A list of the default services in Windows 7.
|Service Display Name||Service (Registry Key)||Process||Description||Default Status & notes|
|ActiveX Installer (AxInstSV)||AxInstSV||svchost.exe / audiosrv.dll||Provides UACl validation for the installation of ActiveX controls from the Internet.||Manual|
|Adaptive Brightness||SensrSvc||svchost.exe / sensrsvc.dll||Monitors ambient light sensors to detect changes in ambient light and adjust the display brightness.||Manual, can be disabled if no light sensors available)|
|Application Experience||AeLookupSvc||svchost.exe / aelupsvc.dll||Processes application compatibility cache requests for applications as they are launched||Manual|
|Application Host Helper Service||AppHostSvc||Not Installed.
Optional feature (Control Panel add features)
|Application Identity||AppIDSvc||svchost.exe / appidsvc.dll||Determines and verifies the identity of an application.||Manual.
Disabling this service will prevent AppLocker from being enforced.
|Application Information||Appinfo||svchost.exe /appinfo.dll||Facilitates the running of interactive applications with additional administrative privileges.||Manual (Started)|
|Application Layer Gateway Service||ALG||alg.exe||Provides support for 3rd party protocol plug-ins for Internet Connection Sharing||Manual|
|Application Management||AppMgmt||svchost.exe / appmgmts.dll||Processes installation, removal, and enumeration requests for software deployed through Group Policy.||Manual|
|ASP.NET State Service||aspnet_state||aspnet_state.exe||Optional feature (Control Panel add features)|
|Background Intelligent Transfer Service||BITS||svchost.exe / qmgr.dll||Transfer files using idle network bandwidth, maintain file transfers through network disconnections and computer restarts.||Manual.
If disabled, then applications that depend on BITS, such as Windows Update, will be unable to automatically download files.
|Base Filtering Engine||BFE||svchost.exe / bfe.dll||Manages firewall and IPsec policies and user mode filtering.||Automatic (Started)|
|BitLocker Drive Encryption Service||BDESVC||svchost.exe / bdesvc.dll||Provides secure startup for theOS, as well as full volume encryption.||Manual|
|Block Level Backup Engine Service||wbengine||wbengine.exe||The WBENGINE service is used by Windows Backup to perform backup and recovery operations.||Manual|
|Bluetooth Support Service||bthserv||svchost.exe / bthserv.dll||Discovery and association of remote Bluetooth devices.||Manual.
If stopped Bluetooth devices will fail to operate properly.
|BranchCache||PeerDistSvc||peerdistsvc.dll||Caches network content from peers on the local subnet.||Manual|
|Certificate Propagation||CertPropSvc||svchost.exe / certprop.dll||Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver.||Manual|
|Client for NFS||NfsClnt||Not Installed.
Optional feature in Ultimate/Enterprise edition (Control Panel add features)
|CNG Key Isolation||KeyIso||LSASS.exe (Local Security Authority Subsystem)
|Provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria.||Manual|
|COM+ Event System||EventSystem||svchost.exe / comres.dll||Provides automatic distribution of events to subscribing COM components.||Automatic (Started)|
|COM+ System Application||COMSysApp||dllhost.exe||Manual|
|Computer Browser||Browser||svchost.exe / browser.dll||Collects the names of NetBIOS resources on the network, creating a list so that it can participate as a master browser or basic browser (one that takes part in browser elections).
This maintained list of resources (computers) is displayed in Network Neighborhood.
If disabled you can still map drives, but can't browse the whole network.
This has no effect on TCP/IP or internet browsing
|Credential Manager||VaultSvc||LSASS.exe (Local Security Authority Subsystem)
|Provides secure storage and retrieval of credentials to users, applications and security service packages.||Manual|
|Cryptographic Services||CryptSvc||svchost.exe / cryptsvc.dll||Confirm the signatures of Windows files, add and remove Trusted Root Certification Authority certificates, retrieve root certificates from Windows Update.||Automatic (Started)|
|DCOM Server Process Launcher||DcomLaunch||svchost.exe / oleres.dll||Launches COM and DCOM servers in response to object activation requests.||Automatic (Started)
If this service is stopped, programs using COM or DCOM will not function properly.
