Government Security
Network Security Resources

Jump to content


Disabling Unnecessary Services

- - - - -
  • Please log in to reply
27 replies to this topic

#16 Custoffe



  • Members
  • 4 posts

Posted 20 February 2006 - 04:29 PM

Great explanation of all the services, i recently "upgraded" my main PC to XP and hadnt a clue what half of this stuff was! My PC will be alot more secure now :D Does the tutorial expand to OS's like win2k? Or is it strictly XP?

#17 virus



  • Members
  • 506 posts

Posted 15 July 2006 - 11:06 PM

Just updated the services list the other day. It was quite a pain to dig out the associated reg keys, anyways enjoy this batch file.

P.S: This is the config i use of my laptop and I am not connected to any corporate network/domain etc, so there are no hiccups ;)

@echo off

@echo This batch program will disable certain services which are usually not required.
@echo By doing so, it may also increase the overall performance of your system.
@echo If you wish to abort this batch job, press 'control+C' else,

:: The two colons (::) are used to comment out statements

:: 2 is for auto
:: 3 is for manual
:: 4 is for disabled

:: Alerter
@reg add HKLM\SYSTEM\CurrentControlSet\Services\Alerter /v Start /t REG_DWORD /d 4 /f

:: Application Layer Gateway Server
@reg add HKLM\SYSTEM\CurrentControlSet\Services\ALG /v Start /t REG_DWORD /d 4 /f

:: Application Management
@reg add HKLM\SYSTEM\CurrentControlSet\Services\AppMgmt /v Start /t REG_DWORD /d 4 /f

:: Automatic Updates
@reg add HKLM\SYSTEM\CurrentControlSet\Services\wuauserv /v Start /t REG_DWORD /d 2 /f

:: Background Information Transfer Service
@reg add HKLM\SYSTEM\CurrentControlSet\Services\BITS /v Start /t REG_DWORD /d 2 /f

:: ClipBook
@reg add HKLM\SYSTEM\CurrentControlSet\Services\ClipSrv /v Start /t REG_DWORD /d 4 /f

:: COM+ Event System
@reg add HKLM\SYSTEM\CurrentControlSet\Services\EventSystem /v Start /t REG_DWORD /d 3 /f

:: COM+ System Application
@reg add HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp /v Start /t REG_DWORD /d 3 /f

:: Computer Browser
@reg add HKLM\SYSTEM\CurrentControlSet\Services\Browser /v Start /t REG_DWORD /d 4 /f

:: Cryptographic Services
@reg add HKLM\SYSTEM\CurrentControlSet\Services\CryptSvc /v Start /t REG_DWORD /d 3 /f

:: DCOM Server Process Launcher
@reg add HKLM\SYSTEM\CurrentControlSet\Services\DcomLaunch /v Start /t REG_DWORD /d 2 /f

:: DHCP Client
@reg add HKLM\SYSTEM\CurrentControlSet\Services\Dhcp /v Start /t REG_DWORD /d 2 /f

:: Distributed Link Tracking Client
@reg add HKLM\SYSTEM\CurrentControlSet\Services\TrkWks /v Start /t REG_DWORD /d 4 /f

:: Distributed Transaction Coordinator
@reg add HKLM\SYSTEM\CurrentControlSet\Services\MSDTC /v Start /t REG_DWORD /d 4 /f

:: DNS Client
@reg add HKLM\SYSTEM\CurrentControlSet\Services\Dnscache /v Start /t REG_DWORD /d 2 /f

:: Error Reporting Service
@reg add HKLM\SYSTEM\CurrentControlSet\Services\ERSvc /v Start /t REG_DWORD /d 4 /f

:: Event Log
@reg add HKLM\SYSTEM\CurrentControlSet\Services\Eventlog /v Start /t REG_DWORD /d 2 /f

:: Fast User Switching Compatibility
@reg add HKLM\SYSTEM\CurrentControlSet\Services\FastUserSwitchingCompatibility /v Start /t REG_DWORD /d 4 /f

:: Help and Support
@reg add HKLM\SYSTEM\CurrentControlSet\Services\helpsvc /v Start /t REG_DWORD /d 4 /f

:: File and Print Server
@reg add HKLM\SYSTEM\CurrentControlSet\Services\Server /v Start /t REG_DWORD /d 4 /f

@reg add HKLM\SYSTEM\CurrentControlSet\Services\HTTPFilter /v Start /t REG_DWORD /d 3 /f

