Discussion on:

DOWNLOAD: Windows XP services that can be disabled

One of the most effective ways to secure a Windows XP workstation is to turn off unnecessary services. This reference sheet lists each Windows XP SP 2 service, describes each service's function, specifies whether you can safely disable the service, and outlines the ramifications of doing so.

Download and review the list:
http://techrepublic.com.com/5138-10877-5747817.html

Then join this ongoing discussion of this download and share your Windows security tips. Also, let us know if this download provided helpful information and if there's anything we can do to improve the document's content or format.

significant defferences between the list in the download and the list that shows in services.msc o xp-pro sp2

several lister in the download that don't appear, and visa-versa.

of services showing in an xp pro system with sp2 installed.

Alerter
Application Layer Gateway Service
Application Management
Automatic Updates
Background Intelligent Transfer Service
ClipBook
COM+ Event System
COM+ System Application
Computer Browser
Cryptographic Services
DCOM Server Process Launcher
DHCP Client
Distributed Link Tracking Client
Distributed Transaction Coordinator
DNS Client
Error Reporting Service
Event Log
Fast User Switching Compatibility
Help and Support
HTTP SSL
Human Interface Device Access
IMAPI CD-Burning COM Service
Indexing Service
IPSEC Services
IPv6 Helper Service
Logical Disk Manager
Logical Disk Manager Administrative Service
Machine Debug Manager
Messenger
MS Software Shadow Copy Provider
Net Logon
NetMeeting Remote Desktop Sharing
Network Connections
Network DDE
Network DDE DSDM
Network Location Awareness (NLA)
Network Provisioning Service
NT LM Security Support Provider
Performance Logs and Alerts
Plug and Play
Portable Media Serial Number Service
Print Spooler
Protected Storage
QoS RSVP
Remote Access Auto Connection Manager
Remote Access Connection Manager
Remote Desktop Help Session Manager
Remote Procedure Call (RPC)
Remote Procedure Call (RPC)
Remote Registry
Removable Storage
Routing and Remote Access
Secondary Logon
Security Accounts Manager
Security Center
Server
Shell Hardware Detection
Smart Card
SSDP Discovery Service
System Event Notification
System Restore Service
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Telnet
Terminal Services
Themes
Uninterruptible Power Supply
Universal Plug and Play Device Host
Volume Shadow Copy
WebClient
Windows Audio
Windows Firewall/Internet Connection Sharing (ICS)
Windows Image Acquisition (WIA)
Windows Installer
Windows Management Instrumentation
Windows Management Instrumentation Driver Extensions
Windows Time
Wireless Zero Configuration
WMI Performance Adapter
Workstation

I'M NOT GOING TO INSTALL SP2 on my current Win XP home network as my current sp1, firewall, router, many malware programs, and anti viral updating and scans daily have kept my network safe. Not until I buy Longhorn or a new computer with sp2 installed, will I use sp2 and the many tweaks and possible hassles I could face configuring it to my current well working network, What do you think about my plan? And will downloading your security Xp article have any beneficial facts for me, knowing I am not using sp2? Thank you very much for your reply.
Sincerely,
M. Stone, M. D.

I have no intention of using Windows Messenger and find the occasional prompts annoying. Can I disable or delete that?

When I first saw Messenger listed in this great pdf as a service I could disable, I'd originally hoped I'd found the answer to that question... but I see that it is not related to Windows Messenger.

Any guidance?

Sandra

On a clean install I just live with it for a short time until I've got the unit fully patched and loaded with at the very least one AV product. The download Messenger 7 and install it.

At this point in time you will see two messenger icons on the task bar so open the control pannel then the Add Remove Programs then the Add Remove Windows Components and remove the original Messenger. Reboot and then do the same thing but this time remove Messenger 7 from the listed programs that gets rid of it completely well at least until some git reinstalls it again and then mucks everything up!

Actually I find the Yahoo Messenger more of a problem as it is almost impossible to remove but now that you have to pay a subscription fee for Hot Mail a lot of people are using Messenger to retrieve their Hot Mail of course without it going through any AV products first. My son does this and drives me nuts with all the problems that he generates for himself.