|Desktop Window Manager Session Manager||UxSms||svchost.exe / dwm.exe||Provides Desktop Window Manager startup and maintenance services||Automatic (Started)|
|DHCP Client||Dhcp||svchost.exe / dhcpcore.dll||Registers and updates IP addresses and DNS records for this computer.||Automatic (Started)
If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates.
|Diagnostic Policy Service||DPS||svchost.exe / dps.dll||Enables problem detection, troubleshooting and resolution for Windows components.||Automatic (Started)|
|Diagnostic Service Host||WdiServiceHost||svchost.exe / wdi.dll||Diagnostic Policy Service - diagnostics that need to run in a Local Service context.||Manual (Started)|
|Diagnostic System Host||WdiSystemHost||svchost.exe / wdi.dll||Diagnostic Policy Service - diagnostics that need to run in a Local System context.||Manual|
|Disk Defragmenter||defragsvc||svchost.exe / defragsvc.dll||Provides Disk Defragmentation Capabilities.||Manual|
|Distributed Link Tracking Client||TrkWks||svchost.exe / trkwks.dll||Maintains links between NTFS files within a computer or across computers in a network.||Automatic (Started)|
|Distributed Transaction Coordinator||MSDTC||MSDTC.exe||Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems.||Manual|
|DNS Client||Dnscache||discache.sys / dnsapi.dll||
Resolves and caches Domain Name System (DNS) names, and registers the full computer name for this computer.
|Encrypting File System (EFS)||EFS||
LSASS.exe (Local Security Authority Subsystem)
|The core file encryption technology used to store encrypted files on NTFS volumes.||Manual|
|Extensible Authentication Protocol||EapHost||svchost.exe / eapsvc.dll||Provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP).||Manual|
|Fax||Fax||fxssvc.exe||Send or receive faxes, using a local or network fax machine/server.||Manual
Optional feature (Control Panel add features)
|Function Discovery Provider Host||fdPHost||svchost.exe / fdPHost.dll||Function Discovery (FD) network discovery providers.||Manual (Started)|
|Function Discovery Resource Publication||FDResPub||svchost.exe / fdrespub.dll||Publish this computer and resources attached to this computer so they can be discovered over the network.||Automatic (Started)|
|Group Policy Client||gpsvc||svchost.exe / gpapi.dll||Applies Group Policy settings.||Automatic (Started)|
|Health Key and Certificate Management||hkmsvc||svchost.exe / kmsvc.dll||Provides X.509 certificate and key management services for the Network Access Protection Agent (NAPAgent).||Manual.
Enforcement technologies that use X.509 certificates will not function properly without this service
|HomeGroup Listener||HomeGroupListener||svchost.exe / ListSvc.dll||Makes local computer changes associated with configuration and maintenance of the homegroup-joined computer.||Automatic (Started)|
|HomeGroup Provider||HomeGroupProvider||svchost.exe / provsvc.dll||Performs networking tasks associated with configuration and maintenance of homegroups.||Manual (Started)|
|Human Interface Device Access||hidserv||svchost.exe / hidserv.dll||Enables generic input access to Human Interface Devices (HID), predefined hot buttons on keyboards, remote controls,etc.||Manual|
|IIS Admin Service||IISADMIN||Optional feature (Control Panel add features)|
|IKE and AuthIP IPsec Keying Modules||IKEEXT||svchost.exe / ikeext.dll||Hosts the Internet Key Exchange and Authenticated Internet Protocol (AuthIP) modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec).||Manual|
||Index the contents and properties of files on local and remote computers.
