Fine-Tuning Services

To make Windows Server 2008 as fast as possible you also need to do some Windows Services fine-tuning. Below is a table with a list of all services on a clean Windows Server 2008 Enterprise machine. This list is quite the same as the list of services in other editions of Windows Server 2008. If you have any additions/corrections to this list, site please leave a Comment with a description why you can tweak the service and when you might need it.

To edit the Startup Type of services do the following:
1. Open the Start menu, click Run, enter services.msc and click OK.
2. Right click the Service name and choose Properties.
3. Choose the value you want from the Startup type dropdown and click OK to save the setting.

ServiceNameDefault Startup TypeSafe Startup TypeTweaked Startup TypeComment
Application ExperienceAutomaticAutomaticAutomatic (Delayed Start)
Application InformationManual--
Application Layer Gateway ServiceManual--
Application ManagementManual--
Background Intelligent Transfer ServiceAutomatic (Delayed Start)--
Base Filtering EngineAutomatic--
Certificate PropagationManualManualDisabledThis service is only needed when you use Smart Cards.
CNG Key IsolationManual--
COM+ Event SystemAutomaticAutomaticAutomatic (Delayed Start)
COM+ System ApplicationManual--
Computer BrowserDisabled--Set it to Automatic if you want to view what other computers there are in your network. The service is not needed to browse them.
Cryptographic ServicesAutomaticAutomaticAutomaticNeeded for checking for signed drivers.
DCOM Server Process LauncherAutomatic--This service is needed for almost every other service so leave it.
Desktop Window Manager Session ManagerAutomaticAutomaticDisabledHeavy backgroundservice that is needed for the Aero interface. If you use Aero, leave it on.
DHCP ClientAutomatic--Can only be disabled if you configured a static ipaddress.
Diagnostic Policy ServiceAutomaticManualDisabledEnables problem detection, troubleshooting, and resolution for Windows components. Can forewarn disk failure based on SMART report.
Diagnostic Service HostManualManualDisabledDiagnostic tools that attempt to detect problems in memory, disk and files.
Diagnostic System HostManualManualDisabledDiagnostic tools that attempt to detect problems in memory, disk and files.
Distributed Link Tracking ClientAutomaticDisabledDisabledKeeps track of file locations across the network.
Distributed Transaction CoordinatorAutomatic (Delayed Start)ManualDisabledIs used by Microsoft SQL Server and IIS.
DNS ClientAutomatic--
Extensible Authentication ProtocolManual--
Function Discovery Provider HostManual--
Function Discovery Resource PublicationManualManualDisabledPublishes your computer resources over the network.
Group Policy ClientAutomatic--
Health Key and Certificate ManagementManual--
Human Interface Device AccessManual--
IKE and AuthIP IPsec Keying ModulesAutomaticAutomaticManualInternet Key Exchange is used for some VPN software.
Interactive Services DetectionManual--
Internet Connection Sharing (ICS)Disabled--
IP HelperAutomaticManualDisabledOnly needed if you need IPV6 support. Probably not needed.
IPsec Policy AgentAutomatic--
KtmRm for Distributed Transaction CoordinatorAutomatic (Delayed Start)ManualDisabled
Link-Layer Topology Discovery MapperManual--
Microsoft .NET Framework NGEN v2.0.50727_X86Manual--
Microsoft Fibre Channel Platform Registration ServiceManual--
Microsoft iSCSI Initiator ServiceManual--
Microsoft Software Shadow Copy ProviderManual--
Multimedia Class SchedulerManual--
NetlogonManualManualDisabledIf you are using a Domain Controller, leave this service. Otherwise you can disable it.
Network Access Protection AgentManual--
Network ConnectionsManual--
Network List ServiceAutomatic--
Network Location AwarenessAutomaticAutomaticAutomatic (Delayed Start)
Network Store Interface ServiceAutomaticAutomaticAutomatic (Delayed Start)
Offline FilesDisabled--
Performance Logs & AlertsManualManualDisabledPerformance logging. You probably don't use/need it.
Plug and PlayAutomatic--
PnP-X IP Bus EnumeratorDisabled--
Portable Device Enumerator ServiceManual--
Print SpoolerAutomatic--
Problem Reports and Solutions Control Panel SupportManual--
Protected StorageManual--
Remote Access Auto Connection ManagerManual--
Remote Access Connection ManagerManual--
Remote Procedure Call (RPC)Automatic--
Remote Procedure Call (RPC) LocatorManual--
Remote RegistryAutomaticManualDisabledIs needed if you want to access the computers registry from an other computer, but it might also be needed for local applications.
Resultant Set of Policy ProviderManual--
Routing and Remote AccessDisabled--
Secondary LogonAutomaticAutomaticAutomatic (Delayed Start)
Secure Socket Tunneling Protocol ServiceManual--
Security Accounts ManagerAutomatic--
ServerAutomaticAutomaticAutomatic (Delayed Start)
Shell Hardware DetectionAutomatic--
SL UI Notification ServiceManual--
Smart CardManualManualDisabledThis service is only needed when you use Smart Cards.
Smart Card Removal PolicyManualManualDisabledThis service is only needed when you use Smart Cards.
SNMP TrapManual--
Software LicensingAutomatic--
Special Administration Console HelperManual--
SSDP DiscoveryDisabled--
SuperfetchDisabled--
System Event Notification ServiceAutomatic--
Task SchedulerAutomatic--
TCP/IP NetBIOS HelperAutomatic--
TelephonyManualManualManualNeeded for dialup and VPN connections.
Terminal ServicesAutomaticManualDisabledAllows users to log in to this computer. Not required to make outward connections with Remote Desktop.
Terminal Services ConfigurationManual--
Terminal Services UserMode Port RedirectorManual--
ThemesDisabled--Needed if you use Themes.
Thread Ordering ServerManual--
TPM Base ServicesAutomatic (Delayed Start)--
UPnP Device HostDisabled--
User Profile ServiceAutomatic--
Virtual DiskManual--
Volume Shadow CopyManual--
Windows AudioManual--
Windows Audio Endpoint BuilderManual--
Windows Color SystemManual--
Windows Driver Foundation - User-mode Driver FrameworkManual--
Windows Error Reporting ServiceAutomatic--
Windows Event CollectorManual--
Windows Event LogAutomatic--
Windows FirewallAutomaticAutomaticAutomatic
Windows Image Acquisition (WIA)AutomaticAutomaticManualHas to be turned on if you hava digital camera (or a scanner) and want to be able to get images from your device.
Windows InstallerManual--
Windows Management InstrumentationAutomaticAutomaticAutomatic (Delayed Start)
Windows Modules InstallerManual--
Windows Remote Management (WS-Management)Automatic (Delayed Start)--
Windows TimeAutomatic--
Windows UpdateAutomatic (Delayed Start)--
WinHTTP Web Proxy Auto-Discovery ServiceManual--
Wired AutoConfigManual--
WMI Performance AdapterManual--
WorkstationAutomatic--

