Disabling services (no, you might like this)

O

O[H]-Zone

[H]ard|Gawd
Joined
Mar 28, 2003
Messages
1,465
There has been a lot of debate on the subject of disabling unneeded services in the past, and this is intended to be an overall view of the subject. I have divided the topic into four areas: security, resources, stability and useability.

Security
In the end, security means not letting someone access resouces on your computer that you have not allowed. The best way to accomplish that is to:
Install and enable a firewall program, or use the one supplied with Windows XP service pack 2.
Install and enable an anti-virus program with real-time protection.
Install Ad-Aware SE, Spybot S&D and Microsoft anti-spyware.
Scan regularly (depends on your habits) with the anti-virus program, as well as the anti-spyware programs.
Update the above programs and use Windows Update once a week.
Disabling unneeded services is another way to decrease the likelihood that someone can gain unintended access to your computer. It is not a replacement, nor a substitute for any of the above; instead it can be thought of as "hardening" the computer. Think of it as the last 2% of the security picture. For most people, it would be considered optional. Every situation is different, and each user has to decide how much security is enough. If you're connected to the "full" internet this would be more important; if you're behind a NAT router, much less so.

(GreNME) - The last thing that I'll submit (edit) is the possibility to run as much as possible on a limited user account. For those who game or use programs that require admin privs, the easy way around most of that is finding the directories that the game or program needs read or write privs to and adjust the privs specifically for that user (I don't suggest doing so for the group, but on a machine with many users this may be more practical). One could even make a special profile from which to do the gaming and another to do other stuff in order to better sandbox the system from different tasks crossing over into territory that would make vectors for exploits more likely. A key element in security is that mentality of keeping separate sections or tasks separate with as little bleed-over as possible, and only as necessary (think "need to know basis"). It's a bit of extra work for those who want to do the tweakage deal, but I'm willing to bet that in the long run it would be totally worth it.

Resources
Two contrasting statements best describe the effect on system resources of disabling unneeded services:
You can save system resources by disabling unneeded services.
It isn't going to be much.
A service set to run as "automatic" starts when Windows starts, so it has to (by definition) use processor cycles and RAM. After a period of time if the service is not being used, it is paged out of RAM. From that point on, it would be correct to say that the unused service effectively uses no system resources (excluding pagefile space). That being said, the gains from disabling unneeded services are very small; the user would likely never notice the processor cycles used to load the service(s) into memory, and then transfer it/them to the pagefile. The amount of memory saved is small; on the order of 20MB (of course, it depends on the services chosen. And this excludes System Restore service; that thing's a resource hog <1><3>).
NOTE: Some people have reported that the savings in RAM has allowed a specific program or game to run faster for them, because without the services loaded the program has just enough more RAM available to eliminate some paging. But this situation is rare.

Stability
Again it seems that two contrasting statements best desribe the effect on stability of disabling unneeded services:
It is very rare for disabling unneeded services to cause a problem. (well, think about it...if it causes a problem, it was needed!)
That doesn't mean it can't, and it doesn't mean you can't make a mistake when you decide one isn't needed.
This is a case of doing your homework. Do searches. Check the links at the bottom of this post. Don't go by any one source, check as many as you can. Only disable one service at a time, so you can return to a previous configuration if there's a problem. And always be careful about dependencies; some services are dependant on others to be able to run. When in doubt, try setting the service to "Manual"; that way it can be started (sometimes) if it is needed <2><4>. Again, every situation is different, and each user has to decide how much risk he/she is willing to take. If you have no real reason to or interest in disabling services, leave them as they are for maximum stability. If you have other reasons for wanting to disable some services, you must be willing to take a small amount of risk toward that end.

Useability
There is no positive aspect to disabling services as far as useability is concerned...there's no way more things are going to work with fewer services running. If your main concern is that everything works; printers print, wireless devices work, programs have everything they need, etc., etc. then leave the services on their original settings. If you are careful, do research, and experiment with one service at a time it is possible to disable some services and still have everything you currently use work, but that does not guarantee that things you add in the future will also. As always, every situation is different, and each user has to decide the level of useability he or she is most comfortable with. For someone who frequently makes changes or uses his/her computer for many roles this would be more important; for someone who doesn't make many changes or uses his/her machine for a limited number of roles it would be less so.

(GreNME) - Also, I would recommend keeping the System Restore on the whole time when making such changes, as in the event something is borked in a way that hinders booting back up to fix it the System Restore can play a huge role in keeping stress and blood pressure down. If someone still really thinks that they can completely do without the ability to roll back, there's nothing wrong with making System Restore the dead last service on the list to stop.

