We can delete the old profiles lying in the system c:\documents and settings\ you can use the below command
delprof /Q /I /D:60
this will delete the profiles not in use more than 60 days
The file associations for .LNK files on a Windows 7 computer have changed from their default association to another application program, ie. Internet Explorer Picture Viewer, with the result that none of the program shortcut icons or desktop icons launch their respective programs - they all attempt to launch Explorer. Changing the file association on an individual shortcut results in all shortcuts being changed to the selected program. Is there a way to change the .LNK file associations back to the Windows default in order to relate the shortcuts to their respective application program?
Solution - Just download the Registry Fix and merged the .reg file with registry.
Whenever you insert a USB drive, CD/DVD, etc into your system, Windows automatically launches an Autorun dialog box which allows you to select an action from the given list. You can browse the content, play media files, etc using Autorun dialog box.
To disable Autorun functionality in Windows:
1. Type regedit in RUN or Startmenu searchbox and press Enter. It'll open Registry Editor.
2. Go to following key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
If the above key doesn't exist, create it.
3. In right-side pane, create a new DWORD value NoDriveTypeAutoRun and set its value to any of following according to your requirements:
FF - To disable AutoRun on all drives
20 - To disable AutoRun on CD-ROM drives
4 - To disable AutoRun on removable drives
8 - To disable AutoRun on fixed drives
10 - To disable AutoRun on network drives
40 - To disable AutoRun on RAM disks
1 - To disable AutoRun on unknown drives
4. If you want to disable Autorun on a combination of drives, you'll need to calculate sum of the values. For example, if you want to disable Autorun on CD-ROM drives and removable drives, you'll need to set the value to 20+4=24.
5. If you want to restore the Autorun functionality, simply delete the NoDriveTypeAutoRun DWORD value created in Step 3 Or you can set the default value which is given below:
Windows 2000: 95
Windows XP: 91
Windows Server 2003: 95
Windows Vista, Server 2008 and 7: 91
6. If you want to disable Autorun functionality for all users in your system, use the "HKEY_LOCAL_MACHINE" instead of "HKEY_CURRENT_USER" mentioned in Step 2.
In Windows you can change desktop wallpaper, screen saver, themes and other appearance settings by right-click on Desktop and select "Properties".
If you want to disable all or a few options in Desktop Properties to restrict users or you might want to enable those options in case they are disabled by your system administrator or a virus infection.
Following tutorial will help you in enabling or disabling all or a particular option in Desktop Properties:
A. Disable Themes Tab in Desktop Properties:
Type regedit in RUN dialog box and press Enter. Now goto:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ Explorer
If "Explorer" key is not present, then create it. Now in right-side pane, create a new DWORD value NoThemesTab and set its value to 1 to disable it.
B. Disable Desktop Tab in Desktop Properties:
Type regedit in RUN dialog box and press Enter. Now goto:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ System
If "System" key is not present, then create it. Now in right-side pane, create a new DWORD value NoDispBackgroundPage and set its value to 1 to disable it.
C. Disable Screen Saver Tab in Desktop Properties:
Type regedit in RUN dialog box and press Enter. Now goto:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ System
If "System" key is not present, then create it. Now in right-side pane, create a new DWORD value NoDispScrSavPage and set its value to 1 to disable it.
D. Disable both Themes and Appearance Tabs in Desktop Properties:
Type regedit in RUN dialog box and press Enter. Now goto:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ System
If "System" key is not present, then create it. Now in right-side pane, create a new DWORD value NoDispAppearancePage and set its value to 1 to disable it.
E. Disable Settings Tab in Desktop Properties:
Type regedit in RUN dialog box and press Enter. Now goto:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ System
If "System" key is not present, then create it. Now in right-side pane, create a new DWORD value NoDispSettingsPage and set its value to 1 to disable it.
* If you want to enable a restricted tab in Desktop Properties, just delete the required DWORD value as mentioned above or change its value to 0 instead of 1.
To hide or show any specific Control Panel applet in Windows.
A: For All Windows Versions except Windows 95, 98 & Me
1. Type regedit in RUN dialog box and press Enter. Now go to:
HKEY_CURRENT_USER\Control Panel\
OR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\
2. Under this key create a new key with the name don't load , so the new path will be:
HKEY_CURRENT_USER\Control Panel\don't load
OR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\don't load
3. Now in right-side pane, create new String value. Set its name to the file name of the applet which you want to hide, e.g. if you want to hide Display applet then set its name to Desk.cpl now set its value to no to hide it. If you want to show it again, either set its value to yes or simply delete the String value.