Leave a comment ?

21 Comments.

  1. Fine-Tuning Services | Windows 2008 Security - pingback on August 26, 2008 at 10:41 pm
  2. great, this is new isn’t it

    will try it and give a feedback

    thanks a lot…greetZ IceDevil

    Admin: That’s right, just added it yesterday. đŸ˜‰

  3. here my list

    [Services]
    AELOOKUPSVC = Automatic (Delayed Start)
    CRYPTSVC = Automatic (Delayed Start)
    DPS = Automatic (Delayed Start)
    EVENTSYSTEM = Automatic (Delayed Start)
    IKEEXT = Manual
    LANMANSERVER = Automatic (Delayed Start)
    MPSSVC = Manual
    NLASVC = Automatic (Delayed Start)
    NSI = Automatic (Delayed Start)
    QWAVE = Automatic (Delayed Start)
    REMOTEREGISTRY = Manual
    SECLOGON = Automatic (Delayed Start)
    SLUINOTIFY = Disabled
    TERMSERVICE = Automatic (Delayed Start)
    THEMES = Automatic
    TRKWKS = Automatic (Delayed Start)
    WINMGMT = Automatic (Delayed Start)
    WUAUSERV = Disabled

    changing it to Automatic (Delayed Start) maybe boost the startup

  4. Telephony is required for software VPN connections.

    Arris: Thanks for your reply; changed the ‘Tweaked Startup Type’ into ‘Manual’ because quite a lot people will use VPN.

  5. You’ve written that the Remote Registry service is only used for “Is only needed if you want to access the computers registry from an other computer.”. I’ve experienced that certain programs won’t install (or maybe even run, can’t remember) unless this service is running. Probably some bad programming, but it was a pain in the *ss to troubleshoot! So be aware if you disable this service.

  6. Remote registry is reguired for some corporate antivirus (trend at least)

  7. IKE and AuthIP IPsec Keying Modules not needed as far as i know

  8. Remote Registry is needed for sure by some .net programs when the are using remoting and maybe with wcf.

  9. if i disabled Distributed Transaction Coordinator

    i need KtmRm for Distributed Transaction Coordinator ?

    Arris: Updated the table.

  10. Recent Links Tagged With "autodiscovery" - JabberTags - pingback on November 2, 2008 at 7:04 am
  11. Anyway to automate these tunings ?

  12. with vlite 1.2 u could

    or look for reg in speedyvista website

    GL

  13. Once I tried to disable almost half of default services onWin2008.
    The boot time was not shorter by even a single second.
    Are you sure there is any speed gain by disabling the above services ?
    Did anyone measure the gains ?

    Regards,
    David

    Arris: Some people say it’s useless, others say it speeds up your system. Personally I do it to clean up the list of running services a bit and to possibly gain some performance improvement.

  14. I’d say enable Diagnostic Policy Service as it can forewarn disk failure based on SMART report.

    Arris: Thanks for your comment; updated the description.

  15. my windows firewall will not let me delay start

    Arris: Thanks for your comment, you are right so I updated the table!

  16. Following this list made my computer’s boot time extend to about 5-10 minutes from a normal ~30 seconds. I didn’t bother to divide and conquer as I was considering to figure out the culprit service but Cryptographic Services sounds like it may have been the issue. Delaying the start of this probably presented a problem on my Dell laptop. I have since reverted the changes and it is back to normal.

    Can I also add that there is not really much point to this. The gains are minimal, the fact that most people tech savvy enough to tinker here would know about sleep/hibernate, the fact that these services use very little resources during a user’s session, and the fact that it can easily cause problems as what happened to me.

    The only services you should be tinkering with are things like the Windows Firewall if you use a 3rd party one and others that are more “features” than “services” such as Indexing.

  17. windows image acquisition has to be turned on if you hava digital camera (or a scanner) and want to be able to get images from your device

  18. accurate specification of the above would be “Windows Image Acquisition (WIA)” or “imgsvc” for short

    Arris: Updated the table, thanks for your comment! :)

  19. Ok so I disabled stuff that was in the safe collumn and now I can’t connect to FTP sites in windows explorer :( I am very unhappy with your “safe startup type” configuration

    Arris: I don’t think this can be the problem because FTP is just some plain-text protocol that doesn’t require any cryptographic services or anything else. Try setting all service-settings to the values in the Default column; I expect you ‘ll still have the problem.

  20. I was extremely encouraged to find this internet site. I desired to thank you for this special study. I surely savored every little little bit of it including the many comments and that i have you bookmarked to test out new stuff you put up.

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>