NW Doc

For Windows Vista & Windows 7 above

This is easy using the 'netsh' command.

To block it we would call it like this:

netsh advfirewall firewall add rule name="BlockAIM" protocol=TCP
dir=out remoteport=4099 action=block

Let me explain each setting:

name = The name of the rule. (Pick something descriptive)
protocol = The protocol we are going to block (UDP or TCP for most cases)
dir = The direction of the block. Can be IN or OUT
remoteport = The port of the remote host that is going to be blocked
action = Could be block or allow. In our case we want to block the connection

Once you execute the above code, all outbound requests to any host on port 4099 will be blocked, and it adds an entry to the Windows firewall.

If you want to remove the rule from the command line, you can call netsh like this:

netsh advfirewall firewall delete rule name="BlockAIM"

That is all there is to it. One line to add a rule, and one line to remove.

Whenever you insert a USB drive, CD/DVD, etc into your system, Windows automatically launches an Autorun dialog box which allows you to select an action from the given list. You can browse the content, play media files, etc using Autorun dialog box.

To disable Autorun functionality in Windows:

1. Type regedit in RUN or Startmenu searchbox and press Enter. It'll open Registry Editor.

2. Go to following key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

If the above key doesn't exist, create it.

3. In right-side pane, create a new DWORD value NoDriveTypeAutoRun and set its value to any of following according to your requirements:

FF - To disable AutoRun on all drives
20 - To disable AutoRun on CD-ROM drives
4 - To disable AutoRun on removable drives
8 - To disable AutoRun on fixed drives
10 - To disable AutoRun on network drives
40 - To disable AutoRun on RAM disks
1 - To disable AutoRun on unknown drives

4. If you want to disable Autorun on a combination of drives, you'll need to calculate sum of the values. For example, if you want to disable Autorun on CD-ROM drives and removable drives, you'll need to set the value to 20+4=24.

5. If you want to restore the Autorun functionality, simply delete the NoDriveTypeAutoRun DWORD value created in Step 3 Or you can set the default value which is given below:

Windows 2000: 95

Windows XP: 91

Windows Server 2003: 95

Windows Vista, Server 2008 and 7: 91

6. If you want to disable Autorun functionality for all users in your system, use the "HKEY_LOCAL_MACHINE" instead of "HKEY_CURRENT_USER" mentioned in Step 2.

In Windows you can change desktop wallpaper, screen saver, themes and other appearance settings by right-click on Desktop and select "Properties".

If you want to disable all or a few options in Desktop Properties to restrict users or you might want to enable those options in case they are disabled by your system administrator or a virus infection.

Following tutorial will help you in enabling or disabling all or a particular option in Desktop Properties:

A. Disable Themes Tab in Desktop Properties:

Type regedit in RUN dialog box and press Enter. Now goto:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ Explorer

If "Explorer" key is not present, then create it. Now in right-side pane, create a new DWORD value NoThemesTab and set its value to 1 to disable it.

B. Disable Desktop Tab in Desktop Properties:

Type regedit in RUN dialog box and press Enter. Now goto:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ System

If "System" key is not present, then create it. Now in right-side pane, create a new DWORD value NoDispBackgroundPage and set its value to 1 to disable it.

C. Disable Screen Saver Tab in Desktop Properties:

Type regedit in RUN dialog box and press Enter. Now goto:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ System

If "System" key is not present, then create it. Now in right-side pane, create a new DWORD value NoDispScrSavPage and set its value to 1 to disable it.

D. Disable both Themes and Appearance Tabs in Desktop Properties:

Type regedit in RUN dialog box and press Enter. Now goto:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ System

If "System" key is not present, then create it. Now in right-side pane, create a new DWORD value NoDispAppearancePage and set its value to 1 to disable it.

E. Disable Settings Tab in Desktop Properties:

Type regedit in RUN dialog box and press Enter. Now goto:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ System

If "System" key is not present, then create it. Now in right-side pane, create a new DWORD value NoDispSettingsPage and set its value to 1 to disable it.

* If you want to enable a restricted tab in Desktop Properties, just delete the required DWORD value as mentioned above or change its value to 0 instead of 1.

Some important and useful restrictions, which can be put in Windows 2000, XP, Server 2003, Vista, Server 2008 and 7.

A. Open Registry Editor

To open Registry Editor by providing regedit command in RUN or Start menu Search box and press Enter.

