Default Services in Windows 2000 and Windows XP

Default Services in Windows 2000 and Windows XP

In Windows 2000 and Windows XP, many services are installed by default with the OS. Each service is configured according to different security needs. You should evaluate each service to determine whether the service is required by computers on your network and whether you need to change the permissions on the startup value, change the startup value itself, or change the permissions for the service. The following list describes each of these default services.

Unless otherwise noted, all services are installed by default on both Windows 2000 and Windows XP.

• Alerter

  Notifies selected users and computers of administrative alerts. If this service is turned off, the computer will not be able to receive administrative alerts, such as those from the Messenger service or Performance Monitor. This service should be disabled unless you use administrative alerts.

• Application Layer Gateway

  Provides support for third-party plug-ins to Windows XP Internet Connection Sharing (ICS) and Internet Connection Firewall (ICF). Stopping or disabling this service will prevent ICS or ICF from working. You should set this service to start manually.

• Application Management

  Provides software installation services, such as Assign, Publish, and Remove. This service processes requests to enumerate, install, and remove applications deployed via a corporate network. This service is called when you use Add/Remove Programs in Control Panel to install or remove an application. If the service is disabled, users will be unable to install, remove, or enumerate applications deployed by using Group Policy. This service should be set to Manual. The service is started by the first call made to it it does not terminate until you stop it manually or restart the computer.

• Automatic Updates

  Enables the download and installation of critical Windows updates. If the service is disabled, the OS can be manually updated at the Windows Update Web site (http://windowsupdate.microsoft.com) or via a Software Updates Services server. Automatic Updates is a default service in Windows XP and is added to Windows 2000 computers during the application of Windows 2000 Service Pack 3. You should enable this service to start automatically unless you have your own security update management solution. You can configure Automatic Updates in the system Control Panel applet or by using Group Policy.

• Background Intelligent Transfer Service

  Uses idle network bandwidth to transfer data to avoid interfering with other network connections. This service is available only in Windows XP and should be set to either Disabled or Manual depending on your organization s security requirements.

• Boot Information Negotiation Layer (BINL)

  Enables you to install Windows 2000 and Windows XP on computers equipped with preexecution-compatible network interface cards. The BINL service is the primary component of Remote Installation Services (RIS). If BINL is no longer needed on the system, you can discontinue its use via the Add/Remove Windows option in Control Panel to remove the RIS component. If turned off, RIS will not allow client machines to install the OS remotely. This service is available on Windows 2000 Server only when RIS is installed.

• Certificate Services

  Creates, manages, and removes X.509 certificates and is installed on Windows 2000 Server. You can remove this service via Add/Remove Programs in Control Panel.

• ClipBook

  Enables the ClipBook Viewer to create and share pages of data to be viewed by a remote computer via NetDDE, which is described later in this chapter. This service is turned off by default, and it is started only when a user starts the ClipBook. If you disable or remove the service, the remote features of ClipBook will be disabled, but the ClipBook will still function properly on the local computer. You should disable this service.

• Cluster Service

  Operates the two types of cluster solutions in the Windows platform that support different application styles: Server Clusters and Network Load Balancing (NLB) Clusters. This service is available only on Windows 2000 Advanced Server and Datacenter Server with clustering or NLB installed. You can remove this service by removing Clustering by using Add/Remove Programs in Control Panel.

• COM+ Event System

  Provides automatic distribution of events to subscribing COM components. If the service is turned off, the System Event Notification System (SENS) stops working COM+ login and logoff notifications will not occur. Other COM+ Inbox applications, such as the Volume Snapshot service, will not work correctly. You should set this service to Manual, unless your COM+ components are installed on the computer.

• COM+ System Application

  Manages the configuration and tracking of COM+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, a COM+ application installed on the computer will not start. This service is available only in Windows XP and should be set to start manually, unless COM+ applications are installed on the computer.

• Computer Browser

  Maintains an up-to-date list of computers on your network and supplies the list to programs that request it. The Computer Browser service is used by Windows-based computers that need to view network domains and resources. If you disable this service, the computer will no longer participate in browser elections and will not maintain a server list. You can safely disable this service on most clients and servers on networks that use only Windows 2000 based and later computers.

• Cryptographic Services

  Provides three management services: Catalog Database Service, which confirms the signatures of Windows files and Microsoft ActiveX components; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from the computer; and Key Service, which helps enroll the computer for certificates. If Cryptographic Services is stopped, the three management services will not function properly. You should set this service to start automatically. This service is available only in Windows XP.

• DHCP Client

  Manages network configuration by registering and updating IP addresses if the computer has network adapters configured to use the Dynamic Host Configuration Protocol (DHCP) to obtain TCP/IP information. You should set this service to start automatically, unless you have statically configured IP addresses and information.

