Windows

10 Windows XP services you should never disable

Disabling certain Windows XP services can enhance performance and security - but it's essential to know which ones you can safely turn off. Scott Lowe identifies 10 critical services and explains why they should be left alone.

Disabling certain Windows XP services can enhance performance and security - but it's essential to know which ones you can safely turn off. Scott Lowe identifies 10 critical services and explains why they should be left alone.


There are dozens of guides out there that help you determine which services you can safely disable on your Windows XP desktop. Disabling unnecessary services can improve system performance and overall system security, as the system's attack surface is reduced. However, these lists rarely indicate which services you should not disable. All of the services that run on a Window system serve a specific purpose and many of the services are critical to the proper and expected functioning of the desktop computing environment. In this article, you'll learn about 10 critical Windows XP services you shouldn't disable (and why).

Note: This article is also available as a PDF download. For a quick how-to video on the basics, see Disable and enable Windows XP services.

1: DNS Client

This service resolves and caches DNS names, allowing the system to communicate with canonical names rather than strictly by IP address. DNS is the reason that you can, in a Web browser, type http://www.techrepublic.com rather than having to remember that http://216.239.113.101 is the site's IP address.

If you stop this service, you will disable your computer's ability to resolve names to IP addresses, basically rendering Web browsing all but impossible.

2: Network Connections

The Network Connections service manages the network and dial-up connections for your computer, including network status notification and configuration. These days, a standalone, non-networked PC is just about as useful as an abacus -- maybe less so. The Network Connections service is the element responsible for making sure that your computer can communicate with other computers and with the Internet.

If this service is disabled, network configuration is not possible. New network connections can't be created and services that need network information will fail.

3: Plug and Play

The Plug and Play service (formerly known as the "Plug and Pray" service, due to its past unreliability), is kicked off whenever new hardware is added to the computer. This service detects the new hardware and attempts to automatically configure it for use with the computer. The Plug and Play service is often confused with the Universal Plug and Play service (uPNP), which is a way that the Windows XP computer can detect new network resources (as opposed to local hardware resources). The Plug and Play service is pretty critical as, without it, your system can become unstable and will not recognize new hardware. On the other hand, uPNP is not generally necessary and can be disabled without worry. Along with uPNP, disable the SSDP Discovery Service, as it goes hand-in-hand with uPNP.

Historical note: Way back in 2001, uPNP was implicated in some pretty serious security breaches, as described here.

If you disable Plug and Play, your computer will be unstable and incapable of detecting hardware changes.

4: Print Spooler

Just about every computer out there needs to print at some point. If you want your computer to be able to print, don't plan on disabling the Print Spooler service. It manages all printing activities for your system. You may think that lack of a printer makes it safe to disable the Print Spooler service. While that's technically true, there's really no point in doing so; after all, if you ever do decide to get a printer, you'll need to remember to re-enable the service, and you might end up frustrating yourself.

When the Print Spooler service is not running, printing on the local machine is not possible.

5: Remote Procedure Call (RPC)

Windows is a pretty complex beast, and many of its underlying processes need to communicate with one another. The service that makes this possible is the Remote Procedure Call (RPC) service. RPC allows processes to communicate with one another and across the network with each other. A ton of other critical services, including the Print Spooler and the Network Connections service, depend on the RPC service to function. If you want to see what bad things happen when you disable this service, look at the comments on this link.

Bad news. The system will not boot. Don't disable this service.

6: Workstation

As is the case for many services, the Workstation service is responsible for handling connections to remote network resources. Specifically, this service provides network connections and communications capability for resources found using Microsoft Network services. Years ago, I would have said that disabling this service was a good idea, but that was before the rise of the home network and everything that goes along with it, including shared printers, remote Windows Media devices, Windows Home Server, and much more. Today, you don't gain much by eliminating this service, but you lose a lot.

Disable the Workstation service and your computer will be unable to connect to remote Microsoft Network resources.

