manual | |
ASP.NET State Service | aspnet_state | Not Installed | Not Installed | |
Background Intelligent Transfer Service | BITS | Manual | Manual | Used for Windows Updates |
Base Filtering Engine | BFE | Automatic (Started) | Automatic | |
BitLocker Drive Encryption Service | BDESVC | Manual | Manual | Used for encyrption |
Block Level Backup Engine Service | wbengine | Manual | Manual | |
Bluetooth Support Service | bthserv | Manual | Manual | Disable if no Bluetooth devices |
BranchCache | PeerDistSvc | Manual | Manual | Disable if not on a network |
Certificate Propagation | CertPropSvc | Manual | Disabled * | Disable if no smart card |
Client for NFS | NfsClnt | Not Installed | Not Installed | |
CNG Key Isolation | KeyIso | Manual | Manual | |
COM+ Event System | EventSystem | Automatic (Started) | Automatic | |
COM+ System Application | COMSysApp | Manual (Started) | Manual | |
Computer Browser | Browser | Manual | Manual | If computer is not connected to a network |
Credential Manager | VaultSvc | Manual | Manual | |
Cryptographic Services | CryptSvc | Automatic (Started) | Automatic | |
DCOM Server Process Launcher | DcomLaunch | Automatic (Started) | Automatic | |
Desktop Window Manager Session Manager | UxSms | Automatic (Started) | Automatic | |
DHCP Client | Dhcp | Automatic (Started) | Automatic | Can disable if static IP |
Diagnostic Policy Service | DPS | Automatic (Started) | Automatic | |
Diagnostic Service Host | WdiServiceHost | Manual (Started) | Manual | |
Diagnostic System Host | WdiSystemHost | Manual (Started) | Manual | |
Disk Defragmenter | defragsvc | Manual | Manual | |
Distributed Link Tracking Client | TrkWks | Automatic (Started) | Disabled * | Disable if not on a network |
Distributed Transaction Coordinator | MSDTC | Manual (Started) | Manual | |
DNS Client | Dnscache | Automatic (Started) | Automatic | Can disable if static DNS |
Encrypting File System (EFS) | EFS | Manual | Manual | |
Extensible Authentication Protocol | EapHost | Manual | Manual | |
Fax | Fax | Manual | Manual | What is a fax? |
Function Discovery Provider Host | fdPHost | Manual | Manual | |
Function Discovery Resource Publication | FDResPub | Automatic (Started) | Automatic | |
Group Policy Client | gpsvc | Automatic (Started) | Automatic | For corporate networks with AD |
Health Key and Certificate Management | hkmsvc | Manual | Manual | |
HomeGroup Listener | HomeGroupListener | Manual | Manual | For home networks |
HomeGroup Provider | HomeGroupProvider | Manual | Manual | For home networks |
Human Interface Device Access | hidserv | Manual | Manual | |
IIS Admin Service | IISADMIN | Not Installed | Not Installed | |
IKE and AuthIP IPsec Keying Modules | IKEEXT | Manual | Manual | |
Indexing Service | CISVC | Not Installed | Not Installed | Slowed down Vista |
Interactive Services Detection | UI0Detect | Manual | Manual | |
Internet Connection Sharing (ICS) | SharedAccess | Disabled | Disabled | Keep disabled unless your machine is a gateway |
IP Helper | iphlpsvc | Automatic (Started) | Automatic | If no IPv6 you can disable |
IPsec Policy Agent | PolicyAgent | Manual | Manual | |
KtmRm for Distributed Transaction Coordinator | KtmRm | Manual | Manual | |
Link-Layer Topology Discovery Mapper | lltdsvc | Manual | Manual | |
LPD Service | LPDSVC | Not Installed | Not Installed | |
Media Center Extender Service | Mcx2Svc | Disabled | Disabled | |
Message Queuing | MSMQ | Not Installed | Not Installed | |
Message Queuing Triggers | MSMQTriggers | Not Installed | Not Installed | |
Microsoft .NET Framework NGEN v2.0.50727 | clr_optimization_v2.0.50727 | Manual | Manual | |
Microsoft FTP Service | ftpsvc | Not Installed | Not Installed | |
Microsoft iSCSI Initiator Service | MSiSCSI | Manual | Disabled * | Disable unless you have iSCSI |
Microsoft Software Shadow Copy Provider | swprv | Manual | Manual | |
Multimedia Class Scheduler | MMCSS | Automatic (Started) | Automatic | |
Net.Msmq Listener Adapter | NetMsmqActivator | Not Installed | Not Installed | |
Net.Pipe Listener Adapter | NetPipeActivator | Not Installed | Not Installed | |
Net.Tcp Listener Adapter | NetTcpActivator | Not Installed | Not Installed | |