To use the above mentioned method, you'll need to know the .CPL file name of the desired applet. You can search for .CPL in Windows Search or you can use help of following list which contains .cpl file names of almost all default Control Panel applets:
Access.cpl Accessibility
Appwiz.cpl Add or Remove Programs
Bthprops.cpl Bluetooth Devices
Desk.cpl Display
Hdwwiz.cpl Add New Hardware
Inetcpl.cpl Internet Options
Intl.cpl Regional and Language Options
Joy.cpl Game Controllers
Keymgr.cpl Stored User Names and Passwords
Liccpa.cpl Licensing
Main.cpl Mouse
Mlcfg32.cpl Mail
Mmsys.cpl Sound and Audio Devices
Ncpa.cpl Network Connections
Nusrmgr.cpl User Accounts
Nwc.cpl Netware client connectivity
Odbccp32.cpl ODBC Data Source Administrator
Powercfg.cpl Power Options
Sysdm.cpl System
Telephon.cpl Phone and Modem Options
Timedate.cpl Date and Time
Sapi.cpl Speech
Wuaucpl.cpl Automatic Updates
Wscui.cpl Security Center or Action Center
B: For All Windows Versions except Windows 95, 98 & Me
1. Type regedit in RUN dialog box and press Enter. Now go to:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
2. Look for a key "Explorer" under it. If its not present, then create a new one and give it name Explorer.
3. Select "Explorer" key and in right-side pane, create a new DWORD value DisallowCpl and set its value to 1
4. Now create another new key under Explorer key with the name DisallowCpl so the new path will be:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ Explorer\DisallowCpl
5. Select "DisallowCpl" key and in right-side, create new String value with name 1 and set its value to the applet name which you want to hide.You don't need to use the .cpl file name of applet in this method. You have to put the applet label which you see in Control Panel.
e.g., If you want to hide AutoPlay applet, then create a new String value, give it name 1 and set its value to AutoPlay. If you want to hide more applets, then simply create more String values with names 2, 3 and so on and set their values to the applet label.
C: For All Windows Versions except Windows 95, 98 & Me
In this method, you'll tell Windows which applets should be visible and Windows will automatically hide the rest.
Its useful when you want to show a few specific applets and want to hide remaining applets. So you just need to create a few String values to tell Windows which applets you want to show. It'll save your valuable time.
1. Type regedit in RUN dialog box and press Enter. Now go to:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
2. Look for a key "Explorer" under it. If its not present, then create a new one and give it name Explorer.
3. Select "Explorer" key and in right-side pane, create a new DWORD value RestrictCpl and set its value to 1
4. Now create another new key under Explorer key with the name RestrictCpl so the new path will be:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ Explorer\RestrictCpl
5. Select "RestrictCpl" key and in right-side, create new String value with name 1 and set its value to the applet name which you want to show.You don't need to use the .cpl file name of applet in this method. You have to put the applet label which you see in Control Panel.
e.g., If you want to show AutoPlay applet, then create a new String value, give it name 1 and set its value to AutoPlay. If you want to show more applets, then simply create more String values with names 2, 3 and so on and set their values to the applet label.
Now Windows will only show the applets which you mentioned in String values, other applets will be hidden.
D: For Windows 95, 98 & Me
1. Open "%windir%\Control.INI" file. Where "%windir%" denotes Windows folder which is present in system drive where Windows is installed.
2. You'll see a line saying [don't load] in the file. If you can't find it, then create a new line at last.
3. Now under this line, you can set .CPL file name of your desired applet which you want to hide in following format:
filename.cpl=no
e.g.,
If you want to hide Display applet, then the syntax will be:
desk.cpl=no
You can create similar lines for other applets which you want to hide. The .CPL file name can be obtained from the list mentioned in A.
To repair Windows Advance Option (F8)
The reason for corrupt of Windows Advance Option - Safe mode & other are not work (system restart or error of BSOD) is Virus. Some Virus remove the Windows Advance Option Menu Setting.
To resolve the issue:
The registry keys to boot into Safe Mode are under the SafeBoot key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
You can boot into Safe Mode without or with networking, there is a subkey for each mode: Minimal (no networking) and Network (with networking).