This can become a resource hog if set to scan the entire volume or multiple volumes.
|Optional feature (Control Panel add features)|
|Interactive Services Detection||UI0Detect||UIODetect.exe||Enables user notification of user input for interactive services, which enables access to dialogs created by interactive services when they appear.||Manual|
|Internet Connection Sharing (ICS)||SharedAccess||svchost.exe / ipnathlp.dll||Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.||Disabled|
|IP Helper||iphlpsvc||svchost.exe / iphlpsvc.dll||Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS.||Automatic (Started)|
|IPsec Policy Agent||PolicyAgent||svchost.exe / polstore.dll||IPsec supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection.||Manual|
|KtmRm for Distributed Transaction Coordinator||KtmRm||svchost.exe / comres.dll||Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM).||Manual|
|Link-Layer Topology Discovery Mapper||lltdsvc||svchost.exe / lltdres.dll||Creates a Network Map, consisting of PC and device topology - connectivity and metadata.||Manual|
|LPD Service||LPDSVC||Optional feature (Control Panel add features)|
|Media Center Extender Service||Mcx2Svc||svchost.exe / ehres.dll||Allows Media Center Extenders to locate and connect to the computer.||Disabled|
|Optional feature (Control Panel add features)|
|Message Queuing Triggers||MSMQTriggers||mqtgsvc.exe
|Optional feature (Control Panel add features)|
|Microsoft .NET Framework NGEN v2.0.50727||clr_optimization_v2.0.50727||mscorsvw.exe||Microsoft .NET Framework NGEN
||Automatic (Delayed Start, Started|
|Microsoft FTP Service||ftpsvc||Optional feature (Control Panel add features)|
|Microsoft iSCSI Initiator Service||MSiSCSI||svchost.exe / iscsidsc.dll||Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices.||Manual|
|Microsoft Software Shadow Copy Provider||swprv||svchost.exe / swprv.dll||Manages software-based volume shadow copies taken by the Volume Shadow Copy service.||Manual|
|Multimedia Class Scheduler||MMCSS||svchost.exe / mmcss.dll||Enables relative prioritization of work based on system-wide task priorities. This is intended mainly for multimedia applications.||Automatic (Started)|
|Net.Msmq Listener Adapter||NetMsmqActivator||SMSSvcHost.exe||Receives activation requests and passes them to the Windows Process Activation Service. net.msmq and msmq.formatname protocols||Optional feature (Control Panel add features)|
|Net.Pipe Listener Adapter||NetPipeActivator||SMSSvcHost.exe||Receives activation requests and passes them to the Windows Process Activation Service. net.pipe protocol||Optional feature (Control Panel add features)|
|Net.Tcp Listener Adapter||NetTcpActivator||SMSSvcHost.exe||Receives activation requests over the net.tcp protocol and passes them to the Windows Process Activation Service.||Optional feature (Control Panel add features)|
|Net.Tcp Port Sharing Service||NetTcpPortSharing||SMSSvcHost.exe||Provides ability to share TCP ports over the net.tcp protocol.||Optional feature (Control Panel add features)|
LSASS.exe (Local Security Authority Subsystem)
|Network Authentication: Maintains a secure channel between this computer and the domain controller for authenticating users and services.||Manual|
|Network Access Protection Agent||napagent||svchost.exe / qagentrt.dll||Collects and manages health information for client computers on a network. Health policy ensures that the client computer has the required software and settings.||Manual|
|Network Connections||Netman||svchost.exe / netman.dll||Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.||Manual (Started)|
|Network List Service||netprofm||svchost.exe / netprofm.dll||Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change.||Manual (Started)|
|Network Location Awareness||NlaSvc||svchost.exe / nlasvc.dll||Collects and stores configuration information for the network and notifies programs when this information is modified.||Automatic (Started)|
|Network Store Interface Service||nsi||svchost.exe / nsisvc.dll||delivers network notifications (e.g. interface addition/deleting etc) to user mode clients.||Automatic (Started)|
|Offline Files||CscService||svchost.exe / cscsvc.dll||Maintains the Offline Files cache, responds to user logon/logoff events||Automatic (Started)|