• DHCP Server

  Uses DHCP to allocate IP addresses and allow the advanced configuration of network settings such as Domain Name System (DNS) servers and Windows Internet Name Service (WINS) servers to DHCP clients automatically. If the DHCP Server service is turned off, DHCP clients will not receive IP addresses or network settings automatically. This service is available only on Windows 2000 Server when the DCHP service is installed. You can remove this service by using Add/Remove Programs in Control Panel.

• Distributed File System (DFS)

  Manages logical volumes distributed across a local area network (LAN) or wide area network (WAN). DFS is a distributed service that integrates disparate file shares into a single logical namespace. This service is available only on Windows 2000 Server when DFS is installed. You can remove this service by using Add/Remove Programs in Control Panel.

• Distributed Link Tracking (DLT) Client

  Maintains links between the NTFS file system files within a computer or across computers in a network domain. The DLT Client service ensures that shortcuts and object linking and embedding (OLE) links continue to work after the target file is renamed or moved. If the DLT Client service is disabled, you will not be able to track links. Likewise, users on other computers will not be able to track links for documents on your computer. In a workgroup, you should disable this service because it is not used frequently. In a domain environment, you should use this service only if you frequently move files and folders on NTFS volumes.

• Distributed Link Tracking (DLT) Server

  Stores information so that files moved between volumes can be tracked for each volume in the domain. The DLT Server service runs on each domain controller in a domain. This service enables the DLT Client service to track linked documents that have been moved to a location in another NTFS v5 (the version of NTFS used in Windows 2000 and later) volume in the same domain. If the DLT Server service is disabled, links maintained by the DLT Client service might be less reliable.

• Distributed Transaction Coordinator

  Coordinates transactions that are distributed across multiple computer systems and/or resource managers, such as databases, message queues, file systems, or other transaction-protected resource managers. The Distributed Transaction Coordinator is necessary if transactional components will be configured through COM+. This service is also required for transactional queues in Microsoft Message Queuing (MSMQ) and Microsoft SQL Server operations that span multiple systems. Disabling this service prevents these transactions from occurring. You should set this service to Manual unless you are using it.

• DNS Client

  Resolves and caches Domain Name System (DNS) names. The DNS Client service must be running on every computer that will perform DNS name resolution. An ability to resolve DNS names is crucial for locating domain controllers in Active Directory domains. Running the DNS Client service is also critical for enabling location of the devices identified by using DNS names. If the DNS Client service is disabled, your computers might not be able to locate the domain controllers of the Active Directory domains and Internet connections. You should set this service to start automatically, unless you are certain that the computer will not require any hostname resolution services.

• DNS Server

  Enables DNS name resolution by answering queries and update requests for Domain Name System (DNS) names. This service is available only on Windows 2000 Server when DNS is installed. You can remove this service by using Add/Remove Programs in Control Panel.

• Event Log

  Logs event messages issued by programs and Windows. Event Log reports contain information that can be useful in diagnosing problems. Reports are viewed in Event Viewer. The Event Log service writes to log files the events sent by applications, services, and the OS. If the Event Log service is disabled, you will not be able to track events, which reduces your ability to quickly diagnose problems with your system. In addition, you will not be able to audit security events. You cannot disable this service through the user interface.

• Event Reporting

  In Windows XP, by default, when an application crashes the user is prompted to report the incident, along with the crash dump information. This information is sent to Microsoft for analysis. You can configure this service in the System applet in Control Panel. For example, you can define which applications should and should not send crash-dump information. To prevent this service from running, you must set it to Disabled. You should always set this service to Disabled, unless you are having difficulty with an application.

• Fast-User Switching Compatibility

  Enables Windows XP computers in a workgroup to use the fast-user switching feature of Windows XP. This feature does not work when the computer is a member of a domain. You should disable this service.

• Fax Service

  Enables you to send and receive faxes. This service is not installed by default and can be added and removed by using Add/Remove Programs in Control Panel.

• File Replication

  Maintains file synchronization of file directory contents among multiple servers. File Replication is the automatic file replication service in Windows 2000. It is used to copy and maintain files on multiple servers simultaneously and to replicate the Windows 2000 system volume (SYSVOL) on all domain controllers. In addition, this service can be configured to replicate files among alternate targets associated with the fault-tolerant DFS. If this service is disabled, file replication will not occur and server data will not be synchronized. Stopping the File Replication service can seriously impair a domain controller s ability to function.