Col

Microsoft warns that you should not delete Messenger or some programs won't work right... are there really problems?

But maybe it is worth some testing on business units before doing across the network.

I generally do this to remove Messenger from my sons computer who is a mad game player and it works perfectly until the next time he trashes an OS. Last time it was because he downloaded Messenger again and installed it and then was reading his Hot Mail through it. After I got to over 1200 infections I just wiped the HDD and reloaded after all his top scores are not important and if he wants them he'll just have to play the game again.

But I did exactly the same thing on a Work Experience persons computer here last week and it is working perfectly for her. She's a student and is doing Web Design and things like that so she pushes it pretty hard and it hasn't given her an ounce of problems since I rebuilt it for her. Even then the rebuild was only required because a GPU fan had died and seized up drawing more power than the unit could handle so the fix was to fit a bigger PS to the computer which eventually took out the Video card, M'Board and CPU. But she does have a nice blue light in the new PS.

Col

edit.. nm

Actually I'm a little perplexed at why an account other than yours has the ability to download anything. Wouldn't it be prudent, and as far as I know; an industry standard, to restrict users from doing anything other than a limited user is able to do; use the machines resources and that's it? I ask because I run across this as a consultant all the time.

1200+ infections; wow HAL...that's devastating.

Where they do not have an on site IT person and only small LAN's so for that reason they have to have a bit more access than they can of a more controlled environment.

Also that case was for my 30 Year Old Sons computer who doesn't live here with me and I refuse to let him in here to play games across the LAN. Would I like to lock it down so he could never ever install anything at all Hell Yes! But then I would be called over there on a daily basis to load something or do something with administrator privileges that he is just plain and simple unable to do with even a Power Users account which incidentally is not available on a XP Box on a P 2 P LAN. The only unit he can not trash or break in any form is the Linux Gateway machine that has monitoring on incoming & outgoing mail and even then I had to open that up to allow him greater access about the only thing he is unable to do with his 2 station + 1 Linux Box is to send bulk amounts of E-Mail which I have disabled but as he doesn't hold an active address book and only his Messenger contacts it really is a moot point. :^O

When I started here the idea was to be in semi retirement which lasted for all of 12 hours before I had a staff of 10 techs all with their own clients brought along with them so instead of only working a few days a week and playing at restoring my collection of Classic Mercedes and Ducati's the rest of the time I'm back to the 80 + hours a week and I really do not need to make more work for myself particularly when it comes to one of my kids computers which I don't have the time for and I do not get paid to fix.

Col

I meant not to impose on another admin's policies, by no means not at all, but merely to try to comprehend the philosophy behind the lack of desktop security & control concepts that end users in my line of work seem to miss so badly.

Truly HAL, this is ninety-percent of my business and without the inordinate amount of malware out there I fear that I would not have a job! Good grief, what happened to the days of the free internet when guys like us were relegated to the lab and not out fighting the good fight all in the name of baud & bandwidth?

All desktops would be locked down so tight that the end user could maybe enter some data into a D Base or spread sheet maybe write a memo in Word and that would be it.

But then I'd be constantly running around after them running Defrag and the like as well as performing AV scans and Malware scans. If I had it my way my son wouldn't have a computer at all as he sees them as nothing more than play toys which are meant to be broken and Windows is just so breakable he just can not help himself. Just to mess with his mind once I loaded Debian onto his desktop when he brought it over at 3.00 AM and just left it here without even a note. It's interesting to have the wife tear in wake me up and demand to know what I think I'm doing by leaving a computer in her way so she can not see the TV. I of course knew absolutely nothing at all about what she was complaining about but sure enough there was a computer there.

Actually I just slipped in another HDD and loaded it with Debian after reloading XP and then disconnecting his HDD's and said nothing at all when he rang asking about his computer so he came over picked it up and went home only to ring me back a few minutes latter asking how to connect the Bloody thing he hadn't even got it switched on.