:: Human Interface Device Access
@reg add HKLM\SYSTEM\CurrentControlSet\Services\HidServ /v Start /t REG_DWORD /d 4 /f

:: IMAPI CD-Burning COM Service
@reg add HKLM\SYSTEM\CurrentControlSet\Services\Server /v Start /t REG_DWORD /d 3 /f

:: Indexing Service
@reg add HKLM\SYSTEM\CurrentControlSet\Services\cisvc /v Start /t REG_DWORD /d 2 /f

:: IPSEC Services
@reg add HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v Start /t REG_DWORD /d 4 /f

:: Logical Disk Manager
@reg add HKLM\SYSTEM\CurrentControlSet\Services\Server /v Start /t REG_DWORD /d 3 /f

:: Logical Disk Manager Administrative Service
@reg add HKLM\SYSTEM\CurrentControlSet\Services\dmadmin /v Start /t REG_DWORD /d 3 /f

:: Lanmanserver
@reg add HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver /v Start /t REG_DWORD /d 4 /f

:: Messenger Service
@reg add HKLM\SYSTEM\CurrentControlSet\Services\Messenger /v Start /t REG_DWORD /d 4 /f

:: Microsoft Software Shadow Copy Provider
@reg add HKLM\SYSTEM\CurrentControlSet\Services\SwPrv /v Start /t REG_DWORD /d 4 /f

:: Net Logon
@reg add HKLM\SYSTEM\CurrentControlSet\Services\Netlogon /v Start /t REG_DWORD /d 4 /f

:: NETMeeting Remote Desktop Sharing
@reg add HKLM\SYSTEM\CurrentControlSet\Services\mnmsrvc /v Start /t REG_DWORD /d 4 /f

:: Network Connections
@reg add HKLM\SYSTEM\CurrentControlSet\Services\Netman /v Start /t REG_DWORD /d 3 /f

:: NetBIOS Service
@reg add HKLM\SYSTEM\CurrentControlSet\Services\NetBIOS /v Start /t REG_DWORD /d 4 /f

:: Network DDE
@reg add HKLM\SYSTEM\CurrentControlSet\Services\NetDDE /v Start /t REG_DWORD /d 4 /f

:: Network DDE DSDM
@reg add HKLM\SYSTEM\CurrentControlSet\Services\NetDDEdsdm /v Start /t REG_DWORD /d 4 /f

:: NetBIOS over TCP/IP
@reg add HKLM\SYSTEM\CurrentControlSet\Services\NetBT /v Start /t REG_DWORD /d 4 /f

:: Network Location Awareness
@reg add HKLM\SYSTEM\CurrentControlSet\Services\NLA /v Start /t REG_DWORD /d 4 /f

:: Network Provisioning Service
@reg add HKLM\SYSTEM\CurrentControlSet\Services\xmlprov /v Start /t REG_DWORD /d 3 /f

:: NT LM Security Support Provider
@reg add HKLM\SYSTEM\CurrentControlSet\Services\NtLmSsp /v Start /t REG_DWORD /d 4 /f

:: Office Source Engine
@reg add HKLM\SYSTEM\CurrentControlSet\Services\ose /v Start /t REG_DWORD /d 3 /f

:: Performance Logs and Alerts
@reg add HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog /v Start /t REG_DWORD /d 4 /f

:: Plug and Play
@reg add HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay /v Start /t REG_DWORD /d 2 /f

:: Portable Media Serial Number
@reg add HKLM\SYSTEM\CurrentControlSet\Services\WmdmPmSp /v Start /t REG_DWORD /d 4 /f

:: Print Spooler
@reg add HKLM\SYSTEM\CurrentControlSet\Services\Spooler /v Start /t REG_DWORD /d 2 /f

:: Protected Storage
@reg add HKLM\SYSTEM\CurrentControlSet\Services\ProtectedStorage /v Start /t REG_DWORD /d 2 /f

@reg add HKLM\SYSTEM\CurrentControlSet\Services\NetBT /v Start /t REG_DWORD /d 4 /f

:: Remote Access
@reg add HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess /v Start /t REG_DWORD /d 4 /f

:: Remote Access (NULL sessions)
@reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v restrictanonymous /t REG_DWORD /d 1 /f

:: Remote Access Auto Connection Manager
:: Permits auto connection to the Net. Trojans can use this, better to disable
@reg add HKLM\SYSTEM\CurrentControlSet\Services\RasAuto /v Start /t REG_DWORD /d 4 /f

