Windows Vista and Windows Server 2008 have more than 130 services installed by default, not counting the services that are added by third party software application. Comparing with just around 70 services installed by default in Windows XP and Windows Server 2003, the extra services definitely will increase the burden and use more system CPU and memory resources, slowdown system performance.

Thus, it becomes more important to optimize services that running on Windows Vista and Windows Server 2008. By disabling unwanted and unnecessary services, or set them to manual start only when needed or required, it’s possible tweak Windows operating system to use less system resources and run faster.

The Windows Vista and Windows Server 2008 Services Optimizer Batch Command Script can be used to optimize the running services in Windows Vista and/or Windows Server 2008. Each services contained in the script are accompanied with description by Microsoft and some analysis comment to let user knows that what a service is doing, and recommend whether such service can be disabled, set to manual start or disabled or not.

Windows Vista and Server 2008 Services Optimizer

It’s recommended that user make or export a backup of current startup type state of all services before running the Services Optimizer. In anything goes wrong, just run the batch command script generated to restore original state for all services’ startup type. Beside, the default settings in Services Optimizer script will enable Windows Aero, disable Print Spooler, turn off Windows Update, disable Windows Defender and disable some services related to local area network (LAN). If you need to use any of the set-to-disable services, modify the script to enable them.

The default configuration configured in the batch script is by no mean suitable for everybody. If you found that some functions and services that is required no longer work, re-enable the services. You can tweak other services to on or off status to your preference too. Users are encouraged to read through the descriptions and comments for all services to personalize and customize the state of Startup Type for services according to their preference by using the following command in the script file. Do also note that not all services is available in each editions of Windows Vista and Windows Server 2008 (the script is based on Windows Vista Ultimate), so some services may return failure message, which can be safely ignored.

Optimizing Services Running

Description of Windows Vista Services Optimizer commands:

1. AUTO: Automatic
2. DEMAND: Manual
3. DISABLED: Disable

Download WinVista2008_Services_Optimizer.bat (unpack from WinVista2008_Services_Optimizer.zip) (no longer available). Remember to run the script as administrator in high elevation mode.

Successful Changing Startup Type via Command Prompt

For convenient, the content related to the services that are been optimized is listed here over the next two pages, together with Microsoft provided description, optimization comment, recommendation and its default original Startup type.

Name: Application Experience
Description: Processes application compatibility cache requests for applications as they are launched.
Comment: This service is required by application compatibility mode to run old and not compatible programs in Windows. If you have no such programs, this service is not required to start.
Default: Automatic
Recommendation: Manual

Name: Application Information
Description: Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks.
Comment: For old applications that requires admin rights to install. Not required to start unless there is old programs used. This service works with system UAC, which can stop unknown Trojan and virus from installing.
Recommendation: Manual

Name: Application Layer Gateway Service
Description:Provides support for 3rd party protocol plug-ins for Internet Connection Sharing
Comment: This service is used by old incompatible apps under compatibility mode. Disable the servicve is there is no such programs.
Default: Manual
Recommendation: Disabled

Name: Application Management
Description: Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start.
Comment: Normally used for centralized management in big corporations, such as deliver patches and updates when log on in Active Directory. Not require for personal user.
Default: Manual
Recommendation: Disabled

Name: Background Intelligent Transfer Service
Description: Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information.
Comment: Used by Windows Update to transfer patches and updates in the background. Can be disabled if not using Windows Update.
Default: Automatic (Delayed Start)
Recommendation: Disabled

Name: Base Filtering Engine
Description: The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.
Comment: A security related service normally used by firewall, wide area network (WAN), Internet Connection Sharing and other seldom used protocols.
Recommendation: Automatic

Name: Block Level Backup Engine Service
Description: Engine to perform block level backup and recovery of data.
Comment: Used by Windows Vista backup and recovery service, can be disabled.
Default: Manual
Recommendation: Disabled

Name: Certificate Propagation
Description: Propagates certificates from smart cards.
Comment: Required by smart card reader program, which may require by some company’s user to remotely logon to corporate network via VPN.
Default: Manual
Recommendation: Automatic

Name: CNG Key Isolation
Description: The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements.
Comment: If Wired AutoConfig and WLAN AutoConfig services are started, and configured to use EAP (Extensible Authentication Protocol), then this service will be used. User who is not using automatic configuration of wired and wireless network can turn off the service.
Default: Manual
Recommendation: Disabled