Each device, driver or service that has to be started has a subkey under the Minimal or Network key.
If you want to disable a device, driver or service in Safe Mode, just delete the corresponding subkey (make a backup first).
I tested this with key {4D36E965-E325-11CE-BFC1-08002BE10318} (resulted in a disabled CD-ROM drive) and PlugPlay (resulted in a disabled Plug and Play service).
I compared several SafeBoot registry keys for Windows XP SP2 on different hardware platforms, and they were all identical. However, there were some small differences when comparing different operatings systems (Windows XP SP1, SP2 and Windows 2003 SP1). Remember that Safe Mode was introduced with Windows 2000.
These are minor differences, just listing devices, drivers or services that are only present on one version of Windows. For example, I found Volume shadow copy on a Windows 2003 and not on Windows XP. And Windows 2003 also had less network services than Windows XP, this is probably a result of the default hardening of Windows 2003: more services and applications are disabled by default on Windows 2003 than on Windows XP.
To repair you PC for Working of Windows Advance Option Menu insert or check the safe mode registry setting is there if not insert it. If you want to insert the Safe Mode default registry setting than download the attachment & Import it.
When dealing with a Blue Screen of Death at boot - the first option should be to boot into Safe Mode (press F8 during bootup). From safe mode you can run a system restore with %systemroot%\system32\restore\rstrui.exe
Some hardware failures are so severe they prevent booting into Safe Mode.
The recovery console allows an alternative boot option giving a limited command prompt - this can be used to disable services or replace system files until you are able to boot into safe mode.
Recovery Console commands: ATTRIB Change file attributes BATCH Execute a batch file CD Change directory CHKDSK Check Disk CLS Clear screen COPY Copy files* DEL Delete Files* DIR Directory listing DISABLE Disable Service DISKPART Create or delete disk Partitions (like running setup) ENABLE Enable Service EXIT Quit the recovery console and reboot EXPAND FIXBOOT Write a new boot sector to the system partition FIXMBR Repair the Master boot Record FORMAT FORMAT drive /FS:NTFS HELP LISTSVC List all services and drivers LOGON Logon as administrator (local) MAP List local physical drive mappings MAP arc List local physical drive mappings(ARC path) MD Make Directory* MORE RD Remove Directory* REN Rename file* SYSTEMROOT Set the current directory to be %Systemroot% * File operations are only possible on: system directories, floppy drive(removable media), Root directories, local install sources. You can copy FROM but not TO a floppy disk.
Installation:
The recovery console is not installed by default, from the install CD use the command: D:\i386\winnt32 /cmdcons
Then restart the machine.
A list of all the standard services
|
ServiceName |
Service (Key) |
Process |
Description |
Default Status & notes |
|
Alerter |
Services.exe
|
Distribute administrative alerts to specific users or machines.
|
Manual.
|
|
|
Application Layer Gateway Service |
alg.exe |
Support for Internet Connection Sharing and theInternet Connection Firewall |
Manual |
|
|
Application Management |
Services.exe or svchost.exe |
Installation services (Add/Remove Programs) - Assign, Publish, and Remove. |
Manual |
|
|
Automatic Updates |
svchost.exe -k wugroup |
Enable the download and installation of critical Windows updates. |
Automatic.
|
|
|
Background Intelligent Transfer Service |
svchost.exe -k BITSgroup |
Transfer files using idle network bandwidth, maintain file transfers through network disconnections and computer restarts. |
Automatic
|
|
|
Clipbook Server |
Clipsrv.exe |
Provides support for the Clipbook Viewer, which allows the clipboard of the source machine to be accessed remotely. |
Disabled |
|
|
COM+ Event System |
svchost.exe -k netsvcs |
Automatic distribution of events to subscribing COM components. |
Manual |
|
|
Computer Browser |
Services.exe |
Collects the names of NetBIOS resources on the network, creating a list so that it can participate as a master browser or basic browser (one that takes part in browser elections).
|
Automatic.
