Windows

10 services to turn off in MS Windows XP


As I pointed out on 19 October, in point number four of the article 10 security tips for all general-purposes OSes, an important step in the process of securing your system is to shut down unnecessary services. As long as Microsoft Windows has been a network capable operating system, it has come with quite a few services turned on by default, and it is a good idea for the security conscious user of Microsoft's flagship product to shut down any of these that he or she isn't using.

Each version of MS Windows provides different services, of course, so any list of services to disable for security purposes will be at least somewhat particular to a given version of Microsoft Windows. As such, a list like this one needs to be identified with a specific Microsoft Windows version, though it can still serve as a guide for the knowledgeable MS Windows user to check out the running services on other versions as well.

If you are running Microsoft Windows XP on your desktop system, consider turning off the following services. You may be surprised by what is running without your knowledge.

  • IIS -- Microsoft's Internet Information Services provide the capabilities of a Webserver for your computer.
  • NetMeeting Remote Desktop Sharing -- NetMeeting is primarily a VoIP and videoconferencing client for Microsoft Windows, but this service in particular is necessary to remote desktop access.
  • Remote Desktop Help Session Manager -- This service is used by the Remote Assistance feature that you can use to allow others remote access to the system to help you troubleshoot problems.
  • Remote Registry -- The capabilities provided by the Remote Registry service are frightening to consider from a security perspective. They allow remote users (in theory, only under controlled circumstances) to edit the Windows Registry.
  • Routing and Remote Access -- This service bundles a number of capabilities together, capabilities that most system administrators would probably agree should be provided separately. It is rare that any of them should be necessary for a typical desktop system such as Microsoft Windows XP, however, so they can all conveniently be turned off as a single service. Routing and Remote Access provides the ability to use the system as a router and NAT device, as a dialup access gateway, and a VPN server.
  • Simple File Sharing -- When a computer is not a part of a Microsoft Windows Domain, it is assumed by the default settings that any and all filesystem shares are meant to be universally accessible. In the real world, however, we should only want to provide shares to very specific, authorized users. As such, Simple File Sharing, which only provides blanket access to shares without exceptions, is not what we want to use for sharing filesystem resources. It is active by default on both MS Windows XP Professional and MS Windows XP Home editions. Unfortunately, this cannot be disabled on MS Windows XP Home. On MS Windows XP Professional, however, you can disable it by opening My Computer -> Tools -> Folder Options, clicking the View tab, and unchecking the Use simple file sharing (Recommended) checkbox in the Advanced settings: pane.
  • SSDP Discovery Service -- This service is used to discover UPnP devices on your network, and is required for the Universal Plug and Play Device Host service (see below) to operate.
  • Telnet -- The Telnet service is a very old mechanism for providing remote access to a computer, most commonly known from its use in the bad ol' days of security for remote command shell access on Unix servers. These days, using Telnet to remotely manage a Unix system may be grounds for firing, where an encrypted protocol such as SSH should be used instead.
  • Universal Plug and Play Device Host -- Once you have your "Plug and Play" devices installed on your system, it is often the case that you will not need this service again.
  • Windows Messenger Service -- Listed in the Services window under the name Messenger, the Windows Messenger Service provides "net send" and "Alerter" functionality. It is unrelated to the Windows Messenger instant messaging client, and is not necessary to use the Windows Messenger IM network.

On your system, these services may not all be turned on, or even installed. Whether a given service is installed and running may depend on whether you installed the system yourself, whether you are using XP Home or XP Professional, and from which vendor you got your computer if MS Windows XP was installed by a vendor.

With the exception of Simple File Sharing, all of the above listed services can be disabled from the same place. Simply click on the Start button, then navigate to Settings -> Control Panel, open Administrative Tools, and from there open the Services window. To disable any service in the list, double-click on its entry in that window and change the Startup type: setting. In general, you should change services you are turning off for security purposes to a "Disabled" state. When in doubt about whether a given service is necessary for other services, check the Dependencies tab in the service's settings dialog.

Obviously, this is not a comprehensive list of everything running on your computer that you may want to turn off. It is merely a list of ten items that you most likely do not need to have running, and constitute a security vulnerability if left running. Most users will never have need of any of the services in this list, once the computer is up and running. Other services may be disabled without ill effect as well, though you should research each item in the complete services list before you disable it to ensure that you actually do not need it running. Some of them are quite critical to the normal operation of your system, such as the Remote Procedure Call (RPC) service.

Every running -- but unused -- service on your machine is an unnecessary security vulnerability. If a service is not important at all for authorized users and basic system functionality, turn it off.