7: Network Location Awareness (NLA)

As was the case with the Workstation service, disabling the Network Location Awareness service might have made sense a few years ago -- at least for a standalone, non-networked computer. With today's WiFi-everywhere culture, mobility has become a primary driver. The Network Location Awareness service is responsible for collecting and storing network configuration and location information and notifying applications when this information changes. For example, as you make the move from the local coffee shop's wireless network back home to your wired docking station, NLA makes sure that applications are aware of the change. Further, some other services depend on this service's availability.

Your computer will not be able to fully connect to and use wireless networks. Problems abound!

8: DHCP Client

Dynamic Host Configuration Protocol (DHCP) is a critical service that makes the task of getting computers on the network nearly effortless. Before the days of DHCP, poor network administrators had to manually assign network addresses to every computer. Over the years, DHCP has been extended to automatically assign all kinds of information to computers from a central configuration repository. DHCP allows the system to automatically obtain IP addressing information, WINS server information, routing information, and so forth; it's required to update records in dynamic DNS systems, such as Microsoft's Active Directory-integrated DNS service. This is one service that, if disabled, won't necessarily cripple your computer but will make administration much more difficult.

Without the DHCP Client service, you'll need to manually assign static IP addresses to every Windows XP system on your network. If you use DHCP to assign other parameters, such as WINS information, you'll need to provide that information manually as well.

9: Cryptographic Services

Every month, Microsoft provides new fixes and updates on what has become known as "Patch Tuesday" because the updates are released on the first Tuesday of the month. Why do I bring this up? Well, one service supported by Cryptographic Services happens to be Automatic Updates. Further, Cryptographic Services provides three other management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. Finally, Cryptographic Services also supports some elements of Task Manager.

Disable Cryptographic Services at your peril! Automatic Updates will not function and you will have problems with Task Manager as well as other security mechanisms.

10: Automatic Updates

Keeping your machine current with patches is pretty darn important, and that's where Automatic Updates comes into play. When Automatic Updates is enabled, your computer stays current with new updates from Microsoft. When disabled, you have to manually get updates by visiting Microsoft's update site.

New security updates will not be automatically installed to your computer.


Check out 10 Things... the newsletter

Get the key facts on a wide range of technologies, techniques, strategies, and skills with the help of the concise need-to-know lists featured in TechRepublic's 10 Things newsletter, delivered every Friday. Automatically sign up today.

About

Since 1994, Scott Lowe has been providing technology solutions to a variety of organizations. After spending 10 years in multiple CIO roles, Scott is now an independent consultant, blogger, author, owner of The 1610 Group, and a Senior IT Executive w...

66 comments
rszebin
rszebin

i thought this blog/newsletter is for people who know basically what they are doing and seek to perfect those skills. this is by far the most disappointing article I've read. besides RPC none of the above ( add Net Connections and DHCP if you are in a network) are CRITICAL. if you want to give people useful advice - tell them to put services considered not critical - and they vary greatly to MANUAL instead of DISABLED and they will be so much more gained. i have witnessed a PC running custom server/client software - obviously network with even RPC off!! there were 8 services running and that was it. lame article. go post on gaming magazines :(

Dave Pusey
Dave Pusey

I've been using Automatic Updates for years, and have never had a single problem as a result of an update. Regarding IE7 and IE8, just use the "Never show this update again" option.

stefan.smit
stefan.smit

If you only play games on your home machine and you don't even have a printer. You can go ahead and disable the print spooler.

halfey
halfey

Those are only half true. I must say most of them are only valid for networked PC but not for home computers because most home PCs are not networked and they're usually have direct connection to the internet with only modem or router in between and even in most home in the US, rarely they have home networking or network server compared to offices. Who'd need a network admin for the one and only PC at home after all? You should have categorized those for home and office PC respectively to avoid confusion. If you think about it, why would a home user enabling services s/he will never use if s/he is happen to comply with everything you stated here? By the way, all the services stated above are safe to be temporarily disabled, especially for gaming purposes (mostly offline gaming because online gaming might need some of them running). Just don't forget to re-enable them after each gaming session, if you found they are crucial to your system.

pattersonmartineau
pattersonmartineau

Unlike most of you, I'm not a computer expert: just a regular user. Waiting almost a full 8 minutes for XP to go from boot to ready was driving me insane though. I knew it wasn't a virus and I had done every maintenance procedure ever invented without any improvement. So after reading the original article about turning off services several times, I very cautiously applied the suggestions - and have now cut that time by two-thirds without any observable problems (knock on wood, of course: luckily, I guess, I didn't mess with any of those described above) Just wanted to say thank-you!

mcndev
mcndev

This list of "must never disable" services is stupid. Go do a google search for things you can disable to get correct information.