• File Server for Macintosh

  Enables Macintosh-based computers to store and access files on a Windows server machine. If this service is turned off, Macintosh-based clients will not be able to view any NTFS shares. This service is not installed by default and can be removed by using Add/Remove Programs in Control Panel. You should remove this service if you are not sharing files with Macintosh-based clients.

• FTP Publishing Service

  Provides FTP connectivity and administration through the Microsoft Internet Information Services (IIS) snap-in. Features include bandwidth throttling, use of security accounts, and extensible logging. You should remove this service if you are not running an FTP site. You can do so by using Add/Remove Programs in Control Panel.

• Help and Support

  Enables the Help and Support application in Windows XP to provide dynamic help to users. If disabled, the Help and Support service will still function with local Help files but will not pull in help from the Internet. You should disable this service on computers in managed environments that have an IT support staff to help users with support requests.

• Human Interface Devices

  Enables generic input access to the Human Interface Devices (HID) service, which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, the hot buttons it controls will no longer function. You should set this service to Disabled, unless you use a custom keyboard or other input device for hotkey mappings. This service exists only in Windows XP.

• IIS Admin Service

  Allows administration of IIS. If this service is not running, you will not be able to run Web, FTP, Network News Transfer Protocol (NNTP), or Simple Mail Transfer Protocol (SMTP) sites, and you will not be able to configure IIS. You should remove or disable this service if you will not be using the IIS Admin Web site when running IIS on a computer. You can remove this service by using Add/Remove Programs in Control Panel.

• IMAPI CD-Burning COM Services

  Enables Windows XP computers equipped with a CD-ROM to create CDs. You should disable this service on computers that do not have a CD-R or CD-RW drive and set the service to start manually on computers that do. This service will start when you send files to a CD-R or CD-RW drive.

• Indexing Service

  Indexes contents and properties of files on local and remote computers and provides rapid access to files through a flexible querying language. The Indexing Service also enables quick searching of documents on local and remote computers as well as a search index for content shared on the Web. If this service is either stopped or disabled, all search functionality will be provided by traversing the folder hierarchy and scanning each file for the requested string. When the service is turned off, search response is typically much slower. You should remove this service if you do not need to build or maintain indices for searchable content. You can remove this service by using Add/Remove Programs in Control Panel.

• Internet Authentication Service (IAS)

  Performs centralized authentication, authorization, auditing, and accounting of users who are connecting to a network (LAN or remote) by using virtual private network (VPN) equipment, Remote Access Service (RAS), or 802.1x Wireless and Ethernet/Switch Access Points. IAS implements the Internet Engineering Task Force (IETF) standard Remote Authentication Dial-In User Service (RADIUS) protocol. If IAS is disabled or stopped, authentication requests will failover to a backup IAS server, if one is available. If none of the other backup IAS servers are available, users will not be able to connect. This service is available only with Windows 2000 Server when IAS is installed. You should remove this service on computers that are not RADIUS servers, proxies, or clients by using Add/Remove Programs in Control Panel.

• Internet Connection Firewall (ICF)/Internet Connection Sharing (ICS)

  Provides personal firewall and Internet connection sharing in Windows XP. You should configure this service to start automatically on computers that will be using ICF or ICS, but disable it on computers that will not be using either of these services.

• Internet Connection Sharing (ICS)

  Provides network address translation (NAT), addressing, and name resolution services for all computers on your home or small-office network through a dial-up or broadband connection in Windows 2000. This service is available only in Windows 2000 and should be disabled unless the computer will be used as a gateway to another network.

• Intersite Messaging (ISM)

  Allows the sending and receiving of messages between Windows Server sites. This service is used for mail-based replication between sites. Active Directory directory service includes support for replication between sites by using SMTP over IP transport. If you are not using the SMTP service in IIS, you should remove this service by using Add/Remove Programs in Control Panel.

• IPSec Policy Agent (IPSec Services in XP)

  Manages IP Security (IPSec) policy, starts the Internet Key Exchange (IKE), and coordinates IPSec policy settings with the IP security driver. If you know you will not be using IPSec, you should set this service to manual startup. Otherwise, you should set this service to start automatically.

• Kerberos Key Distribution Center

  Enables users to log on to the network using the Kerberos v5 authentication protocol. If this service is stopped on a domain controller, users will be unable to log on to the domain and access services when using that domain controller for authentication. This service exists only on Windows 2000 Active Directory domain controllers.

• License Logging Service

  Tracks Client Access License usage for server products, such as IIS, Terminal Services, and file and print services, as well as products such as SQL Server and Microsoft Exchange Server. If this service is disabled, licensing for these programs will work properly, but usage will no longer be tracked. This service is available only in Windows 2000 Server and should be disabled unless you are tracking license usage.