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

74 comments
Joanne Lowery
Joanne Lowery

I Have to take issue with one of the services Chad discusses. The Universal Plug and Play is not the ubiquitous Plug and Pray service used for hardware installation. Upnp is used to identify networked devices, usually routers etc, so that a common set of protocols can be configured (by UPnP) so that the end user doesn't need to dirty their hands with router configs and firewall settings. True, UPnP is dangerous if left to its own devices, or worse left to a Worm or trojan to configure. I don't take issue with disabling the service, just the reason given.

kyhog2001
kyhog2001

If you are a web developer, i think you should not disable IIS

brad.helms
brad.helms

The problem we are experiencing is that when you turn of 'Simple File Sharing' then reboot it is turned on again. Any help on this would be appreciated

jp
jp

I have had several installs fail without the Remote Registry service running. Even in the "Manual" state, it won't be started. So, before you shoot yourself in the foot, make certain to take note of why future application installs may fail with no decent error message as to why.

Mattster67
Mattster67

I have no vested interest in either. I use Crap Cleaner for regular maintainence and to clean up stuff like hotfix installers. I use XP Lite to remove Internet explorer and the IE Html engine from Windows completely once I install Firevox. I also remove Windows media and use VLC for video playback. You can also try Nlite to remove things from Windows

Systems Magician
Systems Magician

IPSEC is another service you can turn off if you do not use IPSEC VPN. Also Wireless configurations/services if you do not have a wireless card.

rwbyshe
rwbyshe

Do you feel these modifications are totally necessary?

JCitizen
JCitizen

I can use all the security knowledge I can get.

Joanne Lowery
Joanne Lowery

Hi Brad, are you operating in a security domain (with an AD)? If so, then there is probably a default Group Policy Administrative template value that is resetting the PC File Sharing parameter. Check the "Default Domain Policy" settings: ComputerConfig-WindowsSettings-SecuritySetting=LocalPolicy-SecurityOptions. Set the "Network Access: Sharing and Security model for local accounts" to "Classic - local users authentica as themselves". Once the GPO is pushed to the workstation it wil always collect this setting at startup.

apotheon
apotheon

Are you using XP Professional? How exactly are you shutting it off? How are you checking to see if it is still running? Is this a personal system over which you have sole control, or does someone else have access to it? Does this happen if you unplug the network cable, then turn off simple file sharing, then reboot the system? The fact that "simple file sharing" is turning itself back on is certainly not expected behavior. The problem is figuring out why it is misbehaving (or whether it's behaving, but someone else is misbehaving in some manner).

Tony Hopkinson
Tony Hopkinson

If it needs the remote registry service to install, don't install it. It's either bent or crap. That goes on my list right next to. If this web site isn't functional please turn your firewall off. If there was a real need for an install to use remote registry and I was writing an installer. I'd check for it. Put up a message with the fault, and explain very carefully why it was required and the potential downside of doing so. Actually that goes for any service any program is dependant on, I despise installers that only 'work on my machine'. If they are that slipshod, what other glaring errors are in there.

Raymond Danner
Raymond Danner

Poorly-written installer, then, or you're doing something funky that makes the installer think you're installing across a network. My suspicion is the former more than the latter. I have run into programs that, for some unknown reason, will not run at all unless you're in administrator mode. Again, really, really poor design, since any properly-coded program should run (in some capacity) even in Limited-User accounts. To help secure my network, I run as many of my XP machines as either Limited-User (if it's to be used by my nephews or other not-so-knowledgable people or Power User for when I'm using the machine in question.

JCitizen
JCitizen

I would patch the machine even if I didn't use IE because maleware can use Explorer to initiate code execution; it doesn't aways need a functional Internet Explorer to do this. I don't know if you can use Windows patch installers downloaded manually and saved to a file to install security patches to the OS without IE or not; don't remember trying it.. I do prefer using a service pack disk or any method other that going out on the internet to do it.

Raymond Danner
Raymond Danner

Believe it or not, there are sites all over the Internet that are still coded to only work properly using IE. This is criminal, IMO, but using IE-Tab in Firefox is pretty handy. Programs that force-load MSIE ought to be banned, though. CCleaner is a good tool, yes. Nlite and XP Lite I've not heard of before today. I agree that VLC is a useful (and powerful!) video player, though. I've seen it play things no other video player would touch, allowing me to preview the file as it came across, often allowing me to determine if the rest was worth downloading. In many cases, that's a definite no, especially since most video files are large even by today's standards.

Data Ninja
Data Ninja

The only problem with your solution is that there are an incredible number of applications that use the IE html engine to display help and other information in their window panes. Your solution would require spending a great deal of time finding alternatives to anything that required the html engine, no?