Net.Tcp Port Sharing Service | NetTcpPortSharing | Disabled | Disabled | |
Netlogon | Netlogon | Manual | Disabled * | Disable if not in a corporate network |
Network Access Protection Agent | napagent | Manual | Disabled * | Disable if not in a corporate network |
Network Connections | Netman | Manual (Started) | Manual | |
Network List Service | netprofm | Manual (Started) | Manual | |
Network Location Awareness | NlaSvc | Automatic (Started) | Automatic | |
Network Store Interface Service | nsi | Automatic (Started) | Automatic | |
Offline Files | CscService | Automatic (Started) | Disabled * | Can disable if not using offline files |
Parental Controls | WPCSvc | Manual | Disabled * | Can disable if not using |
Peer Name Resolution Protocol | PNRPsvc | Manual | Manual | |
Peer Networking Grouping | p2psvc | Manual | Manual | |
Peer Networking Identity Manager | p2pimsvc | Manual | Manual | |
Performance Logs & Alerts | pla | Manual | Manual | |
Plug and Play | PlugPlay | Automatic (Started) | Automatic | |
PnP-X IP Bus Enumerator | IPBusEnum | Manual | Manual | |
PNRP Machine Name Publication Service | PNRPAutoReg | Manual | Manual | |
Portable Device Enumerator Service | WPDBusEnum | Manual (Started) | Manual | |
Power | Power | Automatic (Started) | Automatic | |
Print Spooler | Spooler | Automatic (Started) | Automatic | Can disable if no printer |
Problem Reports and Solutions Control Panel Support | wercplsupport | Manual | Manual | |
Program Compatibility Assistant Service | PcaSvc | Manual | Manual | |
Protected Storage | ProtectedStorage | Manual | Manual | |
Quality Windows Audio Video Experience | QWAVE | Manual | Manual | |
Remote Access Auto Connection Manager | RasAuto | Manual | Manual | |
Remote Access Connection Manager | RasMan | Manual | Manual | |
Remote Desktop Configuration | SessionEnv | Manual | Manual | |
Remote Desktop Services | TermService | Manual | Manual | |
Remote Desktop Services UserMode Port Redirector | UmRdpService | Manual | Manual | |
Remote Procedure Call (RPC) | RpcSs | Automatic (Started) | Automatic | |
Remote Procedure Call (RPC) Locator | RpcLocator | Manual | Manual | |
Remote Registry | RemoteRegistry | Manual | Disabled * | Should disable |
RIP Listener | iprip | Not Installed | Not Installed | |
Routing and Remote Access | RemoteAccess | Disabled | Disabled | |
RPC Endpoint Mapper | RpcEptMapper | Automatic (Started) | Automatic | |
SeaPort | SeaPort | Not Installed | Not Installed | |
Secondary Logon | seclogon | Manual | Manual | Disable if only one user |
Secure Socket Tunneling Protocol Service | SstpSvc | Manual | Manual | |
Security Accounts Manager | SamSs | Automatic (Started) | Automatic | |
Security Center | wscsvc | Automatic (Delayed Start, Not Started) | Automatic (Delayed Start) | |
Server | LanmanServer | Automatic (Started) | Automatic | |
Shell Hardware Detection | ShellHWDetection | Automatic (Started) | Automatic | |
Simple TCP/IP Services | simptcp | Not Installed | Not Installed | |
Smart Card | SCardSvr | Manual | Disabled * | Disable if no smart card |
Smart Card Removal Policy | SCPolicySvc | Manual | Disabled * | Disable if no smart card |
SNMP Service | SNMP | Not Installed | Not Installed | |
SNMP Trap | SNMPTRAP | Manual | Disabled * | Disable if not using SNMP |
Software Protection | sppsvc | Automatic (Delayed Start, Not Started) | Automatic (Delayed Start) | |
SPP Notification Service | sppuinotify | Manual | Manual | |
SSDP Discovery | SSDPSRV | Manual (Started) | Manual | |
Superfetch | SysMain | Automatic (Started) | Automatic | |
System Event Notification Service | SENS | Automatic (Started) | Automatic | |
Tablet PC Input Service | TabletInputService | Manual | Manual | Disable if not on tablet |
Task Scheduler | Schedule | Automatic (Started) | Automatic | |
TCP/IP NetBIOS Helper | lmhosts | Automatic (Started) | Automatic | |
Telephony | TapiSrv | Manual | Manual | |
Telnet | TlntSvr | Not Installed | Not Installed | |
Themes | Themes | Automatic (Started) | Automatic | |
Thread Ordering Server | THREADORDER | Manual | Manual | |
TPM Base Services | TBS | Manual | Manual | |
UPnP Device Host | upnphost | Manual | Manual | |