|Parental Controls||WPCSvc||svchost.exe||For backward compatibility only.||Manual|
|Peer Name Resolution Protocol||PNRPsvc||svchost.exe / pnrpsvc.dll||Enables serverless peer name resolution over the Internet using the Peer Name Resolution Protocol (PNRP).||Manual|
|Peer Networking Grouping||p2psvc||svchost.exe / p2psvc.dll||Enables multi-party communication using Peer-to-Peer Grouping.||Manual|
|Peer Networking Identity Manager||p2pimsvc||svchost.exe / pnrpsvc.dll||Provides identity services for the Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Grouping services.||Manual|
|Performance Counter DLL Host||PerfHost||perfhost.exe||Enables remote users and 64-bit processes to query performance counters provided by 32-bit DLLs.|
|Performance Logs & Alerts||pla||svchost.exe / pla.dll||Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert.||Manual|
|Plug and Play||PlugPlay||svchost.exe / umpnpmgr.dll||Enables a computer to recognize and adapt to hardware changes with little or no user input.||Automatic (Started)|
|PnP-X IP Bus Enumerator||IPBusEnum||svchost.exe / IPBusEnum.dll||Manages the virtual network bus, discovers network connected devices and gives them presence in PnP.||Manual|
|PNRP Machine Name Publication Service||PNRPAutoReg||svchost.exe / pnrpauto.dll||Publishes a machine name using the Peer Name Resolution Protocol.||Manual|
|Portable Device Enumerator Service||WPDBusEnum||svchost.exe / wpdbusenum.dll||Enforces group policy for removable mass-storage devices.||Manual|
|Power||Power||svchost.exe / umpo.dll||Manages power policy and power policy notification delivery.||Automatic (Started)|
|Print Spooler||Spooler||SPOOLSVC.exe||Loads files to memory for later printing||Automatic (Started)|
|Problem Reports and Solutions Control Panel Support||wercplsupport||svchost.exe / wercplsupport.dll||Provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports and Solutions control panel.||Manual|
|Program Compatibility Assistant Service||PcaSvc||svchost.exe / pcasvc.dll||Provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detects known compatibility problems.||Manual|
|Protected Storage||ProtectedStorage||LSASS.exe (Local Security Authority Subsystem)
|Provides protected storage for sensitive data, such as passwords, to prevent access by unauthorized services, processes, or users.||Manual|
|Quality Windows Audio Video Experience||QWAVE||svchost.exe / qwave.dll||Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks.||Manual|
|Remote Access Auto Connection Manager||RasAuto||svchost.exe / rasauto.dll||Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.||Manual|
|Remote Access Connection Manager||RasMan||svchost.exe / rasmans.dll||Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks.||Manual|
|Remote Desktop Configuration||SessionEnv||svchost.exe / SessEnv.dll||Responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context.||Manual|
|Remote Desktop Services||TermService||svchost.exe / termsrv.dll||Allows users to connect interactively to a remote computer.||Manual|
|Remote Desktop Services UserMode Port Redirector||UmRdpService||svchost.exe/ /umrdp.dll||Allows the redirection of Printers/Drives/Ports for RDP connections||Manual|
|Remote Procedure Call (RPC)||RpcSs||svchost.exe / oleres.dll||The Service Control Manager for COM and DCOM servers. Aactivation requests, garbage collection.||Automatic (Started)|
|Remote Procedure Call (RPC) Locator||RpcLocator||Locator.exe||In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility.||Manual|
|Remote Registry||RemoteRegistry||svchost.exe / regsvc.dll||Enables remote users to modify registry settings on this computer.||Manual|
|RIP Listener||iprip||isapnp.sys||Optional feature (Control Panel add features)|
|Routing and Remote Access||RemoteAccess||svchost.exe / mprdim.dll||Offers routing services to businesses in local area and wide area network environments.||Disabled|
|RPC Endpoint Mapper||RpcEptMapper||svchost.exe / RpcEpMap.dll||Resolves RPC interfaces identifiers to transport endpoints.||Automatic (Started)|
|Secondary Logon||seclogon||svchost.exe / seclogon.dll||Enables starting processes under alternate credentials.||Manual
If this service is stopped, this type of logon access will be unavailable.