Data Ninja
Data Ninja

I wholeheartedly agree with you on disabling the Wireless service. In my early adoption of XP (pre-service packs) my computer had both wired and wireless connections available, but I was connected via Ethernet. During some problems I was experiencing I found that someone had been using my wireless to gain free internet access until I disabled it! Of course I could have done other things to secure my wireless connection, but since I wasn't using it there was no need to let it eat resources. The current security model (post - SP2) configurations keep intruders out, but still, if you're not using it, why keep it?

apotheon
apotheon

(NOTE: Much of the following may seem irrelevant to the preceding post. This is because the person who posted it edited what he said after I responded, eliminating much of the context.) The article's point had little or nothing to do with system performance concerns. A couple of people who have responded to you already pointed out that there are security concerns as well as performance concerns at issue. I'll make that point a little more directly: The entire point of the article is to provide people with information they can use to increase system security. Performance was not a primary concern here in part because this is TechRepublic's IT Security blog, but more because, all else being equal, [b]security is more important than performance[/b]. The best reason to turn off simple file sharing has nothing to do with eking out a few extra clock cycles from your CPU for tasks you want to complete quickly, and everything to do with keeping unauthorized outsiders from accessing your filesystem network shares and gaining a foothold on your computer that can be used to escalate privileges and wreak havoc you probably haven't even considered possible yet. Please go read the article again, and take careful note of the reasoning behind shutting down unneeded services on your MS Windows machines. This is not about getting better frame rates in World of Warcraft (though that's a benefit of shutting down unnecessary processes too), but about [b]protecting yourself, your system resources, and your data[/b] from malicious security crackers.

Raymond Danner
Raymond Danner

Anything you do to a slower, less capable machine will also speed up a newer, more beefed-up machine. And most of this set concerns securing the OS against hackers, which is a very excellent idea.

billballew
billballew

There is that need... Often, I am in a crunch to get a project out and oopps! - MS or someones underware has eaten up the processor, or lucallback has torpedoed my chances for making a deadline - or eny one of a dozen other processes that decide it "needs to check RIGHT NOW if it needs to update the software!" I often run a program called EndItAll to clean out the system before doing a compile or something. I have also been known to diconnect the network cable. - Note- I try to keep the adware, etc down AMAP. AND - do I really need ituneshelper in the system when I'm in desparate need of all the processor I can get?

Richard.Benkov
Richard.Benkov

From a resource standpoint no....but some of these items can be a security issue allowing others to mess with your machine and thats why they need to be controlled.

cathysgardens
cathysgardens

The easy way for me is Start and then right click My Computer and click manage and then go to services double click each service and it will show you Start up type and then then arrow will show you manual, disable,and automatic. I was told to never disable anything from the task manager processes or the msconfig services. And also I only disable one thing at a time so as you know what the problem is at next boot, if you needed the process (like plug and play I guess I needed it for dial-up which I don't understand why but I couldn't get on line till I enable it again) I also disable BITS (background intelligent transfer services) and twice now I had to enable it again only temporary but whatever I was doing told me about enabling it again.

netdok
netdok

Why not use, "Start", "My Computer" "Manage" and then click on "Services" instead of all the typing ?

netdok
netdok

Why not use, "Start", "My Computer" "Manage" and then click on "Services" instead of all the typing ?

WNCSnoopy24
WNCSnoopy24

Using msconfig is fine if you want to quickly see which services are running or not. There is another method to veiw and make changes to services; Start/Run/services.msc. You can also check out: http://www.theeldergeek.com/services_guide.htm he has a great, highly detailed list of the services with the default and recommended settings. Hope this helps.

JoeD.
JoeD.

Click, Start > Run. In the open window type services.msc and click OK For those that prefer keyboard commands hit the WindowsKey+r.

Drive Guy
Drive Guy

You can get to services using msconfig. Plus you get to uncheck all those unwanted startups in another tab. Type msconfig in the run box. Start/Run/msconfig

chris.green
chris.green

you wont see them listed by name like this in task manager they will be running under the "services" process. Go into computer management and click on services to see these as they are services.

Chris_Muncy
Chris_Muncy

From the article: "With the exception of Simple File Sharing, all of the above listed services can be disabled from the same place. Simply click on the Start button, then navigate to Settings -> Control Panel, open Administrative Tools, and from there open the Services window. To disable any service in the list, double-click on its entry in that window and change the Startup type: setting. In general, you should change services you are turning off for security purposes to a ?Disabled? state. When in doubt about whether a given service is necessary for other services, check the Dependencies tab in the service?s settings dialog."

