Guidance on disabling system services on Windows IoT Enterprise
Applies to:
Applies to:
✅ Windows 11 IoT Enterprise
✅ Windows 10 IoT Enterprise
✅ Windows 10 IoT Enterprise LTSC 2021
The Windows IoT Enterprise operating system includes many system services run in the background without a user interface to provide core operating system features. Each service is configured to start under certain circumstances, which were carefully chosen for each service to provide a balance of performance, functionality and security for the typical Windows user. These start types include the following.
- Automatically start when Windows starts
- Automatically start when a user logs in
- Manually start when the functionality that it provides is needed
- Disabled by default
When building a fixed-function, specialized device based on Windows IoT Enterprise a device maker might need to reconfigure these startup values to increase the security posture or reduce resource overhead by disabling services that aren't needed for a specific device scenario. This article includes detailed guidance regarding which services can safely be disabled as well as links to more resources that provide step by step configuration instructions for multiple methods.
Guidance descriptions
For all system services listed in this document, Microsoft provides guidance for enabling and disabling system services in Windows IoT Enterprise.
- 🟡 No guidance: The effect of disabling these services isn't fully evaluated. Therefore, the default configuration of these services shouldn't be changed.
- ⛔ Don't disable: Disabling this service impacts essential functionality by preventing specific roles and features from functioning correctly. Therefore it shouldn't be disabled.
- 🟢 OK to disable: This service provides functionality that is useful to some but not all enterprises, and security-focused enterprises that don't use it can safely disable it.
- ✅ Already disabled: This service is disabled by default; no need to enforce with policy.
- 🔵 Should be disabled: This service should never be enabled on a well-managed enterprise system.
Per User Services
When a user signs in to Windows, the OS creates per-user services. When the user signs out, these services are stopped and deleted. They run in the security context of the user account instead of a built-in security principal. Windows creates these per-user services based on templates defined in the registry. If you need to manage or control behaviors of these services, you can adjust the template. For more information about inspecting and configuring Per-user Services, see Per User Services in Windows
The following table lists per-user services in the current version of Windows. Other versions of Windows 10/11 might not have the same services available. Before you reconfigure any of these services, review this information to understand the implications. For example, if you disable the per-user service, there might be dependent apps that don't work correctly.
Service Name | Startup Type (Default) |
Recommendation | Description |
---|---|---|---|
Agent Activation runtime (AarSvc) |
Manual | ⛔ Don't disable | Runtime for activating conversational agent applications. |
Bluetooth User Support Service (BluetoothUserService) |
Manual | 🟢 OK to disable | Supports proper functionality of Bluetooth features relevant to each user session. |
Capture Service (CaptureService) |
Manual | 🟢 OK to disable | Enables optional screen capture functionality for applications that call screen capture APIs of the Windows.Graphics.Capture namespace. |
Clipboard User Service (cbdhsvc) |
Manual | 🟢 OK to disable | Windows uses this user service for clipboard scenarios. For example, clipboard history or sync across devices. For more information, see Clipboard in Windows. |
Cloud Backup and Restore Service (CloudBackupRestoreSvc) |
Manual | 🟡 No guidance | Monitors the system for changes in application and setting states. When required, this service does cloud backup and restore operations. |
Connected Devices Platform User Service (CDPUserSvc) |
Automatic | 🟢 OK to disable | This service allows the user to connect, manage, and control connected devices. These connected devices include mobile, Xbox, HoloLens, or smart/IoT devices. For one specific example, see Share things with nearby devices in Windows Dependencies include Network Connection Broker, Remote Procedure Call (RPC), TCP/IP Protocol Driver. |
ConsentUX (ConsentUxUserSvc) |
Manual | 🟢 OK to disable | Allows the system to request user consent to allow apps to access sensitive resources and information such as the device's location. |