B. Create Registry Key

Go to following keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\System

1. Restricting Desktop Properties

Create or modify required DWORD value: NoDispCPL and set its value to 1

2. Restricting Task Manager

Create new DWORD DisableTaskMgr and set its value to 1

3. Restricting Registry Editor

Create new DWORD DisableRegistryTools and set its value to 1

Go to following key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer

4. Restricting Taskbar Properties

Create new DWORD NoSetTaskbar and set its value to 1

5. Restricting System Properties

Create new DWORD NoPropertiesMyComputer and set its value to 1

6. Restricting Folder Options

Create new DWORD NoFolderOptions and set its value to 1

7. Restricting Control Panel

Create new DWORD NoControlPanel and set its value to 1

8. Restricting Locking/Unlocking of Taskbar

Create new DWORD LockTaskbar and set its value to 1

9. Restricting right-click on Taskbar

Create new DWORD NoTrayContextMenu and set its value to 1

10. Restricting Toolbars in Taskbar

Create new DWORD NoToolbarsOnTaskbar and set its value to 1

11. Restricting drag-and-drop and right-click in Start Menu

Create new DWORD NoChangeStartMenu and set its value to 1

12. Restricting RUN in Start Menu

Create new DWORD NoRun and set its value to 1

13. Restricting Shut Down, Restart, Sleep and Hibernate commands

Create new DWORD NoClose and set its value to 1

14. Restricting Log off in Start Menu

Create new DWORD StartMenuLogOff and set its value to 1

15. Restricting Active Desktop Feature

Create new DWORD NoActiveDesktop and set its value to 1

16. Restricting adding/removing items to/from Toolbars

Create new DWORD NoToolbarCustomize and set its value to 1

17. Restricting adding/removing Toolbars

Create new DWORD NoBandCustomize and set its value to 1

18. Restricting notification at low disk space

Create new DWORD NoLowDiskSpaceChecks and set its value to 1

19. Restricting Command Prompt

Go to following key:

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System

Create new DWORD DisableCMD and set its value to 2

20. Restricting Writing to USB Drives

Go to following key:

HKEY_LOCAL_MACHINE\SYSTEM\Current Control Set\Control\StorageDevicePolicies

Create new DWORD WriteProtect and set its value to 1

21. Restricting "New" option in context menu

Go to following key:

HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenu Handlers\New

And delete the value of Default, e.g., empty it.

22. Restricting "Send To" option in context menu

Go to following key:

HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenu Handlers\Send To

And delete the value of Default, e.g., empty it.

23. Restricting any desired application

Go to following key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer\DisallowRun

Create new String value with any name, like 1 and set its value to the desired program's EXE file.

e.g., If you want to restrict msconfig, then create a String value 1 and set its value to msconfig.exe. If you want to restrict more programs, simply create more String values with names 2, 3 and so on and set their values to the program's exe file.

24. Restricting Drives in My Computer

Go to following key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer

In right-side pane, create new DWORD NoViewOnDrive and change its value as following:

3 : To Restrict A and B drives only.
4 : To Restrict C drive only.
7 : To Restrict A, B, and C drives only.
8 : To Restrict D drive only.
F : To Restrict A, B, C, and D drives only.
03FFFFFF : To Restrict all drives.

If you want more specific restrictions, like you want to restrict a combination of drives, you can use decimal no. instead of hexadecimal no. Following is a list for all drives decimal no.:

A: 1
B: 2
C: 4
D: 8
E: 16
F: 32
G: 64
H: 128
I: 256
J: 512
K: 1024
L: 2048
M: 4096
N: 8192
O: 16384
P: 32768
Q: 65536
R: 131072
S: 262144
T: 524288
U: 1048576
V: 2097152
W: 4194304
X: 8388608
Y: 16777216
Z: 33554432
ALL: 67108863

*So if you want to disable a combination of drives, just sum their numbers and give the same value to NoViewOnDrive. e.g., for restricting C, D, E and F drives, give the value: 4+8+16+32 = 60

*You can also hide the drives using NoDrives DWORD value. The location and its value remain same as the above trick.