|
|
|
Cryptographic Services |
svchost.exe |
Management of Certification Authority certificates. Driver Catalog Database, Protected Root and Key certificate Services. |
Automatic |
|
|
DCOM Server Process Launcher |
svchost.exe |
Launch DCOM services |
Automatic |
|
|
DHCP Client |
Services.exe or svchost.exe |
Manage network configuration by registering and updating IP addresses and DNS names. |
Automatic
|
|
|
Distributed Link Tracking Client |
Services.exe or svchost.exe |
Send notification of files moving between NTFS volumes in a network domain. |
Automatic
|
|
|
Distributed Transaction Coordinator |
MSDTC.exe |
Coordinate transactions that are distributed across two or more databases, message queues, file systems, or other transaction protected resource managers. |
Manual
|
|
|
DNS Client |
Services.exe |
Resolves and caches Domain Name System (DNS) names. |
Automatic |
|
|
Directory Replicator (Server only) |
Lmrepl.exe |
Replicate specified files & folders between computers.
|
Automatic
|
|
|
Error Reporting Service |
svchost.exe |
Report errors back to Microsoft in Redmond. |
Automatic
|
|
|
EventLog |
Services.exe |
Record System, Security, and Application Events.
|
Automatic |
|
|
Fast User Switching Compatibility |
svchost.exe |
Enable multiple users to login to the same PC simultaneously. |
Manual |
|
|
Fax Service |
faxsvc.exe |
Send and receive faxes |
Automatic or Manual |
|
|
Help and Support |
svchost.exe |
Help and Support Center |
Automatic.
|
|
|
Human Interface Device Access |
svchost.exe |
Support for extra keyboard 'hot buttons' and other multimedia input devices. |
Disabled |
|
|
HTTP SSL |
svchost.exe |
Support for HTTPS (Secure Socket Layer) websites such as banking and e-commerce. |
Manual |
|
|
IMAPI CD-Burning COM Service |
imapi.exe |
CD-Rom Burning |
Manual
|
|
|
Indexing Service |
cisvc.exe |
Index the contents and properties of files on local and remote computers.
|
Manual
|
|
|
IPSEC Policy Agent |
lsass.exe |
Manage IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. |
Automatic
|
|
|
License Logging Service (Server) |
Llssrv.exe |
License tracking on a server or DC (Domain Controller). |
If disabled then licensing status alerts will not be generated. |
|
|
Logical Disk Manager |
services.exe or svchost.exe |
Required by the MMC Disk Management plug-in. |
Automatic |
|
|
Logical Disk Manager Administrative Service |
dmadmin.exe /com |
Administrative service for disk management requests |
Manual |
|
|
Message Queuing |
mqsvc.exe |
Message Queuing |
||
|
Message Queuing Triggers |
mqtgsvc.exe |
Message Queuing |
||
|
MS Software Shadow Copy Provider Service |
dllhost.exe |
Microsoft Backup Utility |
Manual
|
|
|
Messenger |
Services.exe |
Process the receipt or delivery of pop-up messages sent via NET SEND.
|
Disabled
|
|
|
Network Connections |
svchost.exe -k netsvcs |
Manage objects in the Network and Dial-Up Connections folder (LAN and remote connections.) |
Manual |
|
|
Net Logon |
Lsass.exe
|
Network Authentication: maintains a synced domain directory database between the PDC and BDC(s), handles authentication of respective accounts on the DCs, and authenticates domain accounts on networked machines. |
Automatic
|
|
|
NetMeeting Remote Desktop Sharing |
mnmsrvc.exe |
Allows authorized people to remotely access your Windows desktop using NetMeeting. |
Manual.
|
|
|
Network DDE |
Netdde.exe |
Support the network transport of DDE (Dynamic Data Exchange) connections.
|
Disabled |
|
|
Network DDE DSDM |
Netdde.exe |
Manage shared DDE conversations (from shares like: \\computername\ndde$).
|
Disabled |
|
|
NLA - Network Location Awareness |
svchost.exe |
Part of Internet Connection Sharing (ICS) and the Internet Connection Firewall (ICF) |
Manual |
|
|
Network Provisioning Service |
svchost.exe |
Manage XML configuration files on a domain basis |
Manual |
|
|
NT LM Security Support Provider |
Services.exe |
Extends NT security to Remote Procedure Call (RPC) programs using various transports other than named pipes.
|
Manual |
|
|
Performance Logs and Alerts (XP)
|
smlogsvc.exe |
Configure performance logs and alerts. |
Manual. May be disabled if the alerts are not needed. |
|
|
Plug and Play |
Services.exe |
Plug and Play.
|
Automatic |
|
|
Universal Plug and Play Host |
svchost.exe |
Device Host detect and configure external UPnP devices.