• Logical Disk Manager

  Watches Plug and Play events for new drives to be detected and passes volume and/or disk information to the Logical Disk Manager Administrative Service to be configured. If disabled, the Disk Management MMC snap-in display will not change when disks are added or removed. This service should not be disabled if dynamic disks are in the system. You should set this service to start manually.

• Logical Disk Manager Administrative Service

  Performs administrative services for disk management requests. This service is started only when you configure a drive or partition, or when a new drive is detected. This service does not run by default, but it is activated whenever dynamic disk configuration changes occur or when the Disk Management MMC snap-in is open. The service starts, completes the configuration operation, and then exits. You should set this service to start manually.

• Message Queuing

  A messaging infrastructure and development tool for creating distributed messaging applications for Windows. Microsoft Message Queuing (MSMQ) provides guaranteed message delivery, efficient routing, security, support for sending messages within transactions, and priority-based messaging. Disabling MSMQ affects a number of other services, including COM+ Queued Component (QC) functionality, some parts of Windows Management Instrumentation (WMI), and the MSMQ Triggers service. If you are not using a message queue on the computer, you should remove the MSMQ service by using Add/Remove Programs in Control Panel.

• Messenger

  Sends messages to or receives them from users and computers. This service also sends and receives messages transmitted by administrators or the Alerter service. If disabled, Messenger notifications cannot be sent to or received from the computer or from users currently logged on, and the NET SEND and NET NAME commands will no longer function. You should disable this service unless you have applications that send administrative alerts, such as uninterruptible power supply (UPS) software or print notifications.

• MS Software Shadow Copy Provider

  Manages software-based volume shadow copies taken by the Volume Shadow Copy service in Windows XP. If this service is stopped, software-based volume shadow copies cannot be managed. You should disable this service unless you are using volume shadow copies to archive data.

• Net Logon

  Supports pass-through authentication of account logon events for computers in a domain. This service is started automatically when the computer is a member of a domain. It is used to maintain a secure channel to a domain controller for use by the computer in the authentication of users and services running on the computer. In the case of a domain controller, the Net Logon service handles the registration of the computer s DNS names specific to domain controller locator discoveries. On domain controllers, the service enables pass-through authentication for other domain controllers by forwarding pass-through authentication requests to the destination domain controller, where the logon credentials are validated. If this service is turned off, the computer will not operate properly in a domain. Specifically, it can deny NTLM authentication requests and, in the case of a domain controller, will not be discoverable by client machines. You should set this service to start automatically.

• NetMeeting Remote Desktop Sharing

  Allows authorized users to remotely access your Windows desktop from another PC over a corporate intranet by using Microsoft NetMeeting. The service must be explicitly enabled by NetMeeting and can be disabled in NetMeeting or shut down via a Windows tray icon. Disabling the service unloads the NetMeeting display driver used for application sharing. You should disable this service unless you are using NetMeeting for business needs.

• Network Connections

  Manages objects in the Network and Dial-Up Connections folder, in which you can view both network and remote connections. This service takes care of network configuration (client side) and displays the status in the notification area on the desktop (the area on the taskbar to the right of the taskbar buttons). You can also access configuration parameters through this service. Disabling this service will prevent you from configuring your LAN settings and group policies with undefined behavior. You should set this service to start manually.

• Network DDE

  Provides network transport and security for dynamic data exchange (DDE) by applications running on the same computer or on different computers. This service is turned off by default, and it is started only when invoked by an application that uses Network DDE (NetDDE), such as Clipbrd.exe or DDEshare.exe. If you disable the service, any application that depends on NetDDE will time out when it tries to start the service. You should disable this service unless you use NetDDE-enabled applications. This is one of the few services that the User group can start and stop.

• Network DDE DSDM

  Manages shared dynamic data exchange and is used only by Network DDE to manage shared DDE conversations. You should disable this service unless you use NetDDE-enabled applications. This is one of the few services that the User group can start and stop.

• Network Location Awareness

  Collects and stores network configuration and location information and notifies applications when this information changes. Disabling this service will prevent the Windows XP Internet Connection Firewall from working. You should set this service to start manually.

• Network News Transfer Protocol (NNTP)

  Creates an NNTP-enabled news server. If the service is off, client computers will not be able to connect and read or retrieve posts. You should remove this service if you are not running an NNTP server by using Add/Remove Programs in Control Panel.

• NT LM Security Support Provider

  Enables users and applications to log on to the network by using the NTLM authentication protocol called through the NLTM SSP. If this service is stopped, users will not be able to log on to the domain when the NTLM SSP is called. Most applications do not call this Security Support Provider (SSP) directly. You should set this service to start manually.