But it got really funny when he wanted to know why his games just wouldn't load on it and all I could say was "Well it was working perfectly when I had it here." I then suggested that it might be a good idea not to just drop the BLOODY thing in without even so much as a note after I had gone over there for something else and removed the Linux drive and reconnected his drives I only let him stew for 5 days.

As for the majority of the end users I can practically guarantee that if you tell them not to do something they will do exactly what they have been told not to do and then the really scary ones are the ones who think that they know how to use a computer and go around enabling services that have been disabled or my favorite was fitting a wireless Hub into a wired network and leaving it wide open to all and sundry, I only downloaded their Accounting program there to get that thing removed.

Col

You need to tell your "kids" to grow up!!!!! and learn how to fix their own stupid mistakes.

"You need to tell your "kids" to grow up!!!!! and learn how to fix their own stupid mistakes."

I did try that one out once and had him over here turning the place into Chaos so we got Bugger All work done on paying jobs just running around finding the right drivers for the Plug & Pray cards that where in his unit. Honestly it's a lot easier and far less disruptive if I keep him out of the place, that way he doesn't have my techs running around fixing up his "Stuff Ups!" But at least he now keeps the install CD's that come with the Hardware in a safe place and doesn't mix them in with his hundreds of game CD's where they just disappear.

If he does it it takes him about a day to get working again and totally disrupts the place for about a week till we get everything back where it should be and is findable again. If I do it After Hours I only waste a couple of hours and everything is where it's supposed to be after I finish. So to me its a "No Brainier" on which way is the less expensive for me.

Col

WE have 4500 XP business machines installed with the messenger folder renamed and have experienced no significant problems.

Sandra,

Just go to the Program files\Messenger directory and rename it. I usually rename it to 'msgs' it will give you one error on your next reboot but after that you are done with it.

Hal,I would think that your 1200 infections come rather from windows messenger,which has nothing to do with msn messenger,There is a known flaw in windows messenger,whereby you get spammed as it were!!The best way to disable it is to rename it as suggested,whereby you do not uninstall the program as it may have depedancies,which rely on windows messenger,I renamed my windows messenger to "messengeroff" and never had an error message on a reboot!!Windows Messenger is only secure if you are on a closed LAN with a corporate or some such other firewall,with internet access through a secure,local server.
I am a beta tester for MSN Messenger7.0 and as far as I/we know there are no spamming/popup problems with MSN Messenger7.0.0813

MS AntiSpyware after install will ask if you want to disable windows messenger-works for me!
-max

ad-aware has an add- on tool that blocks it (all free)

Tried for 2 days - popup blocker off other downloads from site work - ideas?

If the download doesn't start. When I do that in IE, Firefox or Opera it always opens another Window with the PDF file in it readable and savable from there.

Col

Thanks for trying to help but many are experiencing the same problem as alan1towers. It may be a usage or commitment problem, or a technical one. I am only using a dialup connection so it might be a timeout, but i am not sure.

most of the time, that "click here" does not even show up. I finally figured out something was wrong, so I held down the CTRL key to temporarily allow pop ups. Finally, the "click here" thing appeared. but the rest of the time I was going crazy with the stupid Tech Republic downloads. They really need another system that does not rely upon pop ups and crap. So many people block them and for good reason! I have THREE pop up blockers -- one from Windows, one from my Google toolbar and one from Spyware Doctor. Plus, no scripts can run without my approval. I think Tech Replublic uses all those!

Iit seems obvious, but if no link open the pdf, rightclick and choose save target. Just a hint for the ones temporally unfocused as I sometimes am.

edit: I almost forgot to point that I received a message of corrupt or damaged file when I tried to open the file from the links; "right clicking" worked and the file is good.

I dont get the button to download just one that says 'continue viewing' and no matter what i left or right click I don't get the download. This is the second or third article I've had the problem with and they all have the new format.

I dont get any button nor link for download same as alen1towers.

So rightclick menu options for save as.. on links are not applicable.