|Secure Socket Tunneling Protocol Service||SstpSvc||svchost.exe / sstpsvc.dll||Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN.||Manual|
|Security Accounts Manager||SamSs||LSASS.exe (Local Security Authority Subsystem)
|The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests.||Automatic (Started)|
|Security Center||wscsvc||svchost.exe / wscsvc.dll||Monitors and reports security health settings: Firewall, antivirus, antispyware, Windows Update, UAC, and Internet settings||Automatic (Delayed Start, Started)|
|Server||LanmanServer||svchost.exe / srvsvc.dll||Supports file, print, and named-pipe sharing over the network for this computer.||Automatic (Started)|
|Shell Hardware Detection||ShellHWDetection||svchost.exe / shsvcs.dll||Provides notifications for AutoPlay hardware events.||Automatic (Started)|
|Simple TCP/IP Services||simptcp||Optional feature (Control Panel add features)|
|Smart Card||SCardSvr||svchost.exe / SCardSvr.dll||Manages access to smart cards read by this computer.||Manual|
|Smart Card Removal Policy||SCPolicySvc||svchost.exe / certprop.dll||Allows the system to be configured to lock the user desktop upon smart card removal.||Manual|
|SNMP Service||SNMP||Optional feature (Control Panel add features)|
|SNMP Trap||SNMPTRAP||SNMPTRAP.exe||Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer.||Manual|
|Software Protection||sppsvc||SPPSVC.exe||Enables the download, installation and enforcement of digital licenses for Windows and Windows applications.||Automatic (Delayed Start, Started)|
|SPP Notification Service||sppuinotify||svchost.exe / sppuinotify.dll||Provides Software Licensing activation and notification||Manual|
|SSDP Discovery||SSDPSRV||svchost.exe / ssdpsrv.dll||Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices.||Manual (Started)|
|Storage Service||StorSvc||svchost.exe / StorSvc.dll||Enforces group policy for storage devices||Manual|
|Superfetch||SysMain||svchost.exe / sysmain.dll||Maintains and improves system performance over time.||Automatic (Started)|
|System Event Notification Service||SENS||svchost.exe / Sens.dll||Monitors system events and notifies subscribers to COM+ Event System of these events.||Automatic (Started)|
|Tablet PC Input Service||TabletInputService||svchost.exe / TabSvc.dll||Enables Tablet PC pen and ink functionality||Manual|
|Task Scheduler||Schedule||svchost.exe / schedsvc.dll||Configure and schedule automated tasks.||Automatic (Started)|
|TCP/IP NetBIOS Helper||lmhosts||svchost.exe / lmhsvc.dll||Provides support for NetBIOS over TCP/IP (NetBT) and NetBIOS name resolution for clients on the network.||Automatic (Started)
If not required can be set to manual or disabled.
|Telephony||TapiSrv||svchost.exe / tapisrv.dll||Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service.||Manual|
|Telnet||TlntSvr||Optional feature (Control Panel add features)|
|Themes||Themes||svchost.exe / themeservice.dll||Provides user experience theme management.||Automatic (Started)|
|Thread Ordering Server||THREADORDER||svchost.exe / mmcss.dll||Provides ordered execution for a group of threads within a specific period of time.||Manual|
|TPM Base Services||TBS||svchost.exe / tbssvc.dll||Enables access to the Trusted Platform Module (TPM), which provides hardware-based cryptographic services to system components and applications.||Manual|
|UPnP Device Host||upnphost||svchost.exe / upnphost.dll||Allows UPnP devices to be hosted on this computer.||Manual|
|User Profile Service||ProfSvc||svchost.exe / profsvc.dll||Loading and unloading user profiles.||Automatic (Started)|
|Virtual Disk||vds||VDS.exe||Provides management services for disks, volumes, file systems, and storage arrays.||Manual|
|Volume Shadow Copy||VSS||VSSVC.exe||Manages and implements Volume Shadow Copies used for backup and other purposes.||Manual|
|Web Management Service||WMSVC||Optional feature (Control Panel add features)|
|WebClient||WebClient||svchost.exe / webclnt.dll||Enables Windows-based programs to create, access, and modify Internet-based files.||Manual|
|Windows Audio||AudioSrv||svchost.exe / audiosrv.dll||Manages audio for Windows-based programs.||Automatic (Started)
If this service is stopped, audio devices and effects will not function properly.
|Windows Audio Endpoint Builder||AudioEndpointBuilder||svchost.exe||Manages audio devices for the Windows Audio service.||Automatic (Started)
If this service is stopped, audio devices and effects will not function properly.