Name: COM+ Event System
Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
Comment: Some applications may require COM+ component, such as Optimize System from BootVis, and Event Viewer will show DCOM is not started if disabled when required.
Default: Automatic
Recommendation: Manual

Name: COM+ System Application
Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Comment: Some applications developed will require COM+ components, which may even include IIS and .NET. Do not disable the service but can set to Manual to load it when required.
Recommendation: Manual

Name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Comment: If not browsing Local Area Network (LAN), this service is not required. Other it’s good to enable the service as it maintains and updates list of computers on the network.
Default: Automatic
Recommendation: Disabled

Name: Cryptographic Services
Description: Provides four management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Comment: Protect and manage certificates, private keys and security catalogs in the system. Besides, when visiting some websites such as Windows Update, Microsoft websites, or when accessing DRM validation, this service is used to verify digital signature of Windows files, so do not disable this service.
Recommendation: Automatic

Name: Desktop Window Manager Session Manager
Description: Provides Desktop Window Manager startup and maintenance services
Comment: Windows Aero and Windows Flip 3D require this service.
Recommendation: Automatic

Name: DHCP Client
Description: Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start.
Comment: The base service for Internet connectivity to get a dynamic IP address.
Recommendation: Automatic

Name: Diagnostic Policy Service
Description: The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Comment: Windows Vista or IE7 may occasionally pops up dialog box to ask if user want it to help finding the cause and resolution to the problem. However, 99% of the time it doesn’t help much to resolve the issue, can be disabled.
Default: Automatic
Recommendation: Disabled

Name: Diagnostic Service Host
Description: The Diagnostic Service Host service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, some diagnostics will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Comment: Helping Diagnostic Policy Service for its tasks, will be started when DPS started, and can be disabled together with DPS.
Default: Manual
Recommendation: Disabled

Name: Diagnostic System Host
Description: The Diagnostic System Host service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, some diagnostics will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Comment: Similar to DPS and WdiServiceHost, can be disabled altogether.
Default: Manual
Recommendation: Disabled

Name: Distributed Link Tracking Client
Description: Maintains links between NTFS files within a computer or across computers in a network.
Comment: Required for system using NTFS file system.
Recommendation: Automatic

Name: Distributed Transaction Coordinator
Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Comment: A lot of applications such as SQL Server and Exchange BizTalk uses the server. Do not start the service unless needed, but do not disable it either.
Recommendation: Manual

Name: DNS Client
Description: The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer’s name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start.
Comment: Required for normal Internet browsing experience.
Recommendation: Automatic

Name: Extensible Authentication Protocol
Description: The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication.
Comment: User not using 802.1x authentication, wireless or VPN client can stop it from loading with Windows, but do not disable it.
Recommendation: Manual

Name: Function Discovery Provider Host
Description: Host process for Function Discovery providers.
Comment: Related to PnP-X and SSDP.
Recommendation: Manual

Name: Function Discovery Resource Publication
Description: Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network.
Comment: Related to PnP-X and SSDP.
Default: Automatic
Recommendation: Manual

Name: Health Key and Certificate Management
Description: Provides X.509 certificate and key management services for the Network Access Protection Agent (NAPAgent). Enforcement technologies that use X.509 certificates may not function properly without this service.
Comment: A service for NAP to build Health Registration Authority mechanism.
Recommendation: Manual

Name: Human Interface Device Access
Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Comment: Requires for special function keys on keyboard, joystick and other devices to work. Disabled unless required.
Default: Manual
Recommendation: Disabled

Name: IKE and AuthIP IPsec Keying Modules
Description: The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running.
Comment: Primarily used for authentication purpose on VPN and other network environment.
Default: Automatic
Recommendation: Manual

Name: Interactive Services Detection
Description: Enables user notification of user input for interactive services, which enables access to dialogs created by interactive services when they appear. If this service is stopped, notifications of new interactive service dialogs will no longer function and there may no longer be access to interactive service dialogs. If this service is disabled, both notifications of and access to new interactive service dialogs will no longer function.
Comment: Maintain manual so that it will be started when required.
Recommendation: Manual

Name: Internet Connection Sharing (ICS)
Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Comment: Not required for standalone user or those not sharing Internet connection with others.
Recommendation: Disabled

Name: IP Helper
Description: Provides automatic IPv6 connectivity over an IPv4 network. If this service is stopped, the machine will only have IPv6 connectivity if it is connected to a native IPv6 network.
Comment: Provides support for IPv6, which is not yet necessary at this time.
Default: Automatic
Recommendation: Disabled

