When Microsoft Windows XP starts up, a series
of services are loaded. These services perform a variety of
functions and need to be started depending upon the configuration of
the computer. A stand alone computer needs a different set of
services started than a network workstation. A computer connected to
the internet relies upon a different set of services than a computer
not connected to the internet.
Knowledge of these services, and which ones are
being used also aid in diagnosing computer problems. Often, turning
these states off or disabling them will provide clues to a software
or operating system problem.
In addition, laptop computers often need as
much memory and disk space as they can get. Knowing which service
can be turned off and which needs to be on, makes a laptop operate
much more efficiently and much faster.
A local system is a single computer. A local
service operates on a single machine.
The following table gives a brief description
along with the Recommended State of each of the services. This is
for a computer using Microsoft Windows XP Professional operating
system.
|
Service Name |
Description |
Recommended State |
|
Alerter |
Makes it possible to automatically send
messages to registered users about certain system events or
alerts when they happen. |
Disabled it you don’t need to alert
users about system events over the network |
|
Application Layer Gateway Service |
Allows 3rd party software
plugins to interface with the Internet Connection Sharing
and Internet Connection Firewall. |
Disabled if not using Internet
Connection Sharing/Firewall – Manual if using Internet
Connection Sharing Firewall |
|
Application Management |
Used to provide software installation
services such as Assign, Publish and Remove. It handles
deployment of software for computers joined to a domain. |
Manual |
|
Automatic Updates |
Enables automatic monitoring, download
and installation of Windows Updates. |
Disabled if you are manually monitoring
when Microsoft issues updates – Automatic other wise |
|
Clipbook Service |
Is used to access the machines
clipboard remotely using the NetDDE service. |
Disabled for security reasons |
|
Computer Browser |
Enables the computer to participate in
the election for maintaining the browser list. |
Automatic it on a network and there is
no master browser – Disabled if not wanting to participate
in a browser list |
|
COM+ Event System |
Provides automatic distribution of
events to COM+ components. |
Manual |
|
COM+ System Application Service |
Manages the configuration and tracking
of COM+ based components. |
Manual |
|
Cryptographic Services |
Provides three types of services
Catalog database service – confirms the
signatures of Windows files (Window File Protection) and
whether drivers are signed correctly
Protected root service – adds and
removes Trusted Root Certification Authority certificates
from this computers
Key service – helps enroll this
computer for certificates |
Automatic |
|
DCOM Server Process Launcher |
Provides launch functionality for DCOM
services |
Automatic |
|
DHCP Client |
DHCP (Dyanamic Host Configuration
Protocol) is used to store network configuration at a
central place (DHCP server). The DHCP client will
automatically contact the DHCP server (Port 67) and acquire
what network configuration it should use. |
Automatic if using dynamic IP and on a
network with a DHCP server – Disabled if using a static IP
address |
|
Directory Replicator / File Replication
Service (FRS) |
It provides control replication /
synchronization of directories and files among multiple
servers. It is used by the Distributed File System (DFS) to
automatically synchronize file catalogs. |
Manual if on a simple home network –
automatic if running a Domain Controller (DC) |
|
Distributed File System (DFS) |
The DFS manages logical volumes
distributed across a local or wide area network. |