*If you want to remove the restriction, simply delete the DWORD or set its value to 0

Hide user name for the user that has locked the computer:

1. Start Registry Editor.

2. Locate the following key in the registry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System

3. If it doesn't exist, on the Edit menu, point to New, click DWORD Value, and then add the following registry values:

Value name: DontDisplayLockedUserId

Value data: 1, 2 or 3 (see below)

Base: Decimal

The following values can be set:
1 = Show the locked user display name and the user ID
2 = Show the locked user display name only
3 = Do not display the locked user information

4. Exit Registry Editor.

Note: To prevent the last logged on user to be displayed in the Windows logon screen, also set the dontdisplaylastusername value and set it to 1.

Service Control - Create, Start, Stop, Query or Delete any Windows SERVICE. The command options for SC are case sensitive.

Syntax
      SC [\\server] [command] [service_name] [Options]

Key
   server       : The machine where the service is running

   service_name : The KeyName of the service, this is often but not always
                  the same as the DisplayName shown in Control Panel, Services.
                  You can get the KeyName by running: 
                     SC GetKeyName <DisplayName>

   commands:
          query  [qryOpt]   Show status
          queryEx [qryOpt]  Show extended info - pid, flags
          GetDisplayName    Show the DisplayName
          GetKeyName        Show the ServiceKeyName
          EnumDepend        Show Dependencies
          qc                Show config - dependencies, full path etc
          start          START a service.
          stop           STOP a service
          pause          PAUSE a service.
          continue       CONTINUE a service.
          create         Create a service. (add it to the registry)
          config         permanently change the service configuration
          delete         Delete a service (from the registry)
          control        Send a control to a service
          interrogate    Send an INTERROGATE control request to a service
          Qdescription   Query the description of a service
          description    Change the description of a service
          Qfailure       Query the actions taken by a service upon failure
          failure        Change the actions taken by a service upon failure
          sdShow         Display a service's security descriptor using SDDL
          SdSet          Sets a service's security descriptor using SDDL

   qryOpt:
          type= driver|service|all
                         Query specific types of service
          state= active|inactive|all
                         Query services in a particular state only
          bufsize= bytes 
          ri= resume_index_number (default=0)
          group= groupname
                         Query services in a particular group

   Misc commands that don't require a service name:
          SC  QueryLock  Query the LockStatus for the ServiceManager Database.
                         this will show if a service request is running
          SC  Lock       Lock the Service Database
          SC  BOOT       Values are {ok | bad} Indicates whether to save  
                         the last restart configuration as the `last-known-good`
                         restart configuration
   Options
     The CREATE and CONFIG commands allow additional options to be set
     see the build-in help: 'SC create' and 'SC config'

Note the qryOpt options above are case sensitive - they must be entered in lower case, also the position of spaces and = must be exactly as shown.

The SC command duplicates some aspects of the NET command but adds the ability to create a service.
SC query will display if a service is running, giving output like this:

        SERVICE_NAME       : messenger
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

To retrieve specific information from SC's output, pipe into FIND or FindStr
e.g.

  C:\> SC query messenger | FIND "STATE" | FIND "STOPPED"

  C:\> SC query messenger | FIND "STATE" | FIND "RUNNING"

The statements above will return an %ERRORLEVEL% = 1 if the text is not found

IF errorlevel 1 GOTO :my_subroutine

The NET START command can be used in a similar way to check if a service is running:

   NET START | FIND "Service name" > nul
   IF errorlevel 1 ECHO The service is not running

The service control manager will normally wait up to 30 seconds to allow a service to start - you can modify this time (30,000 milliseconds) in the registry

HKLM\SYSTEM\CurrentControlSet\Control
ServicesPipeTimeout (REG_DWORD)

Some options only take effect at the point when the service is started e.g. the SC config command allows the executable of a service to be changed. When the service next starts up it will run the new executable. Config changes requires the current user to have "permission to configure the service".

Examples:

 SC GetKeyName "task scheduler"
 SC GetDisplayName schedule 
 SC start schedule
 SC QUERY schedule
 SC QUERY type= driver
 SC QUERY state= all |findstr "DISPLAY_NAME STATE" >svc_installed.txt 
 SC \\myServer CONFIG myService obj= LocalSystem password= mypassword
 SC CONFIG MyService binPath=c:\myprogram.exe obj=".\LocalSystem" password=""  

Watch out for extra spaces:
SC QUERY state= all Works
SC QUERY sTate =all Fails!