Oz_Media
Oz_Media

MY Neighbour's noteook won't burn anymore. I had a similar issue with mine, almost the same notebook that magically started working again, but not in his case. He was able to use it no problem and was "tweaking" services and startup programs one day and said it hasn't been burning disks since. I've been through his startup programs and can't see anything relevant to it. I took over my external DVD burner to try it and it went through all the paces, said it was burning, little orange light workign away etc. It finished, then ejected the disk which is completely blank and closed so you can't use it again. It seemed like SOMETHING has been disabled in his software. I removed his Ashampoo burning software, removed the CRDW from his system, reooted and let it install again. Installed Roxio (just in case it had newer files that would overwrite something disabled) and still had teh same issue. I then took ANOTHER burner over and tried that, you never know, and again same thing happened. Disk ejected completely blank, no burn can be seen on it at all, just a clean disk. HE said that sometimes it will eject a disk when he puts it in and has it check the disk for writeability first, it just says insert a blank disk. I heard there is some power management system used in older versions of Windows that isn't needed/used in Vista, and is causes thes eproblems, I'v ealso seen a registry fix of disabling the built-in burner (though I don't really want to give him my external drive), I am wondering if I get him to download this old power management driver if it will help. Any ideas?

eth0
eth0

Not sure why DNS Client is featured in this list, much less why it is at the top of the list. Disabling the DNS Client service results in DNS queries being sent upstream, so name to IP resolutions are processed by your service provider.

JonathanPDX
JonathanPDX

It would be nice to see a comprehensive list of all of the Windows Services and their usefulness/need in the day-to-day operation of the operating system in both the business and home environments.

dmeireles
dmeireles

Unless you don't have a DHCP server that registers names in the local DNS domain, NetBIOS should die the same way IE6 should.

337
337

Not sure if this is worth mentioning as someone might have allready if not this ones less crucial i gather. Indexing on the local drives. Whats the general verdict? I did w/e for a computer store once that was always disabling indexing on the drives. And i remember from the early days this could free things up a bit but on the otherside of the coin i can't help but think windows leaves it on default for a reason. No doubt to help keep track of everything especially as files tend to move around a lot. Personally i tend to leave everything on unless i discover it can be shutdown overtime without affecting anything thats needed to run long or short term. This has been the best practice so far leaning towards the old rule of if it ain't broken don't fix it. It's suprising what depends on what these days. Thanks for the good guide it might help stop those tempted to tamper who shouldn't.

swessels
swessels

Automatic updates breaks your computer!!!

pierrevdv21
pierrevdv21

Well , i have seen taht if u leave the auto updates on that some times some of the updates actully make the machine slower and less reliable , so i all ways make sure the auto updates is set to never ask , and i have found that some of the programs stop functioning after the updates has taken effect.

derek.newsbox1
derek.newsbox1

I suspect this author has never had to use a system with only dial-up access. On such, fully Auto-updates is a DISASTER. Updates Must be set to Notify ONLY. Then disasters like trying to download .NET framework at 5 Kbytes/sec can be avoided, at least until bedtime.