Disabled if on a simple home network |
|
Distributed Link Tracking Client |
Maintains shortcuts and Object Linking
and Embedding (OLE) links to target files when placed on a
NTFS partition |
Disabled if on a simple home network –
automatic if connected to a domain and uses a NTFS file
system |
|
Distributed Link Tracking Server |
Stores information so that files moved
between volumes can be tracked for each volume in the domain |
Disabled if on a simple home network –
manual if running a domain controller (DC) |
|
Distributed Transaction Coordinator |
Coordinates transactions that are
distributed across two or more databases, message queues,
file systems or other transaction protected resource
managers |
Manual if on a simple home network |
|
DNS Client |
The DNS Client acts like a local DNS
server and is used whenever an application requires to
resolve a Domain Name System (DNS) name |
Automatic to minimize traffic for the
cost of memory – disabled if not wanting DNS caching and
want every application to do their own DNS lookup |
|
Error Reporting Service |
The Error Reporting Service provides an
infrastructure for collecting, storing and reporting kernel
mode, operating system and application faults to Microsoft |
Disabled if not connected to internet |
|
Event Log |
This service tracks events and logs
them. |
Automatic |
|
Fast User Switching Compatibility (FUS) |
Allows several users to be
simultaneously logged locally on the same machine, and then
switch between each of these user’s sessions. |
Manual |
|
Fax Service |
Helps you send & receive faxes. This
service gets installed if fax capable modem is installed in
your machine. |
Manual |
|
Help and Support Service |
This service supports the Help and
Support client application and enables requests from the
client application to Microsoft’s Help and Support Center |
Automatic |
|
HTTP SSL / SSL for HTTP.SYS |
This service implements the secure
hypertext transfer protocol (HTTPS) for the HTTP service,
using the Secure Socket Layer (SSL). SSL is a proposed open
standard for establishing a secure communications channel to
prevent the interception of critical information such as
credit card numbers. |
Manual |
|
IMAPI CD-Burning COM Service |
Supports the burning of CD-ROM/RW
through the IMAPI (Image Mastering Applications Programming
Interface) without the need of 3rd party burning
software. Can be extended with WinXP PowerToy ISO Burner). |
Manual |
|
Indexing Service |
Indexes contents & properties of files
on local & remote computers; provides rapid access to files
through flexible querying language. |
Manual |
|
Internet Connection Firewall (ICF) /
Internet Connection Sharing (ICS) |
Provides network address translation
(NAT), addressing and name resolution services for all
computers on your home network, so they can access the
Internet through the shared network or dial-up connection. |
Automatic |
|
Intersite Messaging |
Allows sending and receiving messages
between Windows Advanced Server sites. This service is used
for mail-based replication between sites. |
Disabled if on a simple home network |
|
IPSEC Policy Agent Service |
Manages the Internet Protocol Security
(IPSEC) policy & starts the Internet Security Association
Key Management Protocol (ISAKMP) / Oakley Internet Key
Exchange (IKE) & the IP Security driver. |
Automatic |
|
Keberos Key Distribution Center |
It provides two services (TCPIP Port
88):
Authentication Service: Issues
Ticket-Granting Tickets (TGTS) to allow connection to the
Ticket-Granting Service in a trusted domain.
Ticket-Granting Service (TGS):
Issues tickets for making connections to computers in the
local domain for clients having a TGT. |
Disabled if on a simple home network |
|
License Logging Service |
Is used to provide license tracking on
a server or Domain Controller (DC). |
Disabled if on a simple home network.
