Understanding Windows Services

Understanding Windows Services
In Windows XP (but not Windows 2000), the Services console displays a description for almost every service on the list—but it's rarely detailed or helpful. Nearly all descriptions include a variation on this refrain: "If this service is stopped, it won't work. If this service is disabled, services that depend on it won't work either." Table 17-2 provides some further detail about specific services, what they do, and whether it's safe to turn them off. Depending on your specific configuration, you might not have all the services listed here. You might also have other services not listed if third-party software has installed services as well.

CAUTION
--------------------------------------------------------------------------------

If you search the Internet, you might find sites that advocate stopping or disabling several services that we advise you to keep running. It is possible to run Windows with some of these additional services turned off. But you would be removing system functionality that Windows expects to be available. Windows and third-party applications might behave in unpredictable ways when these services are not running.
Determining the Name of a Service
--------------------------------------------------------------------------------

As you view the properties dialog box for each service, you might notice that the service name (at the top of the General tab) often differs from the name that appears in the Services console (the display name) and that neither name matches the name of the service's executable file. (In fact, the executable for many services is Services.exe or Svchost.exe.) The General tab shows all three names.

When you use the Services console, you can find and work with a service knowing only its display name. But if you use Tasklist or Tlist to determine which service is run by a particular PID shown in Task Manager (see Determining Which Ports Are Active), you'll see only the service name. You'll also need to know the service name if you're forced to work with a service's registry entries, which are found in the HKLM\System\CurrentControlSet\Services\service subkey, where service is the service's name. For these reasons, Table 17-2 includes the service name as well as the display name, allowing you to correlate the two without poring through properties dialog boxes.

Like file names, the names of services are not case sensitive. In Table 17-2, we capitalize the service names as they appear in the registry. Although the programmers who developed Windows are obviously not very consistent in applying a capitalization style (or a naming convention), you're likely to see this same capitalization whenever a particular service name is mentioned in documentation.

Table 17-2. Windows Services
Display Name; Service Name Description and Security Recommendation
Alerter; Alerter
Provides an administrative alert (a pop-up message box) function that can be accessed via the Net Send command. Because this feature can be abused and is rarely required in a small office workgroup, you can stop this service and set it to Manual.

Application Layer Gateway Service; ALG
Lets third-party software extend the functionality of Internet Connection Sharing (ICS) and Internet Connection Firewall (ICF). Needs to run only on systems where ICS or ICF is being used, such as a system connected directly to the Internet and acting as a router for the local network. On other systems, keep this service set to Manual.

Application Management; AppMgmt
Intended for use in corporate installations where a network administrator might, for example, want to make new applications available for users to install. Windows Installer appears to need this service for installing applications, so keep it set to Manual so that it will start when needed.

Automatic Updates; wuauserv
Checks for updates and patches at the Windows Update site and downloads them automatically if you have selected that option. In most cases, you will want this service set to Automatic. If you manage all your system updates centrally, set the service to Disabled.

Background Intelligent Transfer Service; BITS
Lets programs download files over the Internet in a way that doesn't significantly interfere with the user's use of the available bandwidth. The service doesn't provide a user interface to let you see which files are being transferred. With the service set to Manual, it should automatically start if a program needs it.

ClipBook; ClipSrv
Provides support for the obscure ClipBook Viewer application, which lets users share their Clipboard contents via cut and paste over the network. If you don't use this application inside your network—it's nearly certain that you don't—you can disable this service.

COM+ Event System; EventSystem

COM+ System Application; COMSysApp
Part of the Windows plumbing for Component Object Model (COM) components. Keep these services set to Manual for a faster startup in some cases, but do not set them to Disabled.

Computer Browser; Browser
Allows a system to act as a "browse master." In a Microsoft Windows-based workgroup, one computer is always designated the browse master and keeps a list of which computers are present on the network. If the browse master becomes unavailable, the remaining computers in the network elect a new browse master. Leave this service set to Automatic for most situations. If you stop the Computer Browser service on a computer, that system will no longer be eligible to act as a browse master. If one computer on your network is always on and is very reliable, you can set Computer Browser to Automatic on that computer and set it to Disabled on the others.

Cryptographic Services; CryptSvc
Provides, among other things, digital signature verification for signed files such as device drivers and ActiveX controls. Leave it set to Automatic.

DHCP Client; Dhcp
Retrieves network settings from a Dynamic Host Configuration Protocol (DHCP) server when the system boots. If you configure your network settings (IP address, subnet mask, DNS server, gateway) manually, you can disable this service. Most networks use DHCP, and in those cases the service should be left set to Automatic.

Distributed Link Tracking Client; TrkWks
Tracks the location of NTFS files and resources on the network and on a local computer. You can set this service to Manual on computers in a workgroup.