A list of all the standard services

ServiceName	Service (Key)	Process	Description	Default Status & notes
Alerter	Alerter	Services.exe [HKLM\SYSTEM\ CurrentControlSet\ Services\Alerter\Parameters] [HKLM\SYSTEM\ CurrentControlSet \Services\SysmonLog\Log Queries\<alertname>]	Distribute administrative alerts to specific users or machines. e.g. Performance Monitor thresholds are distributed as alerts. Requires the Messenger and Workstation services to be started.	Manual. May be disabled if the alerts are not needed.
Application Layer Gateway Service	ALG	alg.exe	Support for Internet Connection Sharing and theInternet Connection Firewall	Manual
Application Management	appmgt	Services.exe or svchost.exe	Installation services (Add/Remove Programs) - Assign, Publish, and Remove.	Manual
Automatic Updates	wuaUserv	svchost.exe -k wugroup	Enable the download and installation of critical Windows updates.	Automatic. If the service is stopped, the operating system can be manually updated at the Windows Update Web site.
Background Intelligent Transfer Service	BITS	svchost.exe -k BITSgroup	Transfer files using idle network bandwidth, maintain file transfers through network disconnections and computer restarts.	Automatic switch to manual if you have problems - Q314862
Clipbook Server	Clipsrv	Clipsrv.exe	Provides support for the Clipbook Viewer, which allows the clipboard of the source machine to be accessed remotely.	Disabled
COM+ Event System	Event System	svchost.exe -k netsvcs	Automatic distribution of events to subscribing COM components.	Manual
Computer Browser	Browser	Services.exe	Collects the names of NetBIOS resources on the network, creating a list so that it can participate as a master browser or basic browser (one that takes part in browser elections). This maintained list of resources (computers) is displayed in Network Neighborhood and Server Manager. If disabled you can still map drives, but can't browse the whole network.	Automatic. If the machine is not connected to a LAN (stand-alone), or will not participate as a master browser or take part in elections, then feel free to change the status to manual (or disabled) This does not equate to disabling TCP/IP so internet browsing is still possible.
Cryptographic Services	CryptSvc	svchost.exe	Management of Certification Authority certificates. Driver Catalog Database, Protected Root and Key certificate Services.	Automatic
DCOM Server Process Launcher	DcomLaunch	svchost.exe	Launch DCOM services	Automatic
DHCP Client	Dhcp	Services.exe or svchost.exe	Manage network configuration by registering and updating IP addresses and DNS names.	Automatic On a stand-alone machine: Disable
Distributed Link Tracking Client	TrkWks	Services.exe or svchost.exe	Send notification of files moving between NTFS volumes in a network domain.	Automatic Can be set to manual if you dont need this function.
Distributed Transaction Coordinator	msdtc	MSDTC.exe	Coordinate transactions that are distributed across two or more databases, message queues, file systems, or other transaction protected resource managers.	Manual Can be set to Disabled if you dont need this function.
DNS Client	Dnscache	Services.exe	Resolves and caches Domain Name System (DNS) names.	Automatic
Directory Replicator (Server only)	Replicator	Lmrepl.exe	Replicate specified files & folders between computers. The host is the export server, and the target machines are called import computers. Replication is configured under Server in the Control Panel.	Automatic Domain Controllers need this to replicate the Netlogon share.
Error Reporting Service	Ersvc	svchost.exe	Report errors back to Microsoft in Redmond.	Automatic If you never want to report system crash info. to Microsoft set this to disabled.
EventLog	EventLog	Services.exe	Record System, Security, and Application Events. Viewed with the MMC Event Viewer (eventvwr.exe in NT).	Automatic
Fast User Switching Compatibility	FastUserSwitching Compatibility	svchost.exe	Enable multiple users to login to the same PC simultaneously.	Manual
Fax Service	Fax	faxsvc.exe	Send and receive faxes	Automatic or Manual
Help and Support	helpsvc	svchost.exe	Help and Support Center	Automatic. If stopped the help system will stop working.
Human Interface Device Access	HidServ	svchost.exe	Support for extra keyboard 'hot buttons' and other multimedia input devices.	Disabled
HTTP SSL	HTTPFilter	svchost.exe	Support for HTTPS (Secure Socket Layer) websites such as banking and e-commerce.	Manual
IMAPI CD-Burning COM Service	ImapiService	imapi.exe	CD-Rom Burning	Manual If you have problems changing to Automatic may help.
Indexing Service	cisvc	cisvc.exe	Index the contents and properties of files on local and remote computers. [ RESOURCE HOG ]	Manual For improved performance Disable or Uninstall thru C.Panel add/remove
IPSEC Policy Agent	PolicyAgent	lsass.exe	Manage IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.	Automatic May be changed to Manual if IPSec is not needed.
License Logging Service (Server)	LicenseService	Llssrv.exe	License tracking on a server or DC (Domain Controller).	If disabled then licensing status alerts will not be generated.
Logical Disk Manager	Dmserver	services.exe or svchost.exe	Required by the MMC Disk Management plug-in.	Automatic