Automatic if you have a reason MS License for your
installation. |
|
Logical Disk Manager |
Logical Disk Manager Watchdog Service
that detects the appearance/disappearance of hard drives and
partitions they contain. |
Automatic |
|
Logical Disk Manager Administrative
Service |
Administrative service for disk
management requests. This service is started only when
configuring a drive or partition or when a new drive is
detected. |
Manual |
|
Messenger |
Is used to send/show messages and
alerts on the local machine or to remote machines. |
Disabled – WinXP SP2 for security
reasons |
|
MS Software Shadow Copy |
Manages software-based volume shadow
copies taken by the Volume Shadow Copy service. |
Manual |
|
Net Logon |
Responsible for network authentication
including the following sub-components:
Maintains a synced domain directory
database between the Primary Domain Controller (PDC) and
Backup Domain Controller (BDCs). Handles authentication of
respective accounts on the Domain Controllers (DC). Handles
the process authentication of domain accounts on networked
machines. |
Automatic if connected to a domain |
|
Netmeeting Remote Desktop Sharing |
Allows authorized people to remotely
access your Windows desktop using NetMeeting. |
Disabled for security if not using
NetMeeting. Manual if using this feature |
|
Network Connections |
Manages objects in the Network and
Dial-up Connections folder, in which you can view both local
area network and remote connections |
Manual if on a simple network or using
dialup |
|
Network DDE |
Supports network transport and security
of DDE (Dynamic Data Exchange) connections |
Disabled for security measures |
|
Network DDE DSDM |
The DSDM (Distributed Share Database
Manager) manages the shared DDE (Dynamic Date Exchange)
network conversations (from shares like :
\\computername\ndde$). |
Disabled for security measures |
|
Network Location Awareness (NLA) |
Collects and stores network
configuration and location information, and notifies
applications when this information changes. |
Manual |
|
Network Provisioning Service |
Manages XML configuration files on a
domain basis for automatic network provisioning |
Manual |
|
NT LM Security Support Provider (SSP) |
Local Security Authority (LSA) for the
system (the service name is only used for historical
reasons). The LSA handles all authentication before a user
is allowed to access a resource, which can be done in
several ways:
NTLM – LM, NTLM, and NTLM2
Kerberos
SChannel – SSL & TLS
Digest |
Manual |
|
Performance Logs and Alerts |
Handles and performance logs and alerts
which are configured with Perfmon.exe. The service will stop
automatically if there is no performance data to collect. |
Manual |
|
Plug and Play (PnP) |
Enable automatic detection,
installation and activation of new PnP devices attached to
the computer. |
Automatic |
|
Print Spooler |
Is used to print files local or from
remote, and to store/send print job to available print
devices. The print spooler also allows one to pool together
several printers attached to the machine and make them act
like one printer. |
Automatic if using a printer |
|
Protected Storage |
Is used to encrypt and secure
information like this:
SSL certificates
Passwords for programs (like Outlook)
Info stored by Profile Assistant
Info maintained by MS Wallet
Digitally signed S/MIME keys |
Automatic |
|
QoS RSVP |
Quality of Service (QoS) ReSerVation
Protocol (RSVP) can help QoS aware programs and control
applets, to get enough of the bandwidth. This is done by
providing network signaling and local traffic control setup
functionality. |
Manual |
|
Remote Access Auto Connection Manager |
Automatically creates a connection to a
remote network, whenever a program references a remote DNS
or NETBIOS name of address. |
Disabled if not using a modem
connection or Virtual Private Network (VPN). |
|
Remote Access Connection Manager |
Used to connect, maintain and
disconnect dial-up and VPN connections from your computer to
the internet or other remote connctions with Internet
Protocol Security (IPSEC) for higher security. |
Disabled if not using a modem
connection or Virtual Private Network (VPN). |
|
Remote Procedure Call (RPC) |
The service provides the endpoint
mapper and other miscellaneous PRC services.
Remote Procedure Call (RPC) is a
protocol is a protocol used by the Windows operating system.
RPC provides an inter-process communication mechanism that
allows a program running on one computer to seamlessly
execute code on a remote system. |
Automatic, vital part |
|
Remote Procedure Call (RPC) Locator |
Name service provider that maintains a
database with available RPC services on the server, where
local RPC services can register themselves. A client can
then contact the RPC locator on the server to locate and
access the wanted RPC service. |
Manual |
|
Remote Registry Service |
Allows remote registry manipulation,
for authorized users. |
Disabled, for security measures |
|
Resultant Set of Policy Provider (RSoP) |
Enables you to connect to a Windows
domain controller, access the Windows Management (WMI)
database for that computer, and simulate RSoP for Group
Policy settings that would be applied to a user or computer
located in Active Directory on a Windows 2000 or later
domain. |
Manual |
|
Routing and Remote Access Service
(RRAS) |
Routing service of LAN-to-LAN,
LAN-to-WAN, virtual private network (VPN) and network
address translation (NAT). |
Disabled for security reasons |
|
RunAs Service / Secondary Logon |
Enables starting processes under
alternate credentials. |
Disabled |
|
Task Schedule |
Makes it possible to schedule a command
or program to execute at a specific time and date. This
service is also known as the AT service and is required for
the AT command. The Task Scheduler listens to a dynamic TCP
port starting from 1025, depending whether other
applications try to acquire a dynamic TCP port. |
Disabled |
|
Security Accounts Manager (SAM) |
Stores security information for local
user accounts. |
Automatic |
|
Security Center |
Monitors system security settings and
configurations |
Disabled |
|
Server |
The Server service provides Server
Message Block (SMB) service, which enables sharing of your
local resources to the network (such as printer and files).