|Windows Backup||SDRSVC||svchost.exe / sdrsvc.dll||Windows Backup and Restore capabilities.||Manual|
|Windows Biometric Service||WbioSrvc||svchost.exe / wbiosrvc.dll||The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples.||Manual|
|Windows CardSpace||idsvc||infocard.exe||Securely enables the creation, management, and disclosure of digital identities.||Manual|
|Windows Color System||WcsPlugInService||svchost.exe / WcsPlugInService.dll||Third-party Windows Color System color device model and gamut map model plug-in modules. These plug-in modules are vendor-specific extensions to the Windows Color System baseline.||Manual|
|Windows Connect Now – Config Registrar||wcncsvc||svchost.exe / wcncsvc.dll||Microsoft's Implementation of Wi-Fi Protected Setup (WPS) protocol. This is used to configure Wireless LAN settings for an Access Point (AP) or a Wi-Fi Device.||Manual|
|Windows Defender||WinDefend||svchost.exe / MsMpRes.dll||Protection against spyware and potentially unwanted software.||Automatic (Delayed Start, Started)|
|Windows Driver Foundation – User-mode Driver Framework||wudfsvc||svchost.exe / wudfsvc.dll||Creates and manages user-mode driver processes. This service cannot be stopped.||Manual|
|Windows Error Reporting Service||WerSvc||svchost.exe / wersvc.dll||Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services.||Manual|
|Windows Event Collector||Wecsvc||svchost.exe / wecsvc.dll||Manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources.||Manual|
|Windows Event Log||EventLog||svchost.exe / wevtsvc.dll||Manages events and event logs.||Automatic (Started)|
|Windows Firewall||MpsSvc||svchost.exe / FirewallAPI.dll||Windows Firewall||Automatic (Started)|
|Windows Font Cache Service||FontCache||svchost.exe / FntCache.dll||Cache commonly used font data.||Automatic (Delayed Start, Started)|
|Windows Image Acquisition (WIA)||StiSvc||svchost.exe / wiaservc.dll||Provides image acquisition services for scanners and cameras||Manual|
|Windows Installer||msiserver||MSIEXEC.exe||Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package.||Manual|
|Windows Management Instrumentation||Winmgmt||svchost.exe / wmisvc.dll||Provides a common interface and object model to access management information about operating system, devices, applications and services.||Automatic (Started)|
|Windows Media Center Receiver Service||ehRecvr||ehRecvr.exe||Windows Media Center Service for TV and FM broadcast reception||Optional feature (Control Panel add features)|
|Windows Media Center Scheduler Service||ehSched||ehSched.exe||Starts and stops recording of TV programs within Windows Media Center||Optional feature (Control Panel add features)|
|Windows Media Player Network Sharing Service||WMPNetworkSvc||wmpnetwk.exe||Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play - provided for backward compatibility only.||Manual (Started)|
|Windows Modules Installer||TrustedInstaller||TrustedInstaller.exe||Enables installation, modification, and removal of Windows updates and optional components.||Manual|
|Windows Presentation Foundation Font Cache 126.96.36.199||FontCache188.8.131.52||PresentationFontCache.exe||Cache commonly used font data for Windows Presentation Foundation (WPF) applications.||Manual|
|Windows Process Activation Service||WAS||WatUX.exe||Performs Windows 7 Validation.||Optional feature (Control Panel add features)|
|Windows Remote Management (WS-Management)||WinRM||svchost.exe / wsmsvc.dll||Implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management.
The WinRM service reserves the /wsman URL prefix.