JCitizen
JCitizen

and if we couldn't upgrade or patch an application to work in restricted mode; we changed brands/vendors. We even had to trash an expensive data base that had been purchased a fews years earlier because the company refused to work with us. It was a major project to migrate out of that mess, but there was no choice to stay HIPAA compliant. We also had lot of fuffled feathers after all our "power users" lost their priveleges. But you know what? - No more problems!(either)

JCitizen
JCitizen

but of course if your using WPA2 and implementing it properly no one should be horning in on your connection. But of course as you said you don't need it. With wireless becoming so ubiquitous now there will be fewer and fewer people who do not use wireless. Even wireless router/firewalls are getting cheaper than wired models.

crs2
crs2

I looked at a few sites including this site. Where is it available?

TheVirtualOne
TheVirtualOne

I love that program! Thanks for bringing it back to me! I just downloaded it again!

mrcisco
mrcisco

You can also right-click on "My Computer" and select "manage" to get to the Computer Management console. From there you have access to all sorts of useful stuff.

coleca
coleca

Follow the above instructions, but use "mmc" vice "msc". You will need to go into the file menu and add/remove snap-in, then select services, add it, then close out.

No name specified
No name specified

msconfig is a great way to troubleshoot startup problems... not only can we easily look at the list of non-MS services--sometimes useful, but it also gives an extremely easy visual of what changes we have made, without the risk of forgetting (or being too cocky/lazy) to jot them down... don't forget that in some cases it is best to make one change at a time and reboot after each... if something goes wrong at bootup, we know exactly which one is the culprit. Cheers

No name specified
No name specified

msconfig is a great way to troubleshoot startup problems... not only can we easily look at the list of non-MS services--sometimes useful, but it also gives an extremely easy visual of what changes we have made, without the risk of forgetting (or being too cocky/lazy) to jot them down... don't forget that in some cases it is best to make one change at a time and reboot after each... if something goes wrong at bootup, we know exactly which one is the culprit. Cheers

Piffer
Piffer

I was just going to rant like a m0f0, but that's just a waste of time. I think it's good that n00bs (a.k.a. beginners) learn some stuff from these TechRepublic articles. - Piffer

Tony Hopkinson
Tony Hopkinson

Oh I'm a manager, therefore a power user, therefore I should have more access than some lowly tech.... I think it was a mistake to call them privileges....

jmgarvin
jmgarvin

I almost goatced you, but I thought better of it... :-)

No name specified
No name specified

Two points to make: 1.- How did this discussion turn into the best and shortest way to access "Services"? Is this the best you can reply about this article? 2.- For those who are obsessed with trying to do wnything in one keystroke or mouse click, be creative and copy the shortcut onto the desktop, quick-launch, and/or pinned-items, then you can clock yourselves to see how long it takes you to click it open.

s31064
s31064

The best place to start would be learning to read. I can understand not knowing how to disable a service if the article simply said "use the services console to disable XYZ", however it very explicitly tells you where and how.

apotheon
apotheon

The way MS Windows limits how much control the user has over the system, your choices are two-fold: 1. articles that, to some people, look absurdly elementary (beginner-level) in nature, while they may be very useful to others -- even others who are experts in IT fields not covered by that article 2. no articles about MS Windows

Photogenic Memory
Photogenic Memory

I learned something from it. I don't know everything and probably won't. It's places like this that allow people like me to learn from expert advise. Despite your condecension; I will continue to do so without your consent or ridicule. Please be more respectful. Good behavior does get reciprocated and this world needs more of it. Be apart of solutions instead of the problems.

mikeholli
mikeholli

First off, the names (nicks) you use makes me think you 2 are a couple AOL wanna learn how to }{ax()r, or even be script kiddies!!! Let me set you straight, the Editors, and writers have set up THIS as a help forum! So that if someone knows how to, or a better way of, we could share it with one another. If you want to think them Noobs, let me ask the 2 of you.. How do you set the Amiga O/S to display the graphic accountability function? OK, that might be to hard for you, tell me how to get a Commodore Vic20 to scroll the inventor(s) names, and likeness! REMEMBER WE ALL WERE NOOBS AT ONE TIME!!!!

K.Grass
K.Grass

The man is right! And besides, and as every Windows install is unique, go to Blackviper's web site to research these services: http://www.blackviper.com

WNCSnoopy24
WNCSnoopy24

Seems the forums would be useless if everyone knew it all. Educated, informative replies are appreciated by us "n00bs".. We all have to start somewhere and we should be playing on the same team.

Roc Riz
Roc Riz

I was ALSO going to go off, but I guess the n00bs need some help.