Logical Disk Manager Administrative Service	Dmadmin	dmadmin.exe /com	Administrative service for disk management requests	Manual
Message Queuing		mqsvc.exe	Message Queuing
Message Queuing Triggers		mqtgsvc.exe	Message Queuing
MS Software Shadow Copy Provider Service	swprv	dllhost.exe	Microsoft Backup Utility	Manual Disable if you never use Shadow Copy features.
Messenger	Messenger	Services.exe	Process the receipt or delivery of pop-up messages sent via NET SEND. Not related to Windows Messenger	Disabled vulnerability once used to send pop-up spam.
Network Connections	Netman	svchost.exe -k netsvcs	Manage objects in the Network and Dial-Up Connections folder (LAN and remote connections.)	Manual
Net Logon	Netlogon	Lsass.exe (Local Security Authority Subsystem)	Network Authentication: maintains a synced domain directory database between the PDC and BDC(s), handles authentication of respective accounts on the DCs, and authenticates domain accounts on networked machines.	Automatic For stand-alone machines never connected to a domain set to Manual.
NetMeeting Remote Desktop Sharing	Nmnsrvc	mnmsrvc.exe	Allows authorized people to remotely access your Windows desktop using NetMeeting.	Manual. A good idea to Disable unless you plan to allow remote connections.
Network DDE	NetDDE	Netdde.exe	Support the network transport of DDE (Dynamic Data Exchange) connections. Requires Network DDE DSDM to be started. See Clipbook service	Disabled
Network DDE DSDM	NetDDEdsdm	Netdde.exe	Manage shared DDE conversations (from shares like: \\computername\ndde$). See Clipbook service	Disabled
NLA - Network Location Awareness	nla	svchost.exe	Part of Internet Connection Sharing (ICS) and the Internet Connection Firewall (ICF)	Manual
Network Provisioning Service	xmlprov	svchost.exe	Manage XML configuration files on a domain basis	Manual
NT LM Security Support Provider	NtLmSsp	Services.exe	Extends NT security to Remote Procedure Call (RPC) programs using various transports other than named pipes. RPC activity is quite common, and most RPC apps don't use named pipes.	Manual
Performance Logs and Alerts (XP) Alerts and Performance Logs (Win 2K)	sysmonLog	smlogsvc.exe	Configure performance logs and alerts.	Manual. May be disabled if the alerts are not needed.
Plug and Play	PlugPlay	Services.exe	Plug and Play. Do not disable this service.	Automatic
Universal Plug and Play Host	UPNPhost	svchost.exe	Device Host detect and configure external UPnP devices. UPnP<>PnP	Manual
Portable Media Serial Number Service	WmdmPmSN	svchost.exe	Retrieves the serial number of any portable media player connected to this computer.	Manual Disable if you never use DRM music devices.
Print Spooler or Spooler	Spooler	Spoolsv.exe (Spoolss.exe in NT4)	The NT printing subsystem.	Automatic - If you print documents. If no printing is ever done set to manual (or disabled) Restarting this service will cancel all pending print jobs.
Protected Storage	ProtectedStorage	Pstores.exe	Encrypt and store secure info: SSL certificates, passwords for Outlook, Outlook Express, Profile Assistant, MS Wallet, and digitally signed S/MIME keys.	Automatic.
QoS RSVP	rsvp	rsvp.exe -s	Provide network signaling and local traffic control setup functionality for QoS-aware programs and control applets.	Manual
Remote Access Auto Connection Manager or Remote Access AutoDial Manager	Rasauto	svchost.exe -k netsvcs	Activates automatic dial-up when a URL link is clicked. Required for some but not all RAS, ADSL or Cable connections.	Manual May be disabled if the machine has no internet access.
Remote Access Connection Manager	Rasman	svchost.exe -k netsvcs	Required for most but not all RAS, ADSL or Cable connections.	Manual. Required for Internet Connection Sharing or accessing remote servers via RAS.
Remote Desktop Help Session Manager	RDSessMgr	sessmgr.exe	Remote Desktop Help Session Manager.	Manual May be disabled if RDP is never used.
Remote Procedure Call (RPC) Service or Remote Procedure Call (RPC)	RpcSs	svchost -k rpcss	This RPC subsystem is crucial to the operations of any RPC activities taking place on a system (e.g. DCOM)	Automatic Do not disable Many essential services are dependent on RPC.
Remote Procedure Call (RPC) Locator	RpcLocator	Locator.exe	Maintain the RPC name server database, requires the RPC service (below) to be started. Database of available server applications.	Manual.
Remote Registry Service (XP Pro only)	RemoteRegistry	regsvc.exe	Allow remote registry manipulation.	Automatic A good idea to disable this, unless you have some reason to allow remote registry editing.
Removable Storage	Ntmssvc	svchost.exe -k netsvcs	Manage removable media, drives, and libraries.	Manual.
RIP Listener (XP - option)			Listen for RIP announcements from routers and modify the routing table accordingly.	To use the RIP Listener service, your adjacent routers must support the RIP v1 protocol. You'll find the RIP Listener service under Add/Remove Windows Components - Networking Services.
Routing and Remote Access	RemoteAccess	svchost.exe -k netsvcs	Allow incoming connections via dial in or VPN. (WAN Routing)	Disabled