|
Manual |
|
|
Portable Media Serial Number Service |
svchost.exe |
Retrieves the serial number of any portable media player connected to this computer. |
Manual
|
|
|
Print Spooler or Spooler |
Spoolsv.exe
|
The NT printing subsystem. |
Automatic - If you print documents.
|
|
|
Protected Storage |
Pstores.exe |
Encrypt and store secure info: SSL certificates, passwords for Outlook, Outlook Express, Profile Assistant, MS Wallet, and digitally signed S/MIME keys. |
Automatic. |
|
|
QoS RSVP |
rsvp.exe -s |
Provide network signaling and local traffic control setup functionality for QoS-aware programs and control applets. |
Manual |
|
|
Remote Access Auto Connection Manager
|
svchost.exe -k netsvcs |
Activates automatic dial-up when a URL link is clicked.
|
Manual
|
|
|
Remote Access Connection Manager |
svchost.exe -k netsvcs |
Required for most but not all RAS, ADSL or Cable connections. |
Manual.
|
|
|
Remote Desktop Help Session Manager |
sessmgr.exe |
Remote Desktop Help Session Manager. |
Manual
|
|
|
Remote Procedure Call (RPC) Service
|
svchost -k rpcss |
This RPC subsystem is crucial to the operations of any RPC activities taking place on a system (e.g. DCOM) |
Automatic
|
|
|
Remote Procedure Call (RPC) Locator |
Locator.exe |
Maintain the RPC name server database, requires the RPC service (below) to be started. Database of available server applications. |
Manual. |
|
|
Remote Registry Service (XP Pro only) |
regsvc.exe |
Allow remote registry manipulation. |
Automatic
|
|
|
Removable Storage |
svchost.exe -k netsvcs |
Manage removable media, drives, and libraries. |
Manual. |
|
|
RIP Listener |
Listen for RIP announcements from routers and modify the routing table accordingly. |
To use the RIP Listener service, your adjacent routers must support the RIP v1 protocol. You'll find the RIP Listener service under Add/Remove Windows Components - Networking Services. |
||
|
Routing and Remote Access |
svchost.exe -k netsvcs |
Allow incoming connections via dial in or VPN. (WAN Routing) |
Disabled |
|
|
Secondary Logon (Win XP) |
services.exe or svchost.exe |
Enables starting processes under alternate credentials. |
Automatic
|
|
|
Security Accounts Manager (Win 2K) |
lsass.exe |
Stores security information for local user accounts. |
Automatic |
|
|
Security Center |
svchost.exe |
Monitor system security settings and configurations. |
Automatic
|
|
|
Server |
Services.exe |
Support for peer-to peer file sharing, print sharing, and named pipe sharing via SMB services. |
Automatic
|
|
|
Shell Hardware Detection |
svchost.exe |
CD Autoplay |
Automatic. |
|
|
Smart Card |
SCardSvr.exe |
Manages and controls access to a smart card inserted into a smart card reader attached to the computer. |
Manual
|
|
|
Smart Card Helper |
SCardSvr.exe |
legacy smart card readers |
Removed in XP SP2 |
|
|
SNMP Service |
snmp.exe |
Agents that monitor the activity in network devices and report to the network console workstation. |
Automatic (if installed) |
|
|
SSDP Discovery Service |
svchost.exe |
Simple Service Discovery Protocol.
|
Manual
|
|
|
System Event Notification |
svchost.exe -k netsvcs |
Track system events such as Windows logon, network, and power events.
|
Automatic. |
|
|
System Restore Service |
svchost.exe |
Creates system snap shots.
|
Automatic
|
|
|
Task Scheduler or Schedule |
atsvc.exe or mstask.exe |
This service is required to schedule background tasks (run at a specific date & time)
|
Automatic |
|
|
TCP/IP NetBIOS Helper
|
Services.exe |
Support for name resolution in a Windows 2000 domain . (Netbios/Wins)
|
Automatic
|
|
|
Telephony |
Tapisrv.exe |
Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections. e.g unimodem modems. |
Manual |
|
|
Telnet
|
tlntsvr.exe |
Allows a remote user to log on to the system and run console programs using the command line. |
Disabled
|
|
|
Terminal Services |
svchost.exe |
Required for Fast User Switching, Remote Desktop and Remote Assistance |
Manual
|
|
|
Themes |
svchost.exe |
XP Active Desktop Themes, and quick launch toolbars
|
Automatic
|
|
|
UPS or Uninterruptible Power Supply |
Ups.exe |
Support for an Uninteruptable Power Supply (UPS) physically connected to the machine. |
Manual
|
|
|
Universal Plug and Play Host |
svchost.exe |
Device Host detect and configure external UPnP devices.