It also enables name pipe communication between applications
running on other computers and your computer, which is used
for RPC. |
Automatic if wanting to share files and
printers |
|
Shell Hardware Detection |
It is reported that this service
affects Autoplay, which is an extension of Autorun. The
Autoplay feature allows one to specify what application to
use for a certain type of media like data and audio CD (but
also scanners and cameras). |
Disabled |
|
Smart Card |
Manages and controls access to a smart
card inserted into a smart card reader attached to the
computer. |
Manual |
|
Smart Card Helper |
Provides support for legacy smart card
readers attached to the computer. |
Manual |
|
Special Administration Conole Helper |
Special Administration Console (ISAC)
connects to a machine that has this service running. ISAC
can perform remote management tasks in case Windows on the
machine stops functioning due to s stop error message. |
Manual |
|
SSDP Discovery Service |
The Simple Service Discovery Protocol (SSDP)
enables the detection of Universal Plug and Play (UpnP)
devices on your home network. This service listens for UPnP
connections at TCP port 5000 and UDP port 1900. |
Disabled unless working with UPnP
devices. |
|
System Event Notification |
System Event Notification Service
(SENS) tracks system events such as Windows logon, network
and power events. Notifies COM+ Event System subscribers of
these events. |
Automatic |
|
System Restore Service |
Performs system restore functions that
takes images of your registry and files and enables one to
return to a previous image. It will automatically create
restore points when events like install large software
packages or service packs occur. |
Automatic |
|
TCP/IP NetBIOS Helper Service |
Enables support for NetBIOS over TCP/IP
(NetBT) service and NetBIOS name resolution. It is used for
resolving Fully Qualified Domain Name (FQDN) in Universal
Naming Convention (UNC) for NetBIOS over TCP/IP (NetBT) to
find the actual physical address. |
Disabled, if on a simple home network |
|
Telephony |
It provides Telephony API (TAPI)
support for programs that control telephony devices. The
telephony service enables applications to act as clients to
telephony equipment such as PBXs, telephones and modems. |
Manual |
|
Telnet |
Allows a remote user to log on to the
system and run console programs using the command line.By
default this service listens on TCP port 23. |
Disabled for security measures |
|
Terminal Services |
Terminal Services allow multiple users
to be connected interactively to the computer as they were
logged on locally. Terminal Services also provides the
feature of displaying the desktops and applications to
remote computers. |
Disabled for security reasons. Manual
if using Remote Desktop (Administration), Remote Assistance,
Fast User Switching |
|
Terminal Services Licensing |
The Terminal Services License Service
stores the Client Access Licenses (CALs) that have been
issued for a Terminal server, and tracks the licenses that
have been issued to client computers or terminals. If this
service is turned off, the server will be unavailable to
issue Terminal Server licenses to clients when they are
requested. If another License Server is discoverable on a DC
in the forest, the requesting Terminal Server will attempt
to use it. |
Disabled |
|
Terminal Services Session Directory |
The Terminal Services Session Directory
allows clusters of load-balanced Terminal Servers to
properly route a user’s connection request to the server
where the user already has a session running. |
Disabled |
|
Themes Service |
Provides user experience theme
management. |
Automatic |
|
Uninterruptible Power Supply (UPS) |
This service is used to supply support
for an UPS (Uninterruptible Power Supply) if such exists. |
Manual |
|
Universal Plug and Play Device Host |
Provides support to host Universal Plug