• Performance Logs and Alerts

  Configures performance logs and alerts. This service is used to collect performance data automatically from local or remote computers that have been configured by using the Performance Logs and Alerts snap-in. If the service is stopped by a user, all currently running data collections will terminate and no scheduled collections will occur. You should set this service to Disabled unless you are monitoring the performance of a server.

• Plug and Play

  Enables a computer to recognize and adapt to hardware changes with little or no user input. With Plug and Play, a user can add or remove devices without any intricate knowledge of computer hardware and without being forced to manually configure hardware or the OS. Stopping or disabling this service will result in system instability. You should set this service to start automatically.

• Portable Music Serial Number

  Enables a Windows XP computer to retrieve information about portable music players attached to the computer as part of the Digital Rights Management (DRM) features in Windows XP. You should disable this service on computers that will be used with portable music devices, such as MP3 players.

• Print Server for Macintosh

  Enables Macintosh clients to route printing to a print spooler located on a computer running Windows 2000 Server. If this service is stopped, printing will be unavailable to Macintosh clients. If the computer does not have a printer used by Macintosh-based clients, you should remove this service by using Add/Remove Programs in Control Panel.

• Print Spooler

  Queues and manages print jobs locally and remotely. The print spooler is the heart of the Windows printing subsystem and controls all printing jobs. This service manages the print queues on the system and communicates with printer drivers and I/O components. If the Print Spooler service is disabled, you will not be able to print and other users will not be able to print to a printer attached to your computer. You should set this service to Manual, unless you are certain that no one will be printing to or from the computer.

• Protected Storage

  Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. Protected Storage (P-Store) is a set of software libraries that allows applications to fetch and retrieve security and other information from a personal storage location, hiding the implementation and details of the storage itself. The storage location provided by this service is secure and protected from modification. P-Store uses the Hash-Based Message Authentication Code (HMAC) and the SHA1 cryptographic hash function to encrypt the user s master key. This component requires no configuration. Disabling it will make information protected with this service inaccessible to you. P-Store is an earlier service that has been supplanted by the Data Protection API (DPAPI), which is currently the preferred service for protected storage. Unlike DPAPI, the interface to P-Store is not publicly exposed. You should set this service to start automatically.

• QoS Admission Control (RSVP)

  Provides network signaling and local traffic-control setup functionality for Quality of Service aware programs and control applets. You should set this service to start manually.

• QoS RSVP

  Invoked when an application uses the Generic Quality of Service (GQoS) API requesting a specific quality of service on the end-to-end connection it uses. If disabled, QoS is not guaranteed to the application. The application must then decide whether to accept best-effort data transmission or refuse to run. You should set this service to start manually.

• Remote Access Auto Connection Manager

  Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address. This service detects an attempt to resolve the name of a remote computer or share, or an unsuccessful attempt to send packets to a remote computer or share. The service brings up a dialog box that offers to make a dial-up or VPN connection to the remote computer. Disabling the service has no effect on the rest of the OS. You should disable this service unless you have a specific reason to use it.

• Remote Access Connection Manager

  Creates a network connection. This service manages the actual work of connecting, maintaining, and disconnecting dial-up and VPN connections from your computer to the Internet or other remote networks. Double-clicking a connection in the Network and Dial-Up Connections folder and selecting the Dial button generates a work request for this service that is queued with other requests for creating or destroying connections. This service will unload itself when no requests are pending. But in practice, the Network and Dial-Up Connections folder calls on this service to enumerate the set of connections and to display the status of each one. So unless the Network and Dial-Up Connections folder contains no connections, the service will always be running. The service cannot be disabled without breaking other portions of the OS, such as the Network and Dial-Up Connections folder. You should set this service to Manual, unless you are certain that you will not be using remote access connections, in which case you should disable the service.

• Remote Desktop Help Sessions Manager

  Manages and controls the Remote Assistance feature of Windows XP. If this service is stopped or disabled, Remote Assistance will be unavailable. You should disable this service unless your organization uses the Remote Assistance feature, in which case you should set the service to start manually.

• Remote Procedure Call (RPC)

  Provides the RPC endpoint mapper and other miscellaneous RPC services. If this service is turned off, the computer will not boot. You should set this service to start automatically.

• Remote Procedure Call (RPC) Locator

  Provides the name services for RPC clients. This service helps locate RPC servers that support a given interface (also known as an RPC named service) within an enterprise. This service is turned off by default. Note that no OS component uses this service, although some applications might. You should set this service to start manually.

• Remote Registry Service

  Allows remote registry manipulation. This service lets users connect to a remote registry and read and/or write keys to it provided they have the required permissions. This service is usually used by remote administrators and performance monitor counters. If disabled, the service doesn t affect registry operations on the computer on which it runs; therefore, the local system will run in the same manner. Other computers or devices will no longer be able to connect to this computer s registry. You must be running this service in order to use some patch management tools, such as HFNetChk and MBSA. You should set this service to start manually.