As is always the case, you must decide for yourself if the potential benefits are worth the potential risks.

Notes:

<1> - (Phoenix86) This is an active program, so it doesn't get paged. It's like AV, always running and monitoring the system.
<2>
a. (Ranma_Sao) The application has to know to start the service and a lot of them just assume it's started.
b. (Ranma_Sao) Some apps do remember to start the service but timeout when that service is starting other dependant services, so they fail.
<3> (GreNME) - For those who are really into counting every last MB, it may behoove some to think about going the Home route.
<4> (GrenME) - Keep a list of services you disable (as opposed to the ones disabled by default) just in case you need to back out of a tweak.

 Props go out to:
GreNME, djnes, Phoenix86, Kooldrew, chinoquezada, HHunt, EinsteiN, Carnival Forces, rcolbert, S1nF1xx, odoe, serbiaNem, SJConsultant, Met-AL, Trematode, Komataguri, XOR != OR, OldPueblo, Iomn75, Malk-a-mite, Badger sly, hulksterjoe, Super Mario, Ranma_Sao and probably 50 more people I'm forgetting (sorry, it's late) for adding to the debate.

Links:

(SJConsultant) - Checkout Chapter 7 from Microsoft's Threats and Countermeasures guide.
(SJConsultant) - Microsoft has published a document dedicated to services and security.
(S1nF1xx) - A link to EinsteiN's real-world benchmarking experiment is also in order. He did a great job of showing the actual effects of service tweaking.
Ad-Aware SE Personal (free)
Spybot S&D (donate-ware)
Microsoft Anti-Spyware (free)
 
Good write up. Here's my take on the whole disabling services thing. If it works for you... that's great. Your computer, your business. I personally don't see the advantages. For my everyday use the defaults are just fine.
 
Nicely done and well balanced O[H]-Zone. :D

As you requested is the link in a previous post for the service descriptions I believe you are looking for:

"Checkout Chapter 7 from Microsoft's Threats and Countermeasures guide.

That chapter contains about 55 pages on the services found in Windows XP and 2003 with detailed descriptions of the services. It does not go into great detail on dependencies and such, but should give anyone with enough information to determine if a particular service is needed on their system."
 
I never thought it'd be posting in a thread made by O[H]-Zone while in a good mood, but there's a first for everything. Nicely done, and the division of the debate into four categories makes perfect sense. We've argued many times about the stability and resources sections, but we've always agreed on the security aspect. Again, very nicely done, and thanks to SJConsultant again for that link. Educating people about what each service does is a good thing, and I think we can all agree on that.
 
Very nice writeup.

And this excludes Sytem Restore service; that thing's a resource hog
Click to expand...
You should expand on why, IE this is an active program, so it doesn't get paged. It's like AV, always running and monitoring the system.

Stability
"manual" is 99% safe, but Ranma_Sao has reported issues with having services set to manual. I think he said the services wouldn't start fast enough when set to manual, I'm not sure about the 'why'. It's a good way to test as you mention, and safer than disabling them outright (unless you are looking for security, then of course disable), however it's good to note this may not always work.

Useability
Mention future use, aka "PCs aren't consoles mentality". You may not be using wifi now, but a year from now you might, will you remember to re-enable the services?
 
Thanks everybody, it means a lot to me to get pats on the back in a forum with so many smart people. We've argued a lot about this, and maybe coming to this point gives all that air some value. I think I feel worst for odoe; he must have felt like that boxing announcer..."Oh great, a thread on services. Let's get ready to rumble!" Thanks for the link SJConsultant; that was the one I was referring to.


Phoenix86 said:
Useability
Mention future use, aka "PCs aren't consoles mentality". You may not be using wifi now, but a year from now you might, will you remember to re-enable the services?
Click to expand...
I would say I sorta-kinda covered that with "but that does not guarantee that things you add in the future will also". But it doesn't really hammer the point home, either. If you feel strongly about it just say so and I'll add another note. If Ranma_Sao weighs in with a quote about services not starting fast enough I'll replace the second one, as he would be the original source.
Oh, and I notice your sig got shorter; thank you, I appreciate the gesture!
 
What I said was is the application has to know to start the service and a lot of them just assume it's started. The SCM doesnt mystically know an application wanted a service started that was set to manual it depends on the application starting it.

The corollary which I think phoenix is remembering, is that some apps do remember to start the service but timeout when that service is starting other dependant services, so they fail. (1 is more common, but I have seen this happen on a couple of applications)

 
Thanks for the clarification; I've added both points to the post. Any other thoughts/ideas, anybody?
 
I've been away for a week on a project (Florida ain't fun when pulling all-nighters all week trying to get your team's project up to date), but was told to look for this thread when I got the chance...

