Disabling Windows Services Redux
One of the most visited pages here at Teknolohiya, and one of the posts I get asked about the most is my tutorial on Disabling Unecessary Windows Services. To make a long story short, it's a list of services that you disable on a Windows XP machine to start it up faster, to free up resources, and to make it more secure. I have a disclaimer, errata and an update on that original post, so this post is to rectify the original and to bring new discoveries about it to light.
First, the disclaimer: The list of services disabled in the original post is not for everyone. I've done my research, studied the tests and benefits, and can only conclude that the resources freed by disabling the services on that long list is neglegible, especially with today's modern computers. Also, that list does not apply to Windows Service Pack 2, and I cannot guarantee that the list in its entirety won't break anything when applied to SP2. Seeing as I don't have it installed myself, I have no way of verifying if anything will break or not, so inform yourself be aware of any consequences. There's an updated, smaller list, which I'll get to in a sec.
Next, the errata: I stated in the original post that there were no side effects, but recently I've come across one in particular which may or may not be related to the disabled services, but I'm bringing it up anyway in case anyone else has any insight. My computer is networked here at home with three other computers, and up until recently I've been showing up on the network fine with authorized boxes able to access my shared directories just fine. What's weird is that now I'm showing up on the network, but the authorized parties can't access my computer anymore; even stranger is that I see the network but nothing else - no computers, no nothing, except the parent network identifier. Very strange behavior, so if anyone has any ideas on this, please let me know, as networking really isn't my forte.
Finally, the update: My friend and fellow geek digitalanomaly found a guide that lists services that are safe to disable / put on Automatic for SP2, and that list along with other excellent security tips and suggestions are found at the link below. I'm also assuming that the list works perfectly fine for non-SP2 computers, since I cross-checked the list with the original and they're all part of it. Here's the list for those lazy to wade through the source article:
The following is a list of Services that you can Disable on most systems for added security:
Alerter
Distributed Link Tracking Client
Help and Support (If you use Windows Help and Support leave this enabled)
Indexing Service
Messenger (Shoot the Messenger and installing SP2 will disable this)
Net Logon
Netmeeting Remote Desktop Sharing
Portable Media Serial Number
Remote Desktop Help Session Manager
Remote Registry Service
Routing and Remote Access
Secondary Logon
SSDP Discovery Service (Unplug n' Pray will disable this)
Telnet
Terminal Services
Universal Plug and Play Device Host
Upload Manager
Wireless Zero Configuration (If you are on a wireless network leave this enabled)
The following is a list of Services that should always be set to Automatic for increased Security:
Automatic Updates
Background Intelligent Transfer Service
Cryptographic Services
Protected Storage
Security Accounts Manager
Security Center
System Event Notification
System Restore Service
Hopefully this helps the people on SP2, as well as introduce newcomers to the orignal tutorial in case they missed its debut. Comments, additions, corrections and improvements to these tutorials are very welcome, even though service disabling is really old and relatively pointless nowadays.
Secure XP [Optimize Guides]
First, the disclaimer: The list of services disabled in the original post is not for everyone. I've done my research, studied the tests and benefits, and can only conclude that the resources freed by disabling the services on that long list is neglegible, especially with today's modern computers. Also, that list does not apply to Windows Service Pack 2, and I cannot guarantee that the list in its entirety won't break anything when applied to SP2. Seeing as I don't have it installed myself, I have no way of verifying if anything will break or not, so inform yourself be aware of any consequences. There's an updated, smaller list, which I'll get to in a sec.
Next, the errata: I stated in the original post that there were no side effects, but recently I've come across one in particular which may or may not be related to the disabled services, but I'm bringing it up anyway in case anyone else has any insight. My computer is networked here at home with three other computers, and up until recently I've been showing up on the network fine with authorized boxes able to access my shared directories just fine. What's weird is that now I'm showing up on the network, but the authorized parties can't access my computer anymore; even stranger is that I see the network but nothing else - no computers, no nothing, except the parent network identifier. Very strange behavior, so if anyone has any ideas on this, please let me know, as networking really isn't my forte.
Finally, the update: My friend and fellow geek digitalanomaly found a guide that lists services that are safe to disable / put on Automatic for SP2, and that list along with other excellent security tips and suggestions are found at the link below. I'm also assuming that the list works perfectly fine for non-SP2 computers, since I cross-checked the list with the original and they're all part of it. Here's the list for those lazy to wade through the source article:
The following is a list of Services that you can Disable on most systems for added security:
Alerter
Distributed Link Tracking Client
Help and Support (If you use Windows Help and Support leave this enabled)
Indexing Service
Messenger (Shoot the Messenger and installing SP2 will disable this)
Net Logon
Netmeeting Remote Desktop Sharing
Portable Media Serial Number
Remote Desktop Help Session Manager
Remote Registry Service
Routing and Remote Access
Secondary Logon
SSDP Discovery Service (Unplug n' Pray will disable this)
Telnet
Terminal Services
Universal Plug and Play Device Host
Upload Manager
Wireless Zero Configuration (If you are on a wireless network leave this enabled)
The following is a list of Services that should always be set to Automatic for increased Security:
Automatic Updates
Background Intelligent Transfer Service
Cryptographic Services
Protected Storage
Security Accounts Manager
Security Center
System Event Notification
System Restore Service
Hopefully this helps the people on SP2, as well as introduce newcomers to the orignal tutorial in case they missed its debut. Comments, additions, corrections and improvements to these tutorials are very welcome, even though service disabling is really old and relatively pointless nowadays.
Secure XP [Optimize Guides]