s_georgiev
s_georgiev

DHCP client can be disabled for home computer. Especially if it isn't the end point of network (there is a router, ADSL modem or other device connected to the I-net). Automatic updates can be disabled also. Sometimes newer updates slowdown Windows very much. Of course, if you need security, you have to update your Windows, but better via AutoPatcher. Or much better - don't connect your computer directly to the Internet, especially for LAN ISP's. I use one computer with OpenBSD as firewall and NAT for my home network. Print Spooler is almost useless, if you don't have a printer. Workstation can also be disabled for alone home computer. DNS Client is not what the author is thinking. DNS resolving is working fine without this service. Despite it's name, DNS Client is just DNS Cache, the name is not very clear. So, if you disable DNS Client, your computer will ask DNS servers (and hosts file) instead of checking local DNS cache first. This sometimes is better solution. I had old Windows 2000, that had problems with this service - after some minutes I was not able to browse Internet, because of some strange problem. After disabling DNS Client, everything works fine. I can say some words about the other services, but this is enough. The author must really learn more before writting such an advices.

Photogenic Memory
Photogenic Memory

I work in a NOC. My stupivisor is lazy and thinks it's okay. He doesn't know shit. Meanwhile every 3am when MS updates are pushed out; monitoring systems go down. I've complained a dozen times. And always it's bad timing. If you have any brains; don't do this plan updates later on. You never know what it could pssible break in the system. Lame shit.

delta-32
delta-32

before i would go on this trip i would check blackviper site first. i have managed to bring down windows startup to just seconds: see youtube on 'The fast game pc ?' my xpsp2 195mb .iso

altec812
altec812

Number 9. Microsoft patch tuesday is the second tuesday of every month :)

Neon Samurai
Neon Samurai

For a home user who will be updating by hand (preferably) or automatically (not preferred method due to getting unwanted updates also), this service should be left on. In a business environment, I would recommend disabling it. I have two handy .cmd on my admin desktop that enable and Automatic Update related services: - the system should only be updated by admin who can take the extra five seconds to enable required services then disable them afterward. - automatic update convenience does not outweigh the risk of having "critical" updates forced into your machines before appropriate testing period or at minimum, reading the reports of what the patches do and if they break anything. - if the service is disabled, users can't manually check Windows Update which is appropriate because users should not be performing updates themselves. - you'll save system resources without extra services running. What other services are those out there disabling? Here's my list easily implemented by login script or admin double click. services off.cmd - normal state @echo off rem Automatic Updates sc.exe config wuauserv start= disabled sc.exe stop wuauserv rem Background Intelligent Transfer Service sc.exe config BITS start= demand sc.exe stop BITS rem Error Reporting Service sc.exe config ERSvc start= disabled sc.exe stop ERSvc rem Remote Registry sc.exe config RemoteRegistry start= disabled sc.exe stop RemoteRegistry rem Telnet (winXP SP3 default disabled) sc.exe config TlntSvr start= disabled sc.exe stop TlntSvr rem Themes sc.exe config Themes start= disabled sc.exe stop Themes rem WebClient sc.exe config WebClient start= disabled sc.exe stop WebClient rem Windows Media Player network Sharing Service sc.exe config WMPNetworkSvc start= disabled sc.exe stop WMPNetworkSvc serviceson.cmd - temporary state during manual update @echo off rem Automatic Updates sc.exe config wuauserv start= auto sc.exe start wuauserv rem Background Intelligent Transfer Service sc.exe config BITS start= demand sc.exe start BITS rem Error Reporting Service sc.exe config ERSvc start= disabled sc.exe stop ERSvc rem Remote Registry sc.exe config RemoteRegistry start= disabled sc.exe stop RemoteRegistry rem Telnet (winXP SP3 default disabled) sc.exe config TlntSvr start= disabled sc.exe stop TlntSvr rem Themes sc.exe config Themes start= disabled sc.exe stop Themes rem WebClient sc.exe config WebClient start= disabled sc.exe stop WebClient rem Windows Media Player network Sharing Service sc.exe config WMPNetworkSvc start= disabled sc.exe stop WMPNetworkSvc (these are run against SP3 and above. use at your own risk)

Neon Samurai
Neon Samurai

If you've already mastered services then this would be an article you could add more too rather than one you'd learn from. Those who have not yet dug into the depths of the services would in turn learn from the article and from your added information. Also, if all the articles are written to the level of the alpha expert, how do those who are still learning gain? It'd be as usefull as reading academic psycology journals with only the basic understanding learned from TV. You have to present various levels of information and hope that the experts realize they rae not being forced to read it and can choose to go focus on articles expecting a higher skill level.