Name: IPsec Policy Agent
Description: Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool “netsh ipsec”. If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Firewall is not available when this service is stopped.
Comment: Some corporate network requires IPsec to provide secure connection on TCP/IP from client to server. In other cases, disable is recommended.
Default: Automatic
Recommendation: Disabled

Name: KtmRm for Distributed Transaction Coordinator
Description: Coordinates transactions between MSDTC and the Kernel Transaction Manager (KTM).
Comment: Mostly used by developers and programmers.
Default: Automatic (Delayed Start)
Recommendation: Disabled

Name: Link-Layer Topology Discovery Mapper
Description: Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly.
Comment: Provides LLTD technology to accurately display network location of LLTD-supported network devices.
Recommendation: Manual

Name: Microsoft .NET Framework NGEN v2.0.50727_X86
Description: Microsoft .NET Framework NGEN
Comment: Provides support for .NET FX3 and NGEN applications.
Recommendation: Manual

Name: Microsoft iSCSI Initiator Service
Description: Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start.
Comment: Not required if local PC has no iSCSI device, and does not connect to remote iSCSI device.
Default: Manual
Recommendation: Disabled

Name: Microsoft Software Shadow Copy Provider
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
Comment: Required by Previous Versions, System Restore and other applications.
Recommendation: Manual

Name: Multimedia Class Scheduler
Description: Enables relative prioritization of work based on system-wide task priorities. This is intended mainly for multimedia applications. If this service is stopped, individual tasks resort to their default priority.
Comment: Primarily used to set priority for audio and video streams. If disable, may affect functionality of sound card. Set to Manual will also be launched automatically with Windows startup.
Recommendation: Automatic

Name: Netlogon
Description: Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start.
Comment: Used to log on to Active Directory domain controller.
Recommendation: Manual

Name: Network Access Protection Agent
Description: Enables Network Access Protection (NAP) functionality on client computers.
Comment: Client for NAP protocol.
Default: Manual
Recommendation: Disabled

Name: Network Connections
Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Comment: This service is almost unavoidable for user hook onto Internet. Used whenever accessing Network and Dial-Up Connections folder.
Default: Manual
Recommendation: Automatic

Name: Network List Service
Description: Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change.
Comment: Displays current wired and wireless network connections state and status.
Recommendation: Automatic

Name: Network Location Awareness
Description: Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Comment: Provides enhanced support for user who uses multiple network or Internet connections. Normally started with Network Connections.
Recommendation: Automatic

Name: Network Store Interface Service
Description: This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start.
Comment: Supporting service for NLA (Network Location Awareness) such as storing profile of each network. Normally has the same state with NLA.
Recommendation: Automatic

Name: Offline Files
Description: The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state.
Comment: Can be disabled if not going to store a cached offline copy of Internet files.
Default: Automatic
Recommendation: Disabled

Name: Parental Controls
Description: This service enables Windows Parental Controls on the system. If this service is not running, Parental controls will not work.
Comment: Primarily used to restrict children usage time, permitted or blocked websites and gaming usage time. For own PC, no restriction required.
Default: Manual
Recommendation: Disabled

Name: Peer Name Resolution Protocol
Description: Enables Serverless Peer Name Resolution over the Internet. If disabled, some Peer to Peer and Collaborative applications, such as Windows Meetings, may not function.
Comment: Can be disabled if not using P2P functionality of WCF.
Default: Manual
Recommendation: Disabled

Name: Peer Networking Grouping
Description: Provides Peer Networking Grouping services.
Comment: Can be disabled if not using P2P functionality of WCF.
Default: Manual
Recommendation: Disabled

Name: Peer Networking Identity Manager
Description: Provides Identity service for Peer Networking.
Comment: Can be disabled if not using P2P functionality of WCF.
Default: Manual
Recommendation: Disabled

Name: Performance Logs & Alerts
Description: Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
Comment: Used by Event Viewer, Task Manager and other benchmarking utility.
Recommendation: Manual

Name: PnP-X IP Bus Enumerator
Description: The PnP-X bus enumerator service manages the virtual network bus. It discovers network connected devices using the SSDP/WS discovery protocols and gives them presence in PnP. If this service is stopped or disabled, presence of NCD devices will not be maintained in PnP. All pnpx based scenarios will stop functioning.
Comment: Part of Windows Connect Now (WCN), an extension to Plug and Play service, and used to support networked intelligent electronic device such as refrigerator and rice cooker to connect to PC.
Default: Manual
Recommendation: Disabled