So please can someone tell me where or how to download the list other then from :
http://downloads.techrepublic.com.com/5138-10877-5747817.html?tag=search

Best Regards,
SailorMomo

The only download option is a buton titled "Continue to view". If I click on it the page simply refreshes! I've turned off pop-up blocking. I've tried different browsers - all with no success.

I used to be able to get downloads before they changed to this format.

How can I get the downloads now?

I was starting to think the problem was "ME" and that I just kept missing something. Nice to know I'm not the only one having problems with this download

It's reassuring to know I'm not the only one with this problem, but it's still immensely frustrating. What's worse, is that *none* of the download pages seem to be working. Either I get the "Continue Viewing" button, or a page with all the trimmings, but no content. Sometimes, when I'm really lucky, I get the "If a new page doesn't open, click here" link. It doesn't actually _work_ (just opens a blank page), but at least it's a step in the right direction. And don't even get me started on the login prompts beneath the "Hi Kerry" page headers....
I'm wondering whether I shouldn't just unsubscribe, rather than clutter up my inbox with a bunch of links that are of no use to me

Log out & log back in. The last update apparently made some changes & you will have to update your cookie.

I click on the link and a new page opens telling me I need to log. (Access to this feature requires a free TechRepublic membership)

The page header recognizes that I am already logged in. (Welcome Nick | Log Out | etc. Note: Page source saved, available on request.)

Logging in on that page takes me to a page asking for emplyment information, etc. This is the same BS page that comes up for my old "transferred" ZDNet login. I thought I had fixed the cookie problem created by the ZDNet/TR merger, but maybe I am wrong.

All I know is there is a major problem here and all of the standard solutions either don't work or aren't available.

The same happened to me. I downloaded then using firefox but now I have only the continue viewing button appearing. Maybe it a punishment.

FYI: In your listing, you show that windows updates should be enabled, however, you show the suggested setting for BITS as disabled, even though you state that BITS is required for update services, I think the chart should show BITS as enabled, for the suggested setting. You would'nt have updates enabled and BITS disabled, would you now!

I?m sorry but your article doesn?t show how to disable the services

Frustrated with Microsoft's DNS Caching mechanism as well as worried about the threat of DNS cache poisening we started disabling the DNS Client Services on workstations in our test lab. So far, all of them are working perfectly.

I know this is counterintuitive to disable but I wanted to see if anyone else is experimenting with this.

Thanks.

As I'm testing Thin Clients off a Unix Cluster so I can not do without DCHP but then again it's not MS so I'll probably be A OK!

Col

Can't live w/out my DHCP... DNS in our lab and on my workstation continue to work fine when Windows DNS client is disabled.

We're now running all WinXP Pro workstations in a Win2003 Mixed Mode environement w/out the DNS Client service running w/out any known side effects.

I think the author Scott Lowe jumped to conclusions about how Microsofts' DNS client functions. I understand his conclusions but coming from a Unix background and using FreeBSD as my primary workstation I've yet to find a good explanation for running MS's DNS client.

I would like others to try this out and let me know if there are unknown side effects.

Hello.

AFAIK the MS DNS client service on Windows XP clients is on only useful if you have Active Directory enabled on your LAN.
I have not. So I disabled it. However, I have a "classic" DNS server under Linux and my XP client is pointing to it. No problem.

--
cmic
Sysadmin Unix & Windows

Internally we run Active Directory on Windows2003 servers. I have domain membership on my client WinXP machine and can do everything w/ my DNS Client disabled that I could with it enabled.

The only difference I can see is that I am less likely to fall victim to DNS cache poisoning exploits.

You bring up a point though, perhaps it is needed for older Windows DNS implementations or for sites that are still using WINS.

We do run our domain contollers in mixed mode but we do not run WINS... thank God!

Hello, I find that I can no longer switch users after applying disable to the points suggested in this artical. Nor am I able to find the one that turned this feature off. Can you help?

Mikeq

Does anyone know of a similar guide for the services that can be disabled in linux? I am often tempted to disable the NFS daemon but I'd like to know what might be affected by this action beforehand.

Thanks for all the work. Makes for a good reference.

respected sir,
i m not able to download the clip of this content. pls help me out