Every version of Windows has shipped with a core set of system services that must run so that the system can perform basic operations. However, your organization may not necessarily need to have all the services running, and disabling unnecessary services can enhance performance and security. I put together a list of 13 services you can disable on your Windows 7 systems that will probably not negatively affect your business operations at all.
I say “probably” for a reason. Before you take drastic action, such as disabling a service on every PC in your organization, make sure that the service you’re disabling is not actually in use. This article makes a couple of broad assumptions: that your company doesn’t need to share Windows Media files and doesn’t use Windows 7’s HomeGroup features.
This is not a definitive list of services that can be disabled; these are just some obvious ones. Read carefully and make sure you test changes before deploying them across your organization.
1: IP Helper
Windows description: Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo) and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer.
Why this can be disabled: Many organizations haven’t even started testing IPv6, much less fully deployed it. As indicated in the service description, the IP Helper service is leveraged in IPv4-to-IPv6 transitions.
2: Offline Files
Windows description: The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state.
Why this can be disabled: If your organization doesn’t use the Offline Files feature found in both Windows client and server products, this service can be safely disabled. Obviously, if you are synchronizing files across the network, you shouldn’t disable this service.
3: Network Access Protection Agent
Windows description: The Network Access Protection (NAP) agent service collects and manages health information for client computers on a network. Information collected by the NAP agent is used to make sure that the client computer has the required software and settings. If a client computer is not compliant with health policy, it can be provided with restricted network access until its configuration is updated. Depending on the configuration of health policy, client computers might be automatically updated so that users quickly regain full network access without having to manually update their computer.
Why this can be disabled: If you’re not doing network-based remediation or if you’re doing remediation with a third-party tool that doesn’t leverage the NAP client, this service can be disabled.
4: Parental Controls
Windows description: This service is a stub for Windows Parental Control functionality that existed in Vista. It is provided for backward compatibility only.
Why this can be disabled: Corporate networks rarely used Vista’s Parental Control functionality. Further, this is a legacy service from Windows Vista.
5: Smart Card
Windows description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
Why this can be disabled: If your organization does not use smart cards for authentication purposes, you can safely disable this service.
6: Smart Card Removal Policy
Windows description: Allows the system to be configured to lock the user desktop upon smart card removal.
Why this can be disabled: If your organization does not use smart cards for authentication purposes, you can safely disable this service.
7: Windows Media Center Receiver Service
Windows description: Windows Media Center Service for TV and FM broadcast reception.
Why this can be disabled: In most corporate environments, TV and FM broadcast reception on desktop computers is not considered a “business critical” item that needs support, and it’s often not allowed anyway. You can disable this service to save some resources.
8: Windows Media Center Scheduler Service
Windows description: Starts and stops recording of TV programs within Windows Media Center.
Why this can be disabled: Likewise, there’s no need to record TV programs in a corporate environment.
9: Windows Media Player Network Sharing Service
Windows description: Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play.
Why this can be disabled: On a corporate network, Windows Media Player doesn’t have nearly the place it might have on a home network. Disabling this service will have no impact on business activities.
10: Fax
Windows description: Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network.
Why this can be disabled: If your organization is not using a network-based faxing service, disabling this service will have no business impact.
11: HomeGroup Listener
Windows description: Makes local computer changes associated with configuration and maintenance of the homegroup-joined computer. If this service is stopped or disabled, your computer will not work properly in a homegroup and your homegroup might not work properly. It is recommended that you keep this service running.
Why this can be disabled: It’s highly unlikely that a business organization — except a very small one — is using HomeGroups as a way to share resources on a network. It’s almost always safe to disable this service in a business setting.
12: HomeGroup Provider
Windows description: Performs networking tasks associated with configuration and maintenance of homegroups. If this service is stopped or disabled, your computer will be unable to detect other homegroups and your homegroup might not work properly. It is recommended that you keep this service running.
Why this can be disabled: As noted above: Only very small organizations are likely to use HomeGroups to share resources on a network, so it’s almost always safe to disable this service in a business setting.
13: Tablet PC Input Service
Windows description: Enables Tablet PC pen and ink functionality.
Why this can be disabled: The vast majority of PCs that are deployed to users do not have hardware that can leverage tablet-like capability. This service simply uses system resources with no possible benefit.
Other services?
Are there other Windows 7 services your organization has disabled without negatively affecting business operations?