Name: PNRP Machine Name Publication Service
Description: This service publishes a machine name using the Peer Name Resolution Protocol. Configuration is managed via the netsh context ‘p2p pnrp peer’
Comment: Used to resolve and publish a server name in P2P network, usually not required.
Default: Manual
Recommendation:Disabled

Name: Portable Device Enumerator Service
Description: Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices.
Comment: Used for Windows Media Player and portable media player such as MP3 player to synchronize content and time.
Default: Automatic
Recommendation: Manual

Name: Print Spooler
Description: Loads files to memory for later printing
Comment: Can be disabled if the system has no printer, or do not need to connect or emulate a local or remote printer.
Default: Automatic
Recommendation: Disabled

Name: Problem Reports and Solutions Control Panel Support
Description: This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports and Solutions control panel.
Comment: From many user experience, the service can’t solve too many problems.
Recommendation: Manual

Name: Protected Storage
Description: Provides protected storage for sensitive data, such as passwords, to prevent access by unauthorized services, processes, or users.
Comment: Not very useful but keep for security purpose.
Recommendation: Manual

Name: Quality Windows Audio Video Experience
Description: Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization.
Comment: Used primarily to improve and enhance the transmission and quality of audio and video streaming media on IP network. Not many devices and applications support this protocol.
Default: Manual
Recommendation:Disabled

Name: ReadyBoost
Description: Provides support for improving system performance using ReadyBoost.
Comment: A new feature in Windows Vista, but performance boost is in doubt. Disable if not using ReadyBoost, especially for notebook user who is unlikely to plug in a USB key everywhere everytime.
Default: Automatic
Recommendation:Disabled

Name: Remote Access Auto Connection Manager
Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
Comment: When computer connects to a remote DNS or NetBIOS address or name, a connection will be created. General ADSL and VPN services may require this service, and disable may cause connections unable to be established.
Recommendation: Manual

Name: Remote Access Connection Manager
Description: Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start.
Comment: When establishing connections in VPN, ADSL and dial-up network, the service may be required.
Recommendation: Manual

Name: Remote Procedure Call (RPC) Locator
Description: Manages the RPC name service database.
Comment: Supplement RPC service. Can set to manual, but not recommended to disable it.
Recommendation: Manual

Name: Remote Registry
Description: Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
Comment: For standalone PC, not required, unless user is managing multiple computers.
Default: Manual
Recommendation: Disabled

Name: Routing and Remote Access
Description: Offers routing services to businesses in local area and wide area network environments.
Comment: Provide routing service.
Recommendation: Disabled

Name: Secondary Logon
Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Comment: Provides support for two users log on to a computer simultaneously. Personal user does not require it.
Default: Automatic
Recommendation: Disabled

Name:Security Accounts Manager
Description: The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled.
Comment: Security Accounts Manager for the system.
Recommendation: Automatic

Name: Security Center
Description: Monitors system security settings and configurations.
Comment: New security center in Windows Vista, which allows user to tweak security settings and view security protection status. Security Center is just a management interface, may not be necessary if other security services are already started, but it’s convenient.
Default: Automatic (Delayed Start)
Recommendation: Automatic

Name: Server
Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Comment: Provides file, print and named-pipe sharing for the computer. Not required if not sharing anything, especially on stand-alone system.
Default: Automatic
Recommendation: Disabled

Name: Shell Hardware Detection
Description: Provides notifications for AutoPlay hardware events.
Comment: For user who doesn’t like the Auto-Play feature, set service to manual start and then the system won’t prompt any notification when user inserts or plugs in a USB flash drive or portable hard disk.
Recommendation: Automatic

Name: SL UI Notification Service
Description: Provides Software Licensing activation and notification.
Comment: Provides activation service for Windows Vista and related product together with Software Licensing. Disable it does not mean that no activation is required.
Recommendation: Manual

Name: Smart Card
Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
Comment: Smart card may be required in some environment to login to company network or connect to VPN. Disable if not using smart card.
Default: Manual
Recommendation: Disabled

Name: Smart Card Removal Policy
Description: Allows the system to be configured to lock the user desktop upon smart card removal.
Comment: Used to lock down computer when removing the smart card. Otherwise, disable the service.
Default: Manual
Recommendation: Disabled