|Windows Search||WSearch||SearchIndexer.exe||Provides content indexing, property caching, and search results for files, e-mail, and other content.||Optional feature (Control Panel add features)|
|Windows Time||W32Time||svchost.exe / w32time.dll||Maintains date and time synchronization on all clients and servers in the network.||Manual|
|Windows Update||wuauserv||svchost.exe / wuaueng.dll||Enables the detection, download, and installation of updates for Windows and other programs.||Automatic (Delayed Start, Started)|
|WinHTTP Web Proxy Auto-Discovery Service||WinHttpAutoProxySvc||svchost.exe / winhttp.dll||Implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses.||Manual|
|Wired AutoConfig||dot3svc||svchost.exe / dot3svc.dll||IEEE 802.1X authentication on Ethernet interfaces.||Manual|
|WLAN AutoConfig||Wlansvc||svchost.exe / wlansvc.dll||Provides the logic required to configure, discover, connect to, and disconnect from a wireless local area network (WLAN) as defined by IEEE 802.11 standards.||Manual|
|WMI Performance Adapter||wmiApSrv||WmiApSrv.exe / wmiapsrv.exe||Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network.||Manual|
|Workstation||LanmanWorkstation||svchost.exe / wkssvc.dll||Creates and maintains client network connections to remote servers using the SMB protocol.||Automatic (Started)|
|World Wide Web Publishing Service||W3SVC||Optional feature (Control Panel add features)|
|WWAN AutoConfig||WwanSvc||svchost.exe / wwansvc.dll||Manages mobile broadband (GSM & CDMA) data card/embedded module adapters and connections by auto-configuring the networks.||Manual|
The defaults above are based on Windows 7 Professional SP1, defaults for other versions, Home/Ultimate etc can be found over on the Black Viper Service Tweaking guide.
Before changing any of the defaults - use the links above to find what exactly the service does.
It is inadvisable to disable a service without being aware of the consequences, always start by setting the service to manual, reboot and test for any problems.
A service set to manual will be automatically restarted if another service is dependent on it.
A service set to disabled will not restart even if it's required to boot the machine!
If a service crashes the machine at startup, you can DISABLE it using the recovery console.
Stopping or disabling a service will generally save a small amount of memory and will reduce the number of software interrupts (cpu message queue.) The main reason for tinkering with services is to harden the system against security vulnerabilities. Disable everything that you don’t need or use - then any future problems with those services cannot affect the machine.
The security group All Services (NT SERVICES\ALL SERVICES) includes all service processes that are configured on the system. Membership of this group is controlled by the OS.
To document all the services currently installed:
SC QUERY state= all |findstr "DISPLAY_NAME STATE" >my_services.csv
Some services communicate and send data directly to Microsoft, this is not generally something to lose sleep over. Managing the running of these services might be a consideration if confidentiality or anonymity is highly important to you.
To delete a service use the SC delete command:
SC delete NameofServiceTodelete
In addition to other Default User & Group accounts there are 3 built-in accounts, designed for running background services.
Local Service Account (NT AUTHORITY\LOCAL SERVICE) - has the same level of access to resources and objects as members of the Users group. This limited access helps safeguard the system if individual services or processes are compromised. Services that run as the Local Service account access network resources as a null session without credentials. (This account is not supported for running SQL Server services.)
Network Service Account (NT AUTHORITY\NETWORK SERVICE) - has more access to resources and objects than members of the Users group. Services that run as the Network Service account access network resources by using the credentials of the computer account.
Local System Account (NT AUTHORITY\SYSTEM) - a very high-privileged built-in account. It has extensive privileges on the local system and acts as the computer on the network.
Windows 2008 introduced a new feature: Managed Service Accounts these provide automatic password management and simplified service principal name (SPN) management. Service accounts are created in PowerShell with New-ADServiceAccount
“The service we render to others is really the rent we pay for our room on this earth. It is obvious that man is himself a traveler; that the purpose of this world is not 'to have and to hold' but 'to give and serve.' There can be no other meaning” - Sir Wilfred T. Grenfell
SC - Service Control
TASKLIST - List running tasks and services
PORTQRY - Enumerate SQL Server instances, Local ports, local services and the DLL modules loaded.
WinMSD - List running services
ServiceStatus.ps1 - List all services (Powershell)
Safe Mode - Press F8 during bootup to start with mimimal services running.
Recovery - The Recovery Console
WMIC SERVICE - WMI access to services
DComCnfg - Disable/configure Component Services
windows\system32\drivers\etc\services - Ports and Services
The Elder Geek - Services Guide
Q137890 - SRVANY - create a User-Defined Service
Q288129 - Grant users the right to manage services (Windows 2000 KB but still works in Windows 7)