|
Manual |
|
|
Upload Manager |
svchost.exe |
Upload Manager. |
Removed in XP SP2 |
|
|
Volume Shadow Copy |
vssvc.exe |
MS Backup - A volume shadow copy is a picture of the volume at a particular moment in time. That means a computer can be backed up while files are open and applications running. |
Manual
|
|
|
WebClient |
svchost.exe |
Allow access to web-resident disk storage from an ISP. WebDAV "internet disks" such as Apple's iDisk. |
Automatic
|
|
|
Windows Audio |
svchost.exe |
Sound Driver
|
Automatic
|
|
|
Windows Firewall (XP SP2) Internet Connection Firewall (XP) Internet Connection Sharing (Win 2K) |
svchost.exe -k netsvcs |
Network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection. |
Automatic.
|
|
|
Windows Image Acquisition |
svchost.exe |
Required for some but not all cameras, scanners, and digital video cameras. |
Manual |
|
|
Windows Installer |
MsiExec.exe /V |
Install, repair and remove software according to instructions contained in .MSI files. |
Manual |
|
|
Windows Management Instrumentation |
C:\WINNT\System32
|
WMI provides system management information. |
Automatic |
|
|
Windows Management Instrumentation Driver Extensions |
svchost.exe |
Provides systems management information to and from drivers. |
Manual |
|
|
Windows Time |
services.exe |
Update the computer clock by reference to an internet time source or a time server. |
Automatic |
|
|
Wireless Zero Configuration |
svchost.exe |
Configure wireless network devices (802.11a/b/g). |
Automatic
|
|
|
WMI Performance Adapter |
wmiapsrv.exe |
Collect performance library information. |
Manual |
|
|
Workstation |
Services.exe |
Communications and network connections.
|
Automatic |
It is inadvisable to disable a service without being aware of the consequences,
always start by setting the service to manual,
reboot and test for any problems.
A service set to manual may be automatically restarted if another service is dependent on it.
A service set to disabled will not restart even if it's required to boot the machine!
Stopping or disabling a service will generally save a small amount of memory and will reduce the number of software interrupts (cpu message queue.)
The main reason for tinkering with services is to harden the system against security vulnerabilities. Disable everything that you don't need or use -
then any future problems with those services cannot affect the machine.
To document all the services currently installed:
SC QUERY state= all |findstr "DISPLAY_NAME STATE" >my_services.csv
Some XP services communicate and send data directly to Microsoft, this is not generally something to lose sleep over.
Managing the running of these services may be a consideration if confidentiality/anonymity is highly important to you.
Removing a service completely
To delete a service, you may be tempted to hack the registry settings under (HKLM/SYSTEM/CurrentControlSet/Services)
this is not a reliable or recommended method, far better is to use the SC command:
SC delete NameofServiceTodelete
Built-in Service Accounts
In addition to other Default User & Group accounts there are 3 built-in accounts, designed for running background services.
Local Service Account (NT AUTHORITY\LOCAL SERVICE) - has the same level of access to resources and objects as
members of the Users group. This limited access helps safeguard the system if individual services or processes are compromised.
Services that run as the Local Service account access network resources as a null session without credentials.
(This account is not supported for running SQL Server services.)
Network Service Account (NT AUTHORITY\NETWORK SERVICE) - has more access to resources
and objects than members of the Users group. Services that run as the Network Service account access
network resources by using the credentials of the computer account.
Local System Account (NT AUTHORITY\SYSTEM) - a very high-privileged built-in account. It has extensive privileges on the local system and acts as the computer on the network.
In Windows 2008 a new feature was introduced: Managed Service Accounts which provide aut
omatic password management and simplified service principal name (SPN) management.
These accounts are created in Powershell with New-ADServiceAccount
Enable or Disable Ports
Many services and applications rely on the use of a specific PORT - to determine if a particular port is enabled for use, review the list of Service names and port numbers held in the "services" file ('windows\system32\drivers\etc\services')
Installing a good firewall is the easiest way to manage this.
Posts
All Comments