Name: SNMP Trap
Description: Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start.
Comment: Used to permit the computer to receive and process SNMP trap messages. For personal user this is normally not used.
Default: Manual
Recommendation: Disabled

Name: Software Licensing
Description: Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a reduced function mode.
Comment: Mandatory requirement for Windows Vista.
Recommendation: Automatic

Name: SSDP Discovery
Description: Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start.
Comment: The service can discover SSDP-support devices and UPnP devices. It can display UPnP devices in Device Manager, so should not be disabled. As best set it to manual so that it can run when needed.
Recommendation: Manual

Name: Superfetch
Description: Maintains and improves system performance over time.
Comment: One of the best features in Windows Vista, but performance boost result in doubt, especially in system with small amount of memory, which can be disabled.
Default: Automatic
Recommendation: Disabled

Name: System Event Notification Service
Description: Monitors system events and notifies subscribers to COM+ Event System of these events.
Comment: SENS provides the only system tracking and notification mechanism for log on, device initialization, network connection, power supply and other internal events. Not recommended to disable.
Default: Automatic
Recommendation: Manual

Name: Tablet PC Input Service
Description: Enables Tablet PC pen and ink functionality.
Comment: Can disable if not using Table PC and handwriting.
Default: Automatic
Recommendation: Disabled

Name: TCP/IP NetBIOS Helper
Description: Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Comment: Primarily used to resolve NetBIOS name for file and printer sharing between computers and log on remotely.
Default: Automatic
Recommendation: Disabled

Name: Telephony
Description: Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service.
Comment: Provides TAPI support to programs, required only when needed.
Recommendation: Manual

Name: Terminal Services
Description: Allows users to connect interactively to a remote computer. Remote Desktop and Terminal Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item.
Comment: Required by Remote Desktop, Remote Assistance, and services related to Terminal Services.
Default: Automatic
Recommendation: Disabled

Name: Terminal Services Configuration
Description: Terminal Services Configuration service (TSCS) is responsible for all Terminal Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, TS themes, and TS certificates.
Comment: Can be disabled if not using Terminal Services.
Default: Manual
Recommendation: Disabled

Name: Terminal Services UserMode Port Redirector
Description: Allows the redirection of Printers/Drives/Ports for RDP connections.
Comment: Can be disabled if not using Terminal Services.
Recommendation: Disabled

Name: Themes
Description: Provides user experience theme management.
Comment: Need to customize user interface of Windows Vista.
Recommendation: Automatic

Name: Thread Ordering Server
Description: Provides ordered execution for a group of threads within a specific period of time.
Comment: Set to manual start if not required, but not recommended to set to disable.
Recommendation: Manual

Name: TPM Base Services
Description: Enables access to the Trusted Platform Module (TPM), which provides hardware-based cryptographic services to system components and applications. If this service is stopped or disabled, applications will be unable to use keys protected by the TPM.
Comment: Set to manual so that Windows Vista can run the service whenever required.
Default: Automatic (Delayed Start)
Recommendation: Manual

Name: UPnP Device Host
Description: Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start.
Comment: Main service to support UPnP (Universal Plug and Play) devices on computer.
Recommendation:Manual

Name: User Profile Service
Description: This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully logon or logoff, applications may have problems getting to users’ data, and components registered to receive profile event notifications will not receive them.
Comment: Important service.
Recommendation: Automatic

Name: Virtual Disk
Description: Provides management services for disks, volumes, file systems, and storage arrays.
Comment: Do not set to disable.
Recommendation: Manual

Name: Volume Shadow Copy
Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
Comment: Requires for Previous Version and System Restore, where disable VSS may cause 0x8004230C error.
Recommendation: Manual

Name: WebClient
Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
Comment: Disable if not require web indexes or similar functions.
Default: Automatic
Recommendation: Manual

Name: Windows Audio
Description: Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Comment: Disable will make system mutes. So never disable the service.
Recommendation: Automatic

Name: Windows Audio Endpoint Builder
Description: Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Comment: Do not disable the service as it will make sound device no longer working (muting the PC).
Recommendation: Automatic

Name: Windows Backup
Description: Provides Windows Backup and Restore capabilities.
Comment: Disable if you’re using third party backup and recovery software.
Default: Manual
Recommendation: Disabled