User Profile Service | ProfSvc | Automatic (Started) | Automatic | |
Virtual Disk | vds | Manual | Manual | |
Volume Shadow Copy | VSS | Manual | Manual | Used for system restore. Disable if backing up via different method. |
Web Management Service | WMSVC | Not Installed | Not Installed | |
WebClient | WebClient | Manual | Manual | If disabled you cannot surf the web |
Windows Audio | AudioSrv | Automatic (Started) | Automatic | |
Windows Audio Endpoint Builder | AudioEndpointBuilder | Automatic (Started) | Automatic | |
Windows Backup | SDRSVC | Manual | Manual | Disable if you do not backup |
Windows Biometric Service | WbioSrvc | Manual | Manual | Disable if no biometric device |
Windows CardSpace | idsvc | Manual | Manual | |
Windows Color System | WcsPlugInService | Manual | Manual | |
Windows Connect Now - Config Registrar | wcncsvc | Manual | Manual | |
Windows Defender | WinDefend | Automatic (Delayed Start, Not Started) | Automatic (Delayed Start) | |
Windows Driver Foundation - User-mode Driver Framework | wudfsvc | Manual | Manual | |
Windows Error Reporting Service | WerSvc | Manual | Manual | Disable if you do not want Windows error reports |
Windows Event Collector | Wecsvc | Manual | Manual | |
Windows Event Log | EventLog | Automatic (Started) | Automatic | |
Windows Firewall | MpsSvc | Automatic (Started) | Automatic | Disable if using third party firewall |
Windows Font Cache Service | FontCache | Manual | Manual | |
Windows Image Acquisition (WIA) | stisvc | Manual | Manual | |
Windows Installer | msiserver | Manual | Manual | Will not be able to install anything if disabled |
Windows Live Family Safety | fsssvc | Not Installed | Not Installed | Additional component to parental controls |
Windows Management Instrumentation | Winmgmt | Automatic (Started) | Automatic | |
Windows Media Center Receiver Service | ehRecvr | Manual | Manual | Disable if you do not share media via Windows Media Player |
Windows Media Center Scheduler Service | ehSched | Manual | Manual | Disable if you do not share media via Windows Media Player |
Windows Media Player Network Sharing Service | WMPNetworkSvc | Manual (Started) | Disabled * | Disable if you do not share media via Windows Media Player |
Windows Modules Installer | TrustedInstaller | Manual | Manual | |
Windows Presentation Foundation Font Cache 3.0.0.0 | FontCache3.0.0.0 | Manual | Manual | |
Windows Process Activation Service | WAS | Not Installed | Not Installed | |
Windows Remote Management (WS-Management) | WinRM | Manual | Manual | |
Windows Search | WSearch | Automatic (Delayed Start, Started) | Disabled | Disable to increase speed and do not search on the desktop |
Windows Time | W32Time | Manual | Manual | Disable if you do not want to update the time with a server |
Windows Update | wuauserv | Automatic (Delayed Start, Not Started) | Automatic (Delayed Start) | Disable if you do not want Windows updates (bad idea) |
WinHTTP Web Proxy Auto-Discovery Service | WinHttpAutoProxySvc | Manual (Started) | Manual | |
Wired AutoConfig | dot3svc | Manual | Manual | For ethernet 802.1X authentication |
WLAN AutoConfig | Wlansvc | Manual | Manual | Disable if no wireless LAN adapter |
WMI Performance Adapter | wmiApSrv | Manual | Manual | |
Workstation | LanmanWorkstation | Automatic (Started) | Automatic | Do not disable |
World Wide Web Publishing Service | W3SVC | Not Installed | Not Installed | Install to run a webserver |
WWAN AutoConfig | WwanSvc | Manual | Manual | Disable if no wireless broadband adapter |
I hope this can assist you in securing your Windows 7 machine and gives a slightly better understanding of the services in Windows 7. In my opinion the default state of most of these services are set correctly to assist in compatiability with systems, however a good system administrator will need to tweak these to make their system secure and slightly quicker. As always please do not hesitate to comment with questions or opinions.
Till Next Time,
Jorge Orchilles
Comments
2 Responses to “Windows 7 RTM Services”
Post a Comment | Post Comments (Atom)
webclient service is NOT needed to 'surf the web.'
August 4, 2009 at 2:21 PMTerima kasih banyak
August 13, 2017 at 9:37 AMPost a Comment