Home  │ 


Windows XP System Services

Topics in this article:

[1] Where are system services managed?

[2] What services are needed?

[3] Potential security risks: stop these services if not needed

[4] Third party programmes

[5] Don't be caught out about some services

[6] Remote Procedure Call (RPC)

[7] Optional services

[8] Summary

[9] Changes in Windows XP SP2



1. Where are system services managed?

As Microsoft defines it, a service "is a process or set of processes that adds functionality to Windows by providing support to other programs" (see Glossary of Windows 2000 Services). You will find various websites on Windows XP system services which give an alphabetical list and brief explanation of each service. My article takes a different approach by discussing them under various topics.

To find system services, go to Start, Administrative Tools, Services (or Start, All Programs, Administrative Tools, Services) to launch the system Services Microsoft Management Console (MMC) Snap-in.

You can also find them listed in msconfig in Services. Although you can change the services' start up options there it is better to change them in the system services console. In the Extended page of the Services console you can find a brief description of the service. The same description is also found in the Properties, General window. A more detailed description of the services can be found in the references at the end.


2. What services are needed?

Windows XP starts many system services automatically by default. Many are unnecessary especially for the average home user.  Some services are not installed by default or available in Windows XP Home Edition.

What services are needed would depend on your setup, whether you are on a network, or have any external devices, or what programmes you have installed. There is no single setting which suits everybody. You have to make an informed decision about your needs. Hopefully this article and others will help you. If you can't be bothered to find out about them and work it out, then don't do anything and just use the default settings.

If you don't have a lot of physical RAM (256MB or less) you would be better off trimming the list of services that start automatically. Even if you have plenty your system would boot faster if few services start unnecessarily. You'll save a little amount of RAM this way (a few tens of MB at most). More importantly, disable those that are potential security risks (see below) to minimise vulnerability to attacks.

Changing service settings

A service has one of three startup settings: Automatic, Manual or Disabled. To start or stop a service, right click the item, choose Start or Stop. Or you can use the net start service and net stop service commands in the command prompt or from the Recovery Console.

In a computer joined to a domain the services can be controlled from Group Policy editor (under: Computer Configuration\Windows Settings\Security Settings\System Services) but it is not available for the Local Computer Policy. Windows Server 2003 contains additional services which will not be covered here (details in the references).

To reset the startup property, double click the item, choose Properties. In the General window, Startup type drop-down box, choose the appropriate setting (Fig. 1). The settings are stored in the registry but there is no need to edit the registry directly. You can tweak the registry with a script for deployment or when preparing an unattended Windows installation.

Startup type in services properties

Fig. 1. Startup type in services properties.


You can also examine the service's requirement and dependencies in the Dependencies window. The Microsoft TechNet reference (link below) has a most detailed list of services, dependencies and default settings. Rather than repeating all the information you can find there and in the services console (as in most other websites) I will just focus on a few important issues.

Setting a service to Manual would be appropriate if it is not needed on start up or essential for the system's running but may be required later. When required the service should start but it is not totally reliable in my experience. If that is the case you can reset the startup type to Automatic.

Caution about tweaking your system

If you're a novice and unsure whether a service should be disabled, first set it to Manual. Reboot and check if it is started straight away or later. Booting into Safe Mode and checking the list would give you a good idea of the absolute minimal requirements.

Do not change too many settings at a time. Make a system restore point and a full back up. Click on the Export List icon on the toolbar to save to a text file and print out a list for reference and records. Capturing screenshots of the services console is another good way to keep records. I suggest you adjust the settings slowly and test the results over a period of time.


3. Potential Security risks: stop these services if not needed

These services are potential security risks:

Remote Registry (in Windows XP Professional only),
Universal Plug and Play Device Host
(which depends on the SSDP Discovery Service).

Disable these if you don't need them.

The Alerter and Messenger services have been used for unsolicited pop-up window advertisement and can be disabled if not required for administrative alerts. They are unrelated to Windows or MSN Messenger. These two have been disabled by default in Windows XP SP2.


4. Third party programmes

Some programmes install additional services: e.g.

ATI drivers and utilites,
Creative/Sound Blaster drivers/utilites,
Diskeeper (and other defrag programmes),
hardware e.g. RAID monitor utilites,
Symantec/Norton Internet Security/System Works/Ghost,
other antivirus and firewall programmes,
Nvidia drivers,
Office source engine

It is important to having the antivirus and firewall services starting automatically while the others are more discretional.


5. Don't be caught out about some services

Those using LAN for broadband internet may need some of the services for networks including DNS Client, DHCP Client and Telephony.

Task Scheduler is needed for your anti-virus programme to update.

Windows Update

The Cryptographic Service is required for Windows Update. Since Windows Update upgraded to v5 in 2004, BITS (Background Intelligent Transfer Service) is required; if this is disabled you will not be able to update and receive an error message.