Name: Windows Color System
Description: The WcsPlugInService service hosts third-party Windows Color System color device model and gamut map model plug-in modules. These plug-in modules are vendor-specific extensions to the Windows Color System baseline color device and gamut map models. Stopping or disabling the WcsPlugInService service will disable this extensibility feature, and the Windows Color System will use its baseline model processing rather than the vendor’s desired processing. This might result in inaccurate color rendering.
Comment: Required if using third-party color system.
Recommendation:Manual

Name: Windows Connect Now – Config Registrar
Description: Act as a Registrar, issues network credential to Enrollee. If this service is disabled, the Windows Connect Now – Config Registrar will not function properly.
Comment: Register and authenticate Wi-Fi or Wireless network.
Recommendation: Manual

Name: Windows Defender
Description: Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions.
Comment: Free and provides basic protection from spyware. But nowadays most anti-virus can do the job nicely. So disable Windows Defender.
Default: Automatic
Recommendation: Disabled

Name: Windows Error Reporting Service
Description: Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed.
Comment: Everybody, including Microsoft hopes that Windows Vista runs smoothly without error. The fact that error still happen means that even if you send the error report to Microsoft, it may be of useless.
Default: Automatic
Recommendation: Disabled

Name: Windows Event Collector
Description: This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted.
Comment: The service collects and analyzes data related to system control and functionalities, and is supporting service for new Event Viewer in Windows Vista.
Recommendation: Manual

Name: Windows Event Log
Description: This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system.
Comment:Frequently used by Windows Vista and other application, however it’s not a mandatory service.
Default: Automatic
Recommendation: Manual

Name: Windows Firewall
Description: Windows Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network.
Comment: One of the best and most stable firewall, although with just basic feature. Enable unless system has third-party firewall.
Recommendation: Automatic

Name: Windows Image Acquisition (WIA)
Description: Provides image acquisition services for scanners and cameras.
Comment: Retrieve photos from scanners and digital cameras.
Default: Automatic
Recommendation: Manual

Name: Windows Installer
Description: Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
Comment: MSI/MSU package and many other setup installers require this server. Just set it to manually start when required.
Recommendation: Manual

Name: Windows Management Instrumentation
Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Comment: A system management service during system boot up process. Will be started during Windows startup even when set to manual.
Recommendation: Automatic

Name: Windows Media Center Extender Service
Description: Allows Windows Media Center Extender devices to locate and connect to the computer.
Comment: Transmit multimedia files to networked device such as Xbox. Disable unless needed.
Recommendation: Disabled

Name: Windows Modules Installer
Description: Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer.
Comment: Required by Windows Update. Disable if not using Windows Update.
Default: Manual
Recommendation: Disabled

Name: Windows Remote Management (WS-Management)
Description: Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix.
Comment: Enable remote computer management and event data collection.
Default: Manual
Recommendation: Disabled

Name: Windows Search
Description: Provides content indexing and property caching for file, email and other content (via extensibility APIs). The service responds to file and email notifications to index modified content. If the service is stopped or disabled, the Explorer will not be able to display virtual folder views of items, and search in the Explorer will fall back to item-by-item slow search.
Comment: Desktop search for Windows Vista and Office. Resource intensive. Disable Windows Search if not required or using third party desktop search.
Default: Automatic
Recommendation: Disabled

Name: Windows Time
Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Comment: Synchronize local time with Internet time server. Set to manual if user prefer to manually sync computer as and when required.
Default: Automatic
Recommendation: Manual

Name: Windows Update
Description: Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API.
Comment: Provides updates and patches for Windows Vista, and related Background Intelligent Transfer Service and Modules Installer services.
Default: Automatic (Delayed Start)
Recommendation: Disabled

Name: WinHTTP Web Proxy Auto-Discovery Service
Description: WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol.
Comment: Not used under most circumstances.
Default: Manual
Recommendation: Disabled

Name:Wired AutoConfig
Description: This service performs IEEE 802.1X authentication on Ethernet interfaces.
Comment: Set to manual to load the service only when required.
Recommendation: Manual

Name: WLAN AutoConfig
Description: This service enumerates WLAN adapters, manages WLAN connections and profiles.
Comment: Can disable if not using wireless network. Else set to manual to load the service only when needed.
Recommendation: Disabled

Name: WMI Performance Adapter
Description: Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated.
Comment: A performance related system service.
Recommendation: Manual

Name:Workstation
Description: Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Comment: Normally required on Local Area Network (LAN). When not using shared folders and printers, can set to manual start.
Default: Automatic
Recommendation: Manual