:: Remote Access Connection Manager
@reg add HKLM\SYSTEM\CurrentControlSet\Services\RasMan /v Start /t REG_DWORD /d 2 /f

:: Remote desktop help session manager
@reg add HKLM\SYSTEM\CurrentControlSet\Services\RDSessMgr /v Start /t REG_DWORD /d 4 /f

:: Remote Procedure Call
@reg add HKLM\SYSTEM\CurrentControlSet\Services\RpcSs/v Start /t REG_DWORD /d 2 /f

:: RPC Call Locator
@reg add HKLM\SYSTEM\CurrentControlSet\Services\RpcLocator/v Start /t REG_DWORD /d 4 /f

:: Remote Registry
@reg add HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegisty /v Start /t REG_DWORD /d 4 /f

:: Removable Storage
@reg add HKLM\SYSTEM\CurrentControlSet\Services\MtmsSvc /v Start /t REG_DWORD /d 3 /f

:: Routing and Remote Access
@reg add HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess /v Start /t REG_DWORD /d 4 /f

:: Secondary Logon
@reg add HKLM\SYSTEM\CurrentControlSet\Services\seclogon/v Start /t REG_DWORD /d 4 /f

:: Security Accounts Manager
@reg add HKLM\SYSTEM\CurrentControlSet\Services\SamSs /v Start /t REG_DWORD /d 2 /f

:: Security Centre
@reg add HKLM\SYSTEM\CurrentControlSet\Services\wscsvc /v Start /t REG_DWORD /d 4 /f

:: Server
@reg add HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver /v Start /t REG_DWORD /d 4 /f

:: Shell Hardware Detection
@reg add HKLM\SYSTEM\CurrentControlSet\Services\ShellHWDetection /v Start /t REG_DWORD /d 4 /f

:: Smart Card
@reg add HKLM\SYSTEM\CurrentControlSet\Services\SCardSvr /v Start /t REG_DWORD /d 4 /f

:: Smart Card Helper
@reg add HKLM\SYSTEM\CurrentControlSet\Services\SCardDrv /v Start /t REG_DWORD /d 4 /f

:: SSDP Discovery Service
@reg add HKLM\SYSTEM\CurrentControlSet\Services\SSDPSRV /v Start /t REG_DWORD /d 4 /f

:: System Event Notification
@reg add HKLM\SYSTEM\CurrentControlSet\Services\SENS /v Start /t REG_DWORD /d 2 /f

:: System Restore Service
@reg add HKLM\SYSTEM\CurrentControlSet\Services\srservice /v Start /t REG_DWORD /d 4 /f

:: Task Scheduler
@reg add HKLM\SYSTEM\CurrentControlSet\Services\Schedule /v Start /t REG_DWORD /d 4 /f

:: TCP/IP NetBIOS Helper
@reg add HKLM\SYSTEM\CurrentControlSet\Services\LmHosts /v Start /t REG_DWORD /d 4 /f

:: Telephony
@reg add HKLM\SYSTEM\CurrentControlSet\Services\Telephony /v Start /t REG_DWORD /d 4 /f

:: Telnet Service
@reg add HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr /v Start /t REG_DWORD /d 4 /f

:: Terminal Service
@reg add HKLM\SYSTEM\CurrentControlSet\Services\TermService /v Start /t REG_DWORD /d 4 /f

:: Themes
@reg add HKLM\SYSTEM\CurrentControlSet\Services\Themes /v Start /t REG_DWORD /d 4 /f

:: Uninterruptible Power Supply
@reg add HKLM\SYSTEM\CurrentControlSet\Services\Themes /v Start /t REG_DWORD /d 4 /f

:: Universal Plug and Play Device Host
@reg add HKLM\SYSTEM\CurrentControlSet\Services\UPS /v Start /t REG_DWORD /d 4 /f

:: Volume Shadow Copy
@reg add HKLM\SYSTEM\CurrentControlSet\Services\VSS /v Start /t REG_DWORD /d 3 /f

:: Web-client
@reg add HKLM\SYSTEM\CurrentControlSet\Services\WebClient /v Start /t REG_DWORD /d 4 /f

:: Windows Firewall/Internet Connection Sharing
@reg add HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess /v Start /t REG_DWORD /d 4 /f

:: Windows Image Acquisition
@reg add HKLM\SYSTEM\CurrentControlSet\Services\stisvc /v Start /t REG_DWORD /d 4 /f

:: Windows Installer
@reg add HKLM\SYSTEM\CurrentControlSet\Services\MSIServer /v Start /t REG_DWORD /d 3 /f