Secondary Logon (Win XP) RunAs (Win 2K)	secLogon	services.exe or svchost.exe	Enables starting processes under alternate credentials.	Automatic You may want to stop this service if you never use RunAs
Security Accounts Manager (Win 2K)	SamSs	lsass.exe	Stores security information for local user accounts.	Automatic
Security Center	wscsvc	svchost.exe	Monitor system security settings and configurations.	Automatic You may want to disable this if firewall and virus updates are controlled via other means.
Server	LanmanServer	Services.exe	Support for peer-to peer file sharing, print sharing, and named pipe sharing via SMB services.	Automatic May be disabled if you dont host file or print shares. (Admin$ shares)
Shell Hardware Detection	ShellHWDetection	svchost.exe	CD Autoplay	Automatic.
Smart Card	ScardSrv	SCardSvr.exe	Manages and controls access to a smart card inserted into a smart card reader attached to the computer.	Manual If you never use smart cards, Disable
Smart Card Helper	ScardDrv	SCardSvr.exe	legacy smart card readers	Removed in XP SP2
SNMP Service	Snmp	snmp.exe	Agents that monitor the activity in network devices and report to the network console workstation.	Automatic (if installed)
SSDP Discovery Service	SSDPSRV	svchost.exe	Simple Service Discovery Protocol. Enables discovery of UPnP devices on your home network	Manual May be disabled if as is likely you dont have any UPnP devices)
System Event Notification	SENS	svchost.exe -k netsvcs	Track system events such as Windows logon, network, and power events. Notifiy COM+ Event System subscribers of these events.	Automatic.
System Restore Service	srservice	svchost.exe	Creates system snap shots. [ RESOURCE HOG ]	Automatic If the machine's configuration has been cloned/backed up - turn off System Restore in Control Panel, System.
Task Scheduler or Schedule	Schedule	atsvc.exe or mstask.exe	This service is required to schedule background tasks (run at a specific date & time) Under NT it's a Resource Hog. Under XP it's used by some auto-tuning operations.	Automatic
TCP/IP NetBIOS Helper or TCP/IP NetBIOS Helper Service	lmHosts	Services.exe	Support for name resolution in a Windows 2000 domain . (Netbios/Wins) An alternative to DNS lookup.	Automatic If not required may be set to manual.
Telephony	TapiSrv	Tapisrv.exe	Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections. e.g unimodem modems.	Manual
Telnet (Win 2K)	TlntSvr	tlntsvr.exe	Allows a remote user to log on to the system and run console programs using the command line.	Disabled Very insecure, presents a security risk when running.
Terminal Services	TermService	svchost.exe	Required for Fast User Switching, Remote Desktop and Remote Assistance	Manual If not required may be Disabled
Themes	Themes	svchost.exe	XP Active Desktop Themes, and quick launch toolbars [ RESOURCE HOG ]	Automatic Set to Manual or Disabled if you dont like themes.
UPS or Uninterruptible Power Supply	UPS	Ups.exe	Support for an Uninteruptable Power Supply (UPS) physically connected to the machine.	Manual Not every UPS will need or use this service.
Universal Plug and Play Host	UPNPhost	svchost.exe	Device Host detect and configure external UPnP devices. UPnP<>PnP	Manual
Upload Manager	uploadmgr	svchost.exe	Upload Manager.	Removed in XP SP2
Volume Shadow Copy	VSS	vssvc.exe	MS Backup - A volume shadow copy is a picture of the volume at a particular moment in time. That means a computer can be backed up while files are open and applications running.	Manual If not required may be disabled see MS Software Shadow Copy Provider Service
WebClient	WebClient	svchost.exe	Allow access to web-resident disk storage from an ISP. WebDAV "internet disks" such as Apple's iDisk.	Automatic If not required may be disabled
Windows Audio	AudioSrv	svchost.exe	Sound Driver Note that disabling the sound driver won't stop sounds from playing - you just won't hear them.	Automatic If no sound card fitted then disable.
Windows Firewall (XP SP2) Internet Connection Firewall (XP) Internet Connection Sharing (Win 2K)	SharedAccess	svchost.exe -k netsvcs	Network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection.	Automatic. For better protection consider adding a third party firewall.
Windows Image Acquisition	stisvc	svchost.exe	Required for some but not all cameras, scanners, and digital video cameras.	Manual
Windows Installer	MSIServer	MsiExec.exe /V	Install, repair and remove software according to instructions contained in .MSI files.	Manual
Windows Management Instrumentation	WinMgmt	C:\WINNT\System32 \WBEM\WinMgmt.exe	WMI provides system management information.	Automatic
Windows Management Instrumentation Driver Extensions	Wmi	svchost.exe	Provides systems management information to and from drivers.	Manual
Windows Time	W32time	services.exe	Update the computer clock by reference to an internet time source or a time server.	Automatic
Wireless Zero Configuration	WZCSVC	svchost.exe	Configure wireless network devices (802.11a/b/g).	Automatic disable if you don't have any wireless devices.
WMI Performance Adapter	WmiApSrv	wmiapsrv.exe	Collect performance library information.	Manual
Workstation	lanmanworkstation	Services.exe	Communications and network connections. Services dependent on this being started: Alerter, Messenger, and Net Logon.	Automatic