It fell back in the queue some, and I think that's a shame. This is a pretty good breakdown on the issue, and it covers some pretty important bases, not least of which is the importance to understand as fully as possible what is being disabled and why. Ranma_Sao got the comment in about programs assuming services are started before me, but he's right (was there any doubt? :) ).

I would suggest that, if you think you can, textually link (or refer) the reader to the useability part on each of the parts preceeding it, because it is an important factor behind the disabling of services. It could also be done by simply rewording the same basic message—something like "just be sure to understand that disabling services is in effect removing capabilities that are built into the OS, so keep a list of services you disable (as opposed to the ones disabled by default) just in case you need to back out of a tweak"—with part of the rewording reflecting back on the subject it's covering (i.e. - when dealing with security, be sure to not disable necessary network components or those that network components rely on unless extremely sure of its ability to be removed). Obviously, it would read like a highly caveated phrase, but it would practically remove the need for the last section (useability) unnecessary, so it would be more like a transfer of space instead of adding useless space.

Also, I would recommend keeping the System Restore on the whole time when making such changes, as in the event something is borked in a way that hinders booting back up to fix it the System Restore can play a huge role in keeping stress and blood pressure down. If someone still really thinks that they can completely do without the ability to roll back, there's nothing wrong with making System Restore the dead last service on the list to stop.

The last thing that I'll submit with an emphasis on "optional at your discretion" is the possibility to run as much as possible on a limited user account. For those who game or use programs that require admin privs, the easy way around most of that is finding the directories that the game or program needs read or write privs to and adjust the privs specifically for that user (I don't suggest doing so for the group, but on a machine with many users this may be more practical). One could even make a special profile from which to do the gaming and another to do other stuff in order to better sandbox the system from different tasks crossing over into territory that would make vectors for exploits more likely. A key element in security is that mentality of keeping separate sections or tasks separate with as little bleed-over as possible, and only as necessary (think "need to know basis"). It's a bit of extra work for those who want to do the tweakage deal, but I'm willing to bet that in the long run it would be totally worth it (and I firmly believe that software developers should be able to create programs that do not require administrative privs unless administrative-level processes are taking place. Playing a game should be able to be done by default under a regular user account, IMnsHO).

Good on you for the thread, man.

addendum: also keep in mind that, since services is the subject of the thread, Windows XP Home Edition has fewer services than Pro by a noticable amount, even if the "kitchen sink" package is installed on both. For those who are really into counting every last MB, it may behoove some to think about going the Home route (privs can be set/changed in home by using Safe Mode - linky )
 
Nice job O[H]-Zone! Great write-up.

One thing we could contribute to the post is a list of known problems users encounter when they disable certain services. Such as the defrag one that's been thrown around in our various "debates" :p. I know djnes and SJConsultant have posted links to these in the past. Maybe you guys could dig them up and we could start a "Known Issues" paragraph in the original post with some nice linkage and such. ;)

A link to EinsteiN's real-world benchmarking experiment is also in order. He did a great job of showing the actual effects of service tweaking. http://www.hardforum.com/showthread.php?t=907616&highlight=disable+services
 
As I told SJConsultant personally, it looks like MS is finally putting their two cents in definitively on the issue. Good on them for that.

O[H]-Zone, if this doesn't get stickied soon, let me know about it and I'll gladly collaborate with you on this to put it on an easily-accessible and static page for future reference and regular updating (as new info rolls in).

Let me know if interested. This is my official vote for sticky status as well.
 
djnes said:
I'll add another vote for stickification.
Click to expand...

Yep. Being able to point to this instead of continuing the discussion/flamewar whenever the topic comes up would be nice. (It'd probably cut down the post rates here by 15%, too.)
 
I didn't see this earlier. Sorry.
Now that it's stuck, I hope this can clear some stuff up for people that come in here with their questions.
 
I made a sticky! I'm so happy. I want to thank the academy...oh wait, wrong speech.
I made a few changes, additions and quotes, and trimmed off the intro/outro part...let me know if there's anything else you think it needs. Otherwise...cool!
 
odoe said:
Now that it's stuck, I hope this can clear some stuff up for people that come in here with their questions.
Click to expand...
BWahahahahahahahahahahahahahahahahaha!!!!!!!!!!!!!!!!!!!!!! :D :D :D

Like that'll ever happen. :p
 
I have a services related question, and since I respect the diversity of the [H]orde, I'll ask it here.