6. Remote Procedure Call (RPC)

The Remote Procedure Call (RPC) service is normally needed for the system and cannot be stopped. The W32.Blaster.worm causes it to close within 60 seconds and the computer to reboot. If you see this error message you can stop the computer from shutting down by immediately going to the command prompt and type:

shutdown -a

and then disconnect from the internet. The -a switch aborts the impending shutdown if you type the command within 60s.

Then go to its Properties, Recovery window and change the computer's response from Restart the Computer or Restart the Service to Take no Action for all three instances of failures (Fig. 2). Then follow the instructions to deal with it here. In particular, you need to remove the worm and update the hotfix (824146, included in SP2). Updating the hotfix alone is not sufficient to remove the worm. Microsoft has a separate worm removal tool (KB 833330) which you should apply.

For the interim workarounds (disable UDP ports 135, 137, 138, 445; TCP 135, 139, 445, 593; COM Internet Services and RPC over HTTP and DCOM), read this article.

Take no action in the RPC Recovery tab.

Fig. 2. Take No Action in the RPC Recovery tab.


7. Optional services

Optional services linked to Windows features include (they are mostly self-explanatory):

Automatic Updates,
Error Reporting
Fast user Switching Compatibility
Help and Support
Internet Connection Firewall (ICF)/Internet Connection Sharing (ICS)
(Windows Firewall/Internet Connection Sharing (ICS)) in SP2),
IPSec services,
MS Software Shadow Copy Provider
(linked to Volume Shadow Copy (for volume shadow copy mode in NTBackup),
Plug and Play
(unrelated to Universal Play and Play Device Host),
Routing and Remote Access,
Secondary Logon,
System Restore service,
Windows Image Acquisition (WIA),
Windows Time

If you need to configure the Security tab in Folder properties the Server service needs to be running (in Windows XP Professional only).

A few services are not required at all if you don't have the hardware:

Portable Media Serial Number,
Smart Card
(and Smart Card Helper), Uninterruptible Power Supply and
Wireless Zero Configuration

If you have another CD/DVD-burning programme installed, disable the IMAPI CD-Burning COM Service. This service has been reported to conflict with other burning programmes.


8. Summary

Figure 3 shows some typical but not definitive settings (pre-SP2; the Creative service for CDROM Access, CPUUsage, Diskeeper, GhostStartService and Norton services are from 3rd party programmes) (Fig. 3).

Services List

Fig. 3. Services list.


9. Changes in SP2

Because of the messenger spam problem, both the Alerter and Messenger services are disabled by default.

Background Intelligent Transfer Service (BITS) This is updated to v2 (KB842773) for v5 of Windows Update and new versions of Autoupdate allowing file transfer over idle network bandwidths.

Internet Connection Firewall (ICF)/Internet Connection Sharing (ICS) is renamed Windows Firewall/Internet Connection Sharing (ICS).

Several new services are added:

DCOM Server Process Launcher In my computer (after trial and error), this seems to be required for the correct running of antivirus software (despite DCOM having been manually disabled).

HTTP SSL This enables HTTPS protocol using SSL for HTTP service.

Security Center This is for the new SP2 "Windows Security Center" which automatically starts up and alerts you if your anti-virus and firewalls are not up to date. Some anti-virus and firewall programmes have their own security centre so the this is not strictly needed.



Go to TOP



There are other websites which offer explanations and advice on services but they only reiterate the above information, the information from the Microsoft links below and what you find in the services console. Therefore I've omitted them on purpose, not because I don't know about them, but I simply don't find them useful in terms of offering additional information. As added information I've added references for Windows 2000 and Windows Server 2003 services.

Glossary of Windows 2000 Services

System Services for the Windows Server 2003 Family and Windows XP Operating Systems This is the most up to date and comprehensive reference and includes the services in different Windows editions and in Safe Mode. (Unfortunately this page has been removed and no replacement can be found at the time of last updating this article.)

Default settings for services (Windows Server 2003)

Disable Unnecessary System Services Locally

System Services in Group Policy

HOW TO: Control Access to a Windows NT, Windows 2000 and Windows XP Service

Windows Server 2003 System Services Reference (this page has a download for SPTCG_SSS.doc)

Threats and Countermeasures Guide (Chapter 7 provides an overview of the system services included with Windows Server 2003 and Windows XP; download the whole document)


Copyright 2003-2005 by Kilian. All my articles including graphics are provided "as is" without warranties of any kind. I hereby disclaim all warranties with regard to the information provided. In no event shall I be liable for any damage of any kind whatsoever resulting from the information. The articles are provided in good faith and after some degree of verification but they may contain technical or typographical errors. Links to other web resources may be changed at any time and are beyond the control of the author. Articles may be added, removed, edited or improved at any time. No support is provided by the author. All the products mentioned are trademarks of their respective companies.

This is not an official support page for any products mentioned. All the products mentioned are trademarks of their companies. Edit the settings at your own risk and back up first.

Last updated 6 Feb 2005