• Remote Storage Engine

  Migrates infrequently used data to tape. This service leaves a marker on disk, allowing the data to be recalled automatically from tape if you attempt to access the file. If you are not using the remote storage feature of Windows 2000 or Windows XP, you should disable this service. Otherwise, you should set it to start up manually.

• Remote Storage File

  Manages operations on remotely stored files. If you are not using the remote storage feature of Windows 2000, you should disable this service.

• Remote Storage Media

  Controls the media used to store data remotely. If you are not using the remote storage feature of Windows 2000, you should disable this service.

• Remote Storage Notification

  Enables Remote Storage to notify you when you have accessed an offline file. Because it takes longer to access a file that has been moved to tape, Remote Storage will notify you if you are attempting to read a file that has been migrated and will allow you to cancel the request. If this service is turned off, you will not receive any additional notification when you try to open offline files. Nor will you be able to cancel an operation that involves an offline file. If you are not using the remote storage feature of Windows 2000, you should disable this service.

• Removable Storage

  Manages removable media drives and libraries. This service maintains a catalog of identifying information for removable media used by a system, including tapes, CDs, and so on. This service is used by features such as Backup and Remote Storage to handle media cataloging and automation. This service stops itself when there is no work to do. If you are not using the remote storage feature of Windows 2000, you should disable this service.

• Routing and Remote Access

  Offers routing services in LAN and WAN environments, including VPN services. If this service is turned off, incoming remote access and VPN connections, dial-on-demand connections, and routing protocols will not be available. In a routing context, Routing and Remote Access Service (RRAS) drives the TCP/IP stack-forwarding engine. The forwarding code can be enabled outside the service for various reasons, most notably Internet Connection Sharing (ICS). You should set this service to start manually.

• RunAs Service

  Allows you to run specific tools and programs with different permissions than your current logon provides. This service is called the Secondary Logon Service in Windows XP. You should set this service to start automatically.

• Security Accounts Manager

  Startup of this service signals to other services that the Security Accounts Manager (SAM) subsystem is ready to accept requests. This service should not be disabled. Doing so will prevent other services in the system from being notified when the SAM is ready, which can in turn cause those services to not start correctly.

• Server

  Provides RPC support, file print sharing, and named pipe sharing over the network. The Server service allows the sharing of your local resources (such as disks and printers) so that other users on the network can access them. It also allows named pipe communication between applications running on other computers and your computer, which is used for RPC. You should set this service to start automatically. Disabling this service results in the following:

  • An inability to share files and printers on your computer with other computers on the network

  • An inability of your computer to service RPC requests

  • An inability to communicate between machines via named pipes

• Simple Mail Transfer Protocol (SMTP)

  Transports e-mail across the network. The SMTP service is used as an e-mail submission and relay agent. It can accept and queue e-mail for remote destinations and retry at specified intervals. Windows domain controllers use the SMTP service for intersite e-mail-based replication. The Collaboration Data Objects (CDO) for Windows 2000 COM components can use the SMTP service to submit and queue outbound e-mail. If you are not using this service, you should remove it by using Add/Remove Programs in Control Panel.

• Single Instance Storage (SIS) Groveler

  An integral component of Remote Installation Services (RIS). Although the SIS Groveler is installed by default in Windows server installations, it is set to Disabled unless you either add the RIS component from Add/Remove Windows Components in Control Panel or select it when initially installing the OS. If the service is turned off, RIS installation images will expand to their full image size and you will not be able to conserve space on the hard drive. You should remove the RIS service by using Add/Remove Programs in Control Panel if the computer is not a RIS server.

• Site Server ILS Service

  As part of IIS, this service scans TCP/IP stacks and updates directories with the most current user information. Windows 2000 is the last version of the OS to support the Site Server Internet Locator Service (ILS). You should remove this service by using Add/Remove Programs in Control Panel if you are not using it on your Web server.

• Smart Card

  Manages and controls access to a smart card inserted into a smart card reader attached to the computer. The smart card subsystem is based on personal computer/smart card (PC/SC) consortium standards for accessing information on smart card devices. Disabling the smart card subsystem will result in a loss of smart card support in the system. You should set this service to Disabled unless the computer uses smart cards for authentication, in which case, you should set the service to start manually.

• Smart Card Helper

  Provides support for earlier smart card readers attached to the computer. This component is designed to provide enumeration services for the smart card subsystem so that earlier non Plug and Play smart card reader devices can be supported. Turning off this service will remove support for non Plug and Play readers. You should set this service to Disabled unless the computer uses smart cards for authentication, in which case, you should set the service to start manually.