s_georgiev
s_georgiev

You are right. I said exactly the same with different words - read my previous post :)

Neon Samurai
Neon Samurai

Are you notifying when updates available, download but don't install or download and install? It would have to be one of the first two or manual visits to the site if your blocking updates through "do not show again". (Also, if you've blocked IE7 and IE8 but not yet gone back for the update, I'd suggest getting off IE6 as fast as you can)

RB1955
RB1955

I've inadvertantly tweaked some thing/s in the past and ended up with serious performance problems or a box requiring a complete re-install. Given the list in question, how would one check (ONLY!) that aforementioned services are at the "correct" state?

Caithleann
Caithleann

Anyone surphing the net's well-known and not so well-known niches encounters the glut of advertising. The lesser known and sometimes downright shady corners of the net sometimes unleash so-called "drive by" downloads with adware, spyware and even trojans. In order to stop this unwanted attention I use a "host file" (http://www.mvps.org/winhelp2002/hosts.htm) to simply stop 99% of all ads. This host file has grown significantly from a modest 10Kb to well over 650Kb. There are so many suspect and advertising addresses in that file that leaving the DNS Client running and searching through that host file every time you type an address in your browser would seriously hog down your computer. the DNS Client Must be disabled or you must accept all the crap that is being served to you unsolicited by the ad servers out there. Windows does not need a DNS client if your computer is NOT a server. Eth0 is correct. The advice by the author of this article is nonsense and shows his own ignorance.

cardhun
cardhun

Automatic updates should be set to: 1) "Download updates for me, but let me choose when to install them" or (2) "Notify me, but do not automatically download or install them." Never, ever, give Microsoft unrestricted access to your system. Microsoft has clearly shown themselves perfectly willing to take complete liberties with customer computers in their scandalous conduct with the introduction of Windows Genuine Advantage, falsely branding tens of millions of computers as "unauthentic" and causing hundreds of millions of dollars in unrecompensed damages to small business system integrators.

HGunter
HGunter

I agree emphatically. I have had one device get kyboshed by an update, to be restored to functionality a few months later by another update. I have had a video capture device be irretrievably non-functional after another update. And now I have a computer which has had all networking disabled by an update, which makes it kind of hard to get the update which presumably fixes it! Kind of avoiding updates now ...

shrpsam93
shrpsam93

well if u know what ur doing you should rarely have that problem, i would try installing MBSA (Microsoft Baseline Security Analyzer) and checking the updates you already have to see if there is anything wrong with them. so we already know that microsoft knows that there have been problems with microsoft update

ron_eagleheart
ron_eagleheart

What I have seen is MS has away of improving its OS that make some older programs unstable. I have also had the displeasure of software companies updating and removing features in there software I would keep. I my self turn off auto update and do it manually.

oldbaritone
oldbaritone

you are behind a NAT router. Then the router performs the DHCP with your ISP, and you can use static IP in the 192.168.x.x block and point the DNS at the router/gateway. But if your computer is connected directly to your ISP, and if you disable DHCP, you may have a difficult time getting connected and staying connected. Personally, I use DCHP with reservations on all workstations. That architecture provides the monitoring and troubleshooting advantages of static IP, while centralizing control and simplifying roll-outs of network updates like new DNS servers. Change a parameter on the DHCP server, and it rolls-out in one half of a lease time. I also dedicate a few addresses in the "unassigned" block, and monitor those for activity. It's easy to spot a rogue coming online when every legitimate user has an assigned IP. It's also easy to implement ipsec rules to enhance security against that address range.