It is inadvisable to disable a service without being aware of the consequences,

always start by setting the service to manual,

reboot and test for any problems.

A service set to manual may be automatically restarted if another service is dependent on it.
A service set to disabled will not restart even if it's required to boot the machine!

Stopping or disabling a service will generally save a small amount of memory and will reduce the number of software interrupts (cpu message queue.)

The main reason for tinkering with services is to harden the system against security vulnerabilities. Disable everything that you don't need or use -

then any future problems with those services cannot affect the machine.

To document all the services currently installed:

SC QUERY state= all |findstr "DISPLAY_NAME STATE" >my_services.csv

Some XP services communicate and send data directly to Microsoft, this is not generally something to lose sleep over.

Managing the running of these services may be a consideration if confidentiality/anonymity is highly important to you.

Removing a service completely

To delete a service, you may be tempted to hack the registry settings under (HKLM/SYSTEM/CurrentControlSet/Services)

this is not a reliable or recommended method, far better is to use the SC command:

SC delete NameofServiceTodelete

Built-in Service Accounts

In addition to other Default User & Group accounts there are 3 built-in accounts, designed for running background services.

Local Service Account (NT AUTHORITY\LOCAL SERVICE) - has the same level of access to resources and objects as

members of the Users group. This limited access helps safeguard the system if individual services or processes are compromised.

Services that run as the Local Service account access network resources as a null session without credentials.

(This account is not supported for running SQL Server services.)

Network Service Account (NT AUTHORITY\NETWORK SERVICE) - has more access to resources

and objects than members of the Users group. Services that run as the Network Service account access

network resources by using the credentials of the computer account.

Local System Account (NT AUTHORITY\SYSTEM) - a very high-privileged built-in account. It has extensive privileges on the local system and acts as the computer on the network.

In Windows 2008 a new feature was introduced: Managed Service Accounts which provide aut

omatic password management and simplified service principal name (SPN) management.

These accounts are created in Powershell with New-ADServiceAccount

Enable or Disable Ports
Many services and applications rely on the use of a specific PORT - to determine if a particular port is enabled for use, review the list of Service names and port numbers held in the "services" file ('windows\system32\drivers\etc\services')
Installing a good firewall is the easiest way to manage this.

Source

---