and Play (UPnP) Devices. UPnP is an extension for working
with PnP-devices not attached directly to the computer but
accessed through the network, like
scanners/Printers/Gateways. |
Manual |
|
Upload Manager |
Microsoft’s own protocol for
transferring files from your computer to Microsoft. It is
used for example by Microsoft Driver feedback to upload the
hardware profile for your computer to find the driver that
fits your computer. |
Disabled |
|
Utility Manager |
Starts and configures the accessability
tools from one window. |
Manual |
|
Virtual Disk Service (VDS) |
Virtual Disk Service (VDS) implements a
single uniform inferface for managing disks. Each hardware
vendor writes a VDS “provider” that translates the general
purpose VDS APIs into specific instructions for their
hardware. |
Manual |
|
Volume Shadow Copy |
Manages and implements Volume Shadow
copies used for backup and other purposes. |
Manual |
|
WebClient |
Enables windows-based programs like Web
Publishing Wizard, to create access and modify
Internet-based files on the Internet file servers using the
WebDAV protocol. The WebDAV protocol is a file access
protocol described in eXtendable Markup Language (XML) that
travels over Hypertext Transfer Protocol (HTTPP). |
Disabled |
|
Windows Audio |
Manages audio devices for Windows based
programs |
Automatic |
|
Windows Image Acquisition (WIA) |
Provides image acquisition services for
scanners or cameras. It is used for transferring the
pictures from a camera or scanner to the computer. |
Manual if using a digital camera or
scanner, otherwise disabled |
|
Windows Installer |
Installs, repairs and removes software
according to instructions contained in .MSI files. |
Manual |
|
Windows Management Instrumentation
(WMI) |
Windows Management Instrumentation
(WMI) is an implementation of Distributed Management Task
Force’s (DMTF) Web-Based Enterprise Management (WBEM). WBEM
is a set of open industry-defined specifications that unify
and extend the management of enterprise-computing
environment. WMI makes it possible for drivers, services,
applications to return information in form of data or events
into the CIM. |
Automatic |
|
Windows Management Instrumentation
Driver Extensions |
This service monitors all drivers and
event trace providers that are configured to publish WMI or
event trace information. |
Manual |
|
Windows Time |
Makes it possible to synchronize the
computer clock with another system using the Network Time
Protocol (NTP) on TCPIP port 123 (UDP). |
Automatic |
|
Wireless Zero Configuration |
Provides automatic configuration for
802.11 adapters. |
Disabled, if not using wireless network
with a 802.11 network device. |
|
WMDM PMSP Service / Portable Media
Serial Number |
The sevice supports the Secure Digital
Music Initiative (SDMI) and enables the WMDM (Windows Media
Device Manager) to retrieve the serial number from portable
music devices using Pre-Message Security Protocol (PMSP), so
media content can be copied securely to the device. |
Manual |
|
WMI Performance Adapter |
Provides performance library
information from WMI (Windows Management Instrumentation)
HiPerf providers to Performance Data Helper (PDH) clients. |
Manual |
|
Workstation |
The workstation service is a user-mode
wrapper for the Microsoft Networks redirector. Both local
file system requests and remote file or print network
requests are routed through the Workstation service. |
Automatic when in simple home network |
There are several very useful Microsoft Links
that will help configure these services.
Additional information about Ultraportable
Laptop Computer setups is included on our How to Choose the Right Laptop CD-ROM
In order to help in making the choice of which
laptop is the best laptop for you, I have put together a CD-ROM
entitled:
You can purchase this downloadable Adobe PDF
eBook for $14.95 or eBook CD for only $24.95 at:
By H. Court Young
December 2005