• SNMP Service

  Allows incoming Simple Network Management Protocol (SNMP) requests to be serviced by the local computer. SNMP includes agents that monitor activity in network devices and report to the network console workstation. If the service is turned off, the computer no longer responds to SNMP requests. If the computer is being monitored by network management tools, the tools will not be able to collect data from the computer or control its functionality via SNMP. If you are not monitoring the computer with SNMP, you should remove this service by using Add/Remove Programs in Control Panel.

• SNMP Trap Service

  Receives SNMP trap messages generated by local or remote SNMP agents and forwards the messages to SNMP management programs running on the computer. If the service is turned off, SNMP applications will not receive SNMP traps that they are registered to receive. If you are using a computer to monitor network devices or server applications via SNMP traps, you might miss significant system occurrences. If you are not monitoring the computer with SNMP, you should remove this service by using Add/Remove Programs in Control Panel.

• SSPD Discovery Services

  Enables the discovery of Universal Plug and Play (UPnP) devices in Windows XP. You should set this service to Disabled, unless you actively use UPnP devices on your network.

• Still Image Service

  Loads necessary drivers for imaging devices (such as scanners and digital still-image cameras), manages events for those devices and associated applications, and maintains device state. The service is needed to capture events generated by imaging devices (such as button presses and connections). If the service is not running, events from the imaging devices connected to the computer will not be captured and processed.

• System Event Notification (SENS)

  Tracks system events, such as Windows logon network events and power events, and notifies COM+ Event System subscribers of these events. SENS is an AutoStarted service that depends on COM+ Event System service. Disabling this service has the following effects:

  • The Win32 APIs IsNetworkAlive() and IsDestinationReachable() will not work well. These APIs are mostly used by mobile applications and portable computers.

  • SENS interfaces do not work properly. In particular, SENS s Logon/Logoff notifications will not work.

  • Microsoft Internet Explorer 5.0 or later uses SENS on portable computers to trigger when the user goes offline or online (by triggering the Work Offline prompt).

  • SyncMgr (Mobsync.exe) will not work properly. SyncMgr depends on connectivity information and Network Connect/Disconnect and Logon/Logoff notifications from SENS.

  • COM+ Event System will try to notify SENS of some events but will not be able to.

• System Restore Service

  Performs the automatic system restore (ASR) function in Windows XP. ASR is configured in the System applet in Control Panel. You should set this service to start manually, unless you are certain that you will not be using it.

• Task Scheduler

  Enables a program to run at a designated time. This service allows you to perform automated tasks on a chosen computer. Task Scheduler is started each time the OS is started. If Task Scheduler is disabled, jobs that are scheduled to run will not run at their designated time or interval. You should set this service to start manually.

• TCP/IP NetBIOS Helper Service

  Enables support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. This service is an extension of the kernel mode NetBT. It should be considered an integral part of NetBT, rather than a normal service. This service does two things for NetBT, which you cannot do in kernel mode:

  • Performs DNS name resolution

  • Pings a set of IP addresses and returns a list of reachable IP addresses

    If this service is disabled, NetBT s clients including the Workstation, Server, Netlogon, and Messenger services could stop responding. As a result, you might not be able to share files and printers, you might not be able to log on, and Group Policy will no longer be applied. You should set this service to start automatically.

• Telephony

  Provides Telephony API (TAPI) support for programs that control telephony devices and IP-based voice connections on the local computer and through the LAN on servers that are running the service. The telephony service cannot be stopped if another dependent service such as Remote Access Service (RAS) is active. If no other dependent service is running and you stop the telephony service, it will be restarted when any application makes an initialization call to the TAPI interface. If the service is disabled, any program that depends upon it, including modem support and Internet Connection Firewall (ICF), will not be able to run. You should set this service to start manually.

• Telnet

  Allows a remote user to log on to the system and run console programs by using the command line. A computer running the Telnet service can support connections from various TCP/IP telnet clients. You should disable this service unless you use the Telnet service to manage your computer.

• Terminal Services

  Provides a multisession environment that allows client devices to access a virtual interactive logon to a Windows XP or Windows 2000 Server. Terminal Services allows multiple users to be connected interactively to the computer in their own isolated session. You should set this service to start automatically unless you are certain that you will not be using Windows Terminal Services, Remote Desktop, Fast-User Switching, or Remote Assistance, in which case you can disable this service.