A bit of background. I have a start-up PC repair shop. I charge $40+OS cost to install windows. OS locked to 1st 10GB of drive, rest formatted for data storage. ZoneAlarm, Anti-Vir, SpywareBlaster, AdAware, Spybot, OpenOffice, Cacheman old(free) version, and a few other free for personal use programs are installed. Customer receives a disk with a copy of all programs installed, as well as legal, full install copy of OS, usually XP Home. 3 user accounts, 1 Admin. All password protected. Admin allowed 3 tries to log on.

Under the circumstances described above, I only disable Fast User Switching in the services section. Essentially requiring a reboot to log onto Admin. For myself I normally disable some of the things I know for certain I don't need, with the understanding that if the situation changes, I can turn them back on.

My question, I guess is, am I doing my customers a disservice by disabling this service, or should I go further? I'm learning as I go here, but most of the competition installs Norton's, and waits for the service work to come to them. I can't really afford a retail facility, yet, but I do wish to provide the best experience possible.

 
As far as the third-party programs that you're installing, I can't really give you anything more than my own personal preferences (which are unnecessary in this case). As for the service you're disabling, I would say that you're doing your customers a disservice. Let me explain...

Fast User Switching is a feature specifically built for allowing more than one person being logged on and switching between the different logons in a matter of seconds instead of minutes. It's ideal for the family that has everyone logging on to do different things and then walking away, or just the simple situation where a guy or girl has their machine set up to allow for their significant other to get on the machine without interrupting the other and their work. With FUS turned off the person has to close all open programs and log off before allowing another person the ability to log on; with FUS on all you have to do to allow another person to log on is simply select "Switch User" without logging off, saving all of your work (or play) open and running while the other person does their thing.

Basically, what you're doing is removing a key functionality for the home user by disabling Fast User Switching. Sure, this is really no different than older versions of Windows, but if that's what they want to run then they should just get the older version. FUS allows for granulation of user space that allows for each user on a machine to do their thing in their own logon (for non-AD environments). Do you really thing Joe Average is going to want to log off when he's looking up scores for his football pool when his son Kid Average wants to print up his history paper or his wife Jane Average wants to look up the recipe for something she heard of at the office this morning? Without FUS, Joe has to log off to allow the others to do their thing, but with FUS all three can do their thing, Kid and Jane interrupting and doing their thing, while Joe doesn't lose his place looking for stuff in the football pool.

Additionally, if you want people (home users) to not be able to log into Administrator without a reboot, then install XP Home on their machine. Home already has it set up that way, has less services installed (let alone running by default), and is more specifically geared toward typical end user tasks and usage. For the regular home user, it is more the right tool for the right job.
 
Too bad I didn't see this sooner. I got involved in a flame-fest on the subject a while back, and stayed away from the OS forum after that because I really do not like any of you. I did read a few of the other flame-fests on the same subject that were linked to on the front page.

Now, it is weird seeing everybody in here actually agreeing, and actually seeing relativley complete and unbiased information on the subject for people who come here looking.

Anyways excellent job everybody. I guess my boycott of the OS forum is over.
 
jamesrb said:
Too bad I didn't see this sooner. I got involved in a flame-fest on the subject a while back, and stayed away from the OS forum after that because I really do not like any of you. I did read a few of the other flame-fests on the same subject that were linked to on the front page.

Now, it is weird seeing everybody in here actually agreeing, and actually seeing relativley complete and unbiased information on the subject for people who come here looking.

Anyways excellent job everybody. I guess my boycott of the OS forum is over.
Click to expand...
I feel quite honored to be so disliked and never having met you. ;)
 
I just wanted to send another round of kudos to O[H]-Zone for this thread. Despite different views on the disabling of services, this has been the most well-rounded and considerate discussions on the subject. It was much needed and is a great idea.
 
<1> - (Phoenix86) This is an active program, so it doesn't get paged. It's like AV, always running and monitoring the system.
Click to expand...

The System Restore service is part of the svchost process (see tasklist /svc output, you're looking for srservice) and the code and data in the process can be paged out like almost anything else, according to least recently used. By default the service only does its thing every few days, so it is probably among the more likely pieces of svchost to be paged out in the intervening days. This is assuming you have a RAM shortage in the first place though.
 
I have just recently essed around some with removing services with nlite and have found that to be a rather bad idea as i have often gotten stuck with some programs missing their fav services if you know what i mean. But i have found that by disabling/setting to manual some services with services.msc i gain some preformance increase, is it worth the effort for your daily tasks, not usualy, its more of a anal retentive thing. The only real service i find the use for disabling is security center, keeps the annoyance level down.
 
I've never been in a services debate here, but this is a great writeup. Another vote for sticky! (I know I'll be looking for this someday).
 
You must log in or register to reply here.
Back
Top