digitrog
digitrog

I have had bad experiences with Auto-Update. ... the worst one - a "brand-name" computer which had the auto update enabled crashed after installing of XP SP2... had to uninstall all of SP2 packs until stable. then suddenly the 30 day Windows product registration warning re-enabled [computer had been working fine for 18 months prior to this] ... but when re started the computer locked up with registration expired. Tried all sort of recovery to re-enable registration, and eventually had to spend nearly 2 hours on the phone to Micro$oft to try to re-enable the registration. Since then I make sure of COMPATIBILITY to the computer before allowing any updates! ... and TURN OFF Windows AUTO Update.

david.valdez
david.valdez

Why wouldn't you just administer the machines via GPO and use WSUS (a FREE Microsoft product) for approved updates?

rszebin
rszebin

... but messing with registry is not where a "rookie" should start; so, the nature of the article is mid-level at least. there is more to installing an OS, regardless of it's vendor to make one even "initiate", which is still way from tweaking the OS. so what i am saying, is this is an article not intended for the beginners, but the manner in which is written is one, and besides, the information is presented in an useless way - it will not help the beginner nor it will the advanced. and moreover, i thought this is a place for advanced users. i don't want to say power users because some people might find that restrictive to a specific OS, in other words, for people who pretty much know what they want. i am afraid this is another site i will forget pretty soon ... too bad good quality information is so rare these days and like i once saw on a web post: you need a black belt in google to find what you are really looking for. cheers all

WNCSnoopy24
WNCSnoopy24

I was once given a PC by A "TWEAKER" to fix.. It had less than 10 services running and I honestly can't figure out how it ever got past the boot up process.. Anyway, this site heled me figure out which services I needed to restart..Hope it helps you too http://www.theeldergeek.com/services_guide.htm Tweaking can be a good thing.. it's how we learn by our mistakes! and as Neon Samurai said previously , I seem to remember something about BlackViper too lol

Data Ninja
Data Ninja

You can check what services are running by accessing either the Administrative Tools then select Services, or you can run the Computer Management tool and click on the Services section in the left panel (Select "Start" then "Run" and enter "compmgnt.msc", IIRC). The only caveat to this is that you can also Stop/Start and change the settings (automatic, manual, disable) of any given service there.

Neon Samurai
Neon Samurai

Check the blackviper website, it lists default based on version of Windows, safe setting and bare bones setting.

s31064
s31064

Actually, you're showing your own ignorance. The DNS Client is really a DNS cache, so disabling it actually causes the system to parse the hosts file every time it needs to resolve a name, thereby slowing down the computer. Of course, if you're using any computer built (correctly) in the last five years, you're not going to notice the time it takes to parse a 650k hosts file anyway.

s_georgiev
s_georgiev

As we already stated here, DNS Client is not what you think. Disabling this service turns off DNS caching in the local computer. Anyway, resolving DNS queries still works, and sometimes better without cache, as I posted before.

Neon Samurai
Neon Samurai

I frequently hyjack my own hostfile: 000.000.000.000 somesite.com If I hit http://somesite.com I know I'm getting the development site's IP. If I hit http://www.somesite.com then I know I'm looking at the public production site. Not sure this relates to your disabling DNS but it's a handy trick for those who do it to themselves intentionally.

Wcoyote1
Wcoyote1

An introduction at all. It was blatant false presentation. Windows Genuine Advantage was originally listed as an optional update, which is inherently disabled. When Microsloth realized that nobody was downloading it (because it was viewed as a "Big Brother" type scheme), they repackaged it as a critical update which is automatically selected for installation. Naturally, this caused everyone who either let Automatic Updates run on its own or just clicked Express after going to the Windows Update site to immediately have the software installed in a more covert manner. As yet, I'm still trying to figure out exactly what advantage this little annoyance provides, other than ensuring that M$ gets the money they feel they deserve.

Neon Samurai
Neon Samurai

Autoupdates is a bad idea but avoiding updates in general is also not an option with Windows security history. I generally give it a day after patch Tuesday and see what reports come back in through isc.sans.org and similar. This usually gives warning through the experiences of other early adopters. I'd recommend selecting the custom update option from Windows Update and getting your system current with the patches that are clearly updates not upgrade application versions.