:: Windows Management Instrumentation
@reg add HKLM\SYSTEM\CurrentControlSet\Services\winmgmt /v Start /t REG_DWORD /d 3 /f

:: Windows Management Instrumentation Driver Extensions
@reg add HKLM\SYSTEM\CurrentControlSet\Services\Wmi /v Start /t REG_DWORD /d 3 /f

:: Windows Time
@reg add HKLM\SYSTEM\CurrentControlSet\Services\W32Time /v Start /t REG_DWORD /d 4 /f

:: Wireless Zero Configuration
@reg add HKLM\SYSTEM\CurrentControlSet\Services\WZCSVC /v Start /t REG_DWORD /d 3 /f

:: IPX Traffic forwarder
@reg add HKLM\SYSTEM\CurrentControlSet\Services\NwlnkFwd /v Start /t REG_DWORD /d 4 /f

:: WMDM PMSP Service
@reg add HKLM\SYSTEM\CurrentControlSet\Services\WMDM PMSP Service /v Start /t REG_DWORD /d 4 /f

:: WMI Performance Adapter
@reg add HKLM\SYSTEM\CurrentControlSet\Services\WmiApSrv /v Start /t REG_DWORD /d 4 /f

:: Workstation
:: @reg add HKLM\SYSTEM\CurrentControlSet\Services\lanmanworkstation /v Start /t REG_DWORD /d 4 /f

@echo The Batch job was completed successfully !
@echo on

#18 Yang


    Private First Class

  • Members
  • 32 posts

Posted 25 July 2006 - 01:44 AM

HEre you can get a little Gui Tool to disable all unnecessary Services
its published by some members of Chaos Computer source is also there...

mfg Yang

#19 virus



  • Members
  • 506 posts

Posted 25 July 2006 - 02:33 AM

Its not ALL about disabling necessary services ... i mean the program doesn't even have alot of options, except for just two - LAN config and single computer. Moreover, it is propagating misinformation that disabling some services means that you don't need a firewall. Deploying a firewall is far more than just disabling services ...

P.S: I'd would have loved to elaborate on it but i'm sort of time at the moment.

#20 Yang


    Private First Class

  • Members
  • 32 posts

Posted 25 July 2006 - 02:54 AM

i doesn't told you...that you dont need any firwall....they tell you that you can prevent you from Worms like Sasser without using a Personal Firewall and
thats I think a good way for "normal" USer'S to make them a little bit safer especially when they don't use a router to connect to the net.

#21 Buluemoon



  • Members
  • 116 posts

Posted 14 August 2006 - 10:51 AM

This has been a great thread over the years and I am not aware that I have ever found the associated reg keys to the services. I am going to google this subject to see if there are any other listings like this, Very handy.

#22 x0sans255



  • Members
  • 1 posts

Posted 29 August 2007 - 09:49 PM

I got nothin to say i just was wondering where u download this stuff cause everyones like o yea this works awesome on my comp and i was wondering where they get the download link?

#23 beardednose


    Retired GSO First Lieutenant

  • Sergeant Major
  • 1,917 posts

Posted 30 August 2007 - 06:49 PM

Nice list, but I beg to differ on System Restore. Saved me several times when I killed an app or screwed a driver.
Don't post just a THANKS! Here's why...

Forum Rules you need to know...RuLeS

#24 cortisona



  • Members
  • 1 posts

Posted 23 August 2008 - 08:22 PM


Eduardo : NO thks. no revival of old threads...specially if it is your first post. read the rules.

#25 bruxelles



  • Members
  • 12 posts

Posted 31 August 2008 - 04:17 PM

people have to know this tutorial is for people who are using direct conection  if u use wireless conection u have to be carefull when u disable some services

#26 sysadmin



  • Members
  • 1 posts

Posted 20 March 2009 - 04:27 AM

Well I re-touched the batch file that I made after ComSec's post. Now its ready to rock .... U can make the necessary changes to the batch file I made, but do not remove the name of the author, PLEASE !


may i know how to get the batch file please ?



#27 goodswitch



  • Members
  • 7 posts

Posted 01 December 2011 - 01:36 AM

i fnish it as long as i have a time

#28 goodswitch



  • Members
  • 7 posts

Posted 07 December 2011 - 12:59 AM

along with this keep ipsec service enables and make a policy to disable incoming conn's to port 135,137,139,445,1025 ,etc.,etc. if u dont want netbios . Or use wwdc.exe from