• Terminal Services Licensing

  Installs a license server and provides registered client licenses when connecting to a Windows 2000 terminal server. If this service is turned off, the server will be unavailable to issue terminal server licenses to clients when they are requested. If another license server is discoverable on a domain controller in the forest, the requesting terminal server will attempt to use it. You should remove this service by using Add/Remove Programs in Control Panel.

• Themes

  Provides management themes in the Windows XP user interface. You should set this service to start automatically.

• Trivial FTP Daemon

  Trivial File Transfer Protocol (TFTP) is an integral part of Remote Installation Services. To disable this service, uninstall RIS. Disabling the Trivial FTP Daemon service directly will cause RIS to malfunction. You should remove RIS by using Add/Remove Programs in Control Panel if the computer is not a RIS server.

• Uninterruptible Power Supply

  Manages communications with an uninterruptible power supply (UPS) connected to the computer by a serial port. If this service is turned off, communications with the UPS will be lost. You should disable this service unless you have a UPS device connection to the computer.

• Universal Plug and Play Device Host

  Manages the operation of UPnP devices on the local computer. Disabling this service will prevent the use of UPnP devices; however, regular Plug and Play devices will continue to function normally. You should disable this service unless your network actively uses UPnP devices.

• Upload Manager

  Manages synchronous and asynchronous file transfers on Windows XP computers between clients and servers on the network. If this service is stopped, synchronous and asynchronous file transfers between clients and servers on the network will not occur.

• Utility Manager

  Starts and configures accessibility tools from one window. Utility Manager allows faster access to some accessibility tools and displays the status of the tools or devices that it controls. This service saves users time because an administrator can designate that certain features start when Windows 2000 starts. Utility Manager includes three built-in accessibility tools: Magnifier, Narrator, and On-Screen Keyboard.

• Web Client

  Enables Windows XP computers to modify Internet-based or intranet-based files, including Web-Based Distributed Authoring and Versioning (WebDAV) extensions for HTTP. You should set this service to start manually.

• Windows Audio

  Enables Windows XP to manage audio devices. You cannot disable this service.

• Windows Image Acquisition

  Manages the retrieval of images from digital cameras and scanners from devices attached to Windows XP computers. You should set this service to Disabled unless you use these devices on computers.

• Windows Installer

  Installs, repairs, or removes software according to instructions contained in .msi files provided with the applications. If disabled, the installation, removal, repair, and modification of applications that make use of the Windows Installer will fail. You should set this service to start manually.

• Windows Internet Name Service (WINS)

  Enables NetBIOS name resolution. Presence of the WINS server(s) is crucial for locating the network resources identified by using NetBIOS names. WINS servers are required unless all domains have been upgraded to Active Directory and all computers on the network are running Windows 2000. If you are not running a WINS server on the computer, you should remove this service by using Add/Remove Programs in Control Panel.

• Windows Management Instrumentation (WMI)

  Provides system management information. WMI is an infrastructure for building management applications and instrumentation. WMI provides access to the management data through a number of interfaces, including COM API, scripts, and command-line interfaces. If this service is turned off, WMI information will be unavailable.

• Windows Management Instrumentation Driver Extensions

  Tracks all the drivers that have registered Windows Management Instrumentation (WMI) information to publish. If the service is turned off, clients cannot access the WMI information published by drivers. However, if the WMI APIs detect that the service is not running, the APIs will attempt to restart the service.

• Windows Time Service (W32Time)

  Sets the computer clock. W32Time maintains date and time synchronization on all computers running on a Microsoft Windows network. It uses the Network Time Protocol (NTP) to synchronize computer clocks so that an accurate clock value, or timestamp, can be assigned to network validation and resource access requests. The implementation of NTP and the integration of time providers make W32Time a reliable and scalable time service for enterprise administrators. For computers not joined to a domain, W32Time can be configured to synchronize time with an external time source. If this service is turned off, the time setting for local computers will not be synchronized with any time service in the Windows domain or with an externally configured time service. You should set this service to start automatically.

• Wireless Zero Configuration

  Provides the automatic configuration of supported 802.11 wireless network adapters in Windows XP. You should set this service to start automatically, unless you will not be using wireless network adapters on the computer, in which case, you should disable the service.

• Workstation

  Provides network connections and communications. The Workstation service is a user-mode wrapper for the Microsoft Networks redirector. The service loads and performs configuration functions for the redirector, provides support for making network connections to remote servers, provides support for the Windows Network (WNet) APIs, and furnishes redirector statistics. If this service is turned off, no network connections can be made to remote computers using Microsoft Networks.

• World Wide Web Publishing Service

  Provides HTTP services for applications on the Windows platform. The service depends on the IIS administration service and kernel TCP/IP support. If this service is turned off, the OS will no longer be able to act as a Web server. See also the IIS Admin Service entry in this list.