Neon Samurai
Neon Samurai

I can use the router to bind network names too specific IPs. It saves manually configuring static network settings on each machine and bootable OS. I also get the machine's hostname picked up with some platforms during reinstall. With a single glance, I can see the machine types connected based on IP ranges and see guests with in the dynamic IP range. MAC addresses are easy to spoof. Obscuring machines behind dynamic IP actually decreases security and management. I wouldn't do this on a network with large numbers of machines that changed frequently mind you as the MAC to IP table management would suck pretty quickly.

Neon Samurai
Neon Samurai

While it is recommended that people upgrade to IE8, it's not a critical update. Patching vulnerabilities in IE7 is just as effective. A new browser version may be critical for MS marketing but it's not critical for the end user when the older version is still getting vulnerabilities patched. I wouldn't use this to justify sticking with IE6 but IE7 isn't yet as swiss cheese as that. In businesses, automatic updates would break any IE6 or IE7 limited webapps that users may require. IE8 isn't universally the business standard yet; actually, nor is IE7 with many webapps still only working with IE6's MS-HTML. Historically, updates that break systems, major service pack installs that go badly and patches that actually reverse previous patched vulnerabilities are not unheard of either. Still best to wait for the reports from isc.sans.org and more recently, TR's Patch Tuesday reports. A production machine should never be updated before a test machine or test VM at minimum.

griff.computerservices@ve
griff.computerservices@ve

I agree 100% digitrog! Oftentimes, in my long experience with Microsoft, these so-called "updates" can cause more problems than they are supposed to fix. One should visit the MS site and carefully read about each update and then access whether or not the update(s) are relevant for one's particular computer and/or system configuration. You've been warned friends.

chrisganderampy
chrisganderampy

I'll second that. I have to work remote from any IT assistance (I'm in a remote office in China) and an update (not even auto, it slipped in witrhout my knowing!) crashed everything. Had to rebuild completely. And the backup files were not what I expected! Now have Ubuntu and XP SP2 together just in case it happens again!

SgtPappy
SgtPappy

are the next best thing to sliced bread. I can't live with out them.

Neon Samurai
Neon Samurai

I missed putting that point in. It was meant to be related to updates within a business where updates should primarily be done through WSUS or some similar management appliance rather than Windows Update. Scripts also have some advantages though. Small businesses or individuals without a WSUS or AD server can still use the .cmd scripts. They are guaranteed to work even if AD is not pushing out group policy changes correctly. They take up no space in a build pack or on flashdrive so a tech can carry them around easily even if contracting support to individuals. They also easily document what services should be disabled by standard which was more the point of having them in my own post here. If WSUS or more industrial solutions are available, that is the better way to go but for some cases, scripting may be more applicable.

csmith.kaze
csmith.kaze

I'm all about not using Ms software, but WSUS 3.0 is fairly good at its job. Now if only gpo would push down my update schedule correctly...

uberg33k50
uberg33k50

TechRupublic used to be a place where IT people helped each other. Back when I first joined (not the date shown on my "Member Since" tag - they screwed up my account when I tried to change my email address)you could earn points by helping someone then you could use those points to get answers to your questions. It encouraged you to do research to find answers to help others and yourself first. It was great and there were areas for newer IT people and more expreienced IT people. Now we have a media circus where there always seems to be some agenda. They make usless videos that auto start when the page loads. They use stupid names like IT Nija or IT Dojo to make the utterly ridiculous articles and videos sound...worthy? To all of you that say -- "Then don't come here" or "stop reading it", I have to admit you are probably right. I guess I have been here so long that I hope that it will actually come around again to being a worth while resource and all the while I realize it probably never will. What a shame that the "journalist" in order to preserve their jobs have ruined an otherwise very good site.

Neon Samurai
Neon Samurai

It verifies that your Windows install has a valid license key so they can allow you to obtain further updates. The only advantage is that it blocks caugh illegitimate licenses from updating easily. The Geniune Advantage is that of the vendor rather than the guilty until proven innocent end user. I should clarify, I don't have an issue with them trying to validate the end user holding a valid license for software use. I just think that with the resources available and abilities of the developers they can afford, it could have been done in a much better way.

Neon Samurai
Neon Samurai

It depends on how different the hardware is though. The last time I was on ADSL I had the same setup though, little win98 box with two NIC; one to modem, one to internal hub. (win98 and hubs, that's how long ago) I've seen PPoE settings in router firmware these days but it depends on if that works for your isp or not. Sadly, ISP here have a habbit of locking users out of there hardware also. One enables wireless by default in the provided ADSL router, the SSID is obvious and they are using WEP-128; twenty minutes given an AP and client according to testing against my own router configured to like standards. The customer is locked out, the SSID is obvious, the encryption is non-existent and they are not a small obscure ISP either. Mind you, WPA/TKIP is now officially broken so it can be considered as good as WEP or OPN wifi. Time to go WPA/AES minimum with 9+ char random passkey for home users.

s_georgiev
s_georgiev

Well, my network is a little bit more complex. I have ADSL modem, but I use one old computer as router/NAT. And I don't use DHCP for my own home network - it's not needed. Also, the ADSL modem can work as router, but it has only 1 output and it is configured by the ISP to work only for one IP address (network mask /22 or 255.255.255.252). Of course, I can reconfigure it, because I am not an ordinary user, but my ISP (BTC Bulgaria - Bulgarian Telecom, almost like BT in UK) is very different from all ISPs in western countries... As example - the users here don't know credentials for their ADSL modems and in UK home users have this written right in their contract.

oldbaritone
oldbaritone

When I studied mythology, "Wizards" were usually practitioners of the "Black Arts" and were always to be feared and avoided, because they usually took some hidden price from their victim, which the victim did not realize until it was too late. Microsoft loves "Wizards" for everything. Q.E.D.

Neon Samurai
Neon Samurai

More recently, we have .NET framework support installed and enabled through a Windows update rather than properly through the Firefox plugins repository. Providing the base platform does not justify intentionally ignoring third party software delivery processes. It's also yet again an default opt in for the users. Why should only IE users have the option of .NET related vulnerabilities I guess. In over ten years, I've had one update break something on other platforms and it was distro specific; PHPBB2 updated to PHPBB3 without properly handling the transition. Given the difference in resources, MS track record should be much better than that.

blarman
blarman

Especially on servers. Any systems admin who allows automatic updates on their servers should be shot. I've encountered MAJOR problems on machines even when doing a manual update - especially ANYTHING IE related... Seriously, Microsoft. Internet Explorer is NOT a critical update - especially when all it does is mess up existing programs.

filker0
filker0

I recall an update to IE5.5 (SP1, I think) under Win2k. The update removed support for Netscape stype plug-ins. It did this silently, and was not in the release notes when it was issued. The CTO of a start-up I was working at went around one evening and updated all of the "common" PCs in the office to the latest IE5.5 service pack. An investor came in the next morning, and the web app, which used to be able to print receipts (via a plug-in) didn't work. It was embarassing. It took several days before MS acknowleged that they had deliberately removed the support for netscape style plug-ins, claiming that they were not secure enough (note that they did not plug the ActiveX holes at the same time). The security argument did not hold water, as they could have simply made a user settable option to disable them, and made "disable" the default; it was interpreted by my employer of the time (and by several entities that depended on being able to support a single plug-in for their product) to be intended to make more web-based products adopt the ActiveX model and, eventually, further supress Netscape through extension developer exhaustion.

Excelmann
Excelmann

If you have old apps which do not play well w/the current version of IE, and MS comes along and installs its next version, you may be in a world of hurt. Especially, if MS does not allow you to easily purge the new version. Besides, a netadmin should have a second Tues of every month at 1:30 PM (EST) reminder on their Outlook calendar that AUs have been released. Additionally, how are you going to run the full scan version of MSMSRT w/o manually downloading.

Gis Bun
Gis Bun

If the GPO isn't pushing your schedule correctly then you have an AD issue. Try posting your problem in Microsoft's WSUS newsgroup. Very helpful there.

Editor's Picks