Contact Data (PimIndexMaintenanceSvc) |
Manual | 🟢 OK to disable | Indexes contact data for fast contact searching. If you stop or disable this service, contacts might be missing from your search results. Dependencies include UnistoreSvc |
Credential Enrollment Manager (CredentialEnrollmentManagerUserSvc) |
Manual | ⛔ Don't disable | This service supports the secure storage and retrieval of user credentials. For example, tokens for web sites, remote desktop connections, or other apps. |
Device Association Broker (DeviceAssociationBroker) |
Manual | 🟡 No guidance | Supports in-app pairing and access checks for new device scenarios. Dependencies include DevicePicker, Shell Pairing UX. |
DevicePicker (DevicePickerUserSvc) |
Manual | 🟢 OK to disable | Windows uses this user service to manage Miracast, Digital Living Network Alliance (DLNA), and Discovery and Launch (DIAL) experiences. |
DevicesFlow (DevicesFlowUserSvc) |
Manual | 🟢 OK to disable | Allows the Connect user interface and Settings app to connect and pair with WiFi displays and Bluetooth devices. |
GameDVR and Broadcast User Service (BcastDVRUserService) |
Manual | 🟢 OK to disable | Windows uses this user service for game recordings and live broadcasts. |
Messaging Service (MessagingService) |
Manual | 🟢 OK to disable | This service supports text messaging and related functionality. |
Now Playing Session Manager (NPSMSvc) |
Manual | 🟡 No guidance | The now playing session manager (NPSM) service manages media sessions running on the device. |
Pen Service (PenService) |
Manual | 🟡 No guidance | When you press the tail button on a pen input device, this service responds to those actions. It can launch applications or take another action that you customize in Settings. For more information, see user documentation on How to use your Surface Pen or hardware developer documentation on Pen devices. |
Plan 9 Redirector Service (P9RdrSvc) |
Manual | 🟡 No guidance | Enables trigger-starting plan9 file servers, supported by Windows Subsystem for Linux. For more information, see Plan 9 from Bell Labs. |
Print Workflow (PrintWorkflowUserSvc) |
Manual | 🟡 No guidance | Provides support for Print Workflow applications. If you turn off this service, some printing functions might not work successfully. |
Sync Host (OneSyncSvc) |
Automatic | 🟢 OK to disable | This service synchronizes mail, contacts, calendar and various other user data. Mail and other applications dependent on this functionality doesn't work properly when this service isn't running. |
Udk User Service (UdkUserSvc) |
Manual | 🟢 OK to disable | Windows uses this service to coordinate between shell experiences. |
User Data Access (UserDataSvc) |
Manual | 🟢 OK to disable | Provides apps access to structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly. |
User Data Storage (UnistoreSvc) |
Manual | 🟢 OK to disable | Handles storage of structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly. |
Windows Push Notifications User Service (WpnUserService) |
Manual | ⛔ Don't disable | This service hosts Windows push notification service (WNS) platform that provides support for local and push notifications. Supported notifications are tile, toast and raw. |
System Services
The following table lists system services in the current version of Windows IoT Enterprise. Other versions of Windows IoT Enterprise might not have the same services available. Before you reconfigure any of these services, review this information to understand the implications.
Service Name | Startup Type (Default) |
Recommendation | Description |
---|---|---|---|
ActiveX Installer (AxInstSV) |
Manual | 🟢 OK to disable | Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls behaves according to default browser settings. |
AllJoyn Router Service (AJRouter) |
Manual | 🟢 OK to disable | Routes AllJoyn messages for the local AllJoyn clients. If this service is stopped the AllJoyn clients that don't have their own bundled routers are unable to run. |
App Readiness (AppReadiness) |
Manual | ⛔ Don't disable | Gets apps ready for use the first time a user signs in to this PC and when adding new apps. |
Application Identity (AppIDSvc) |
Manual | ⛔ Don't disable | Determines and verifies the identity of an application. Disabling this service prevents AppLocker from being enforced. |
Application Information (Appinfo) |
Manual | ⛔ Don't disable | Facilitates the running of interactive applications with more administrative privileges. If this service is stopped, users are unable to launch applications with the extra administrative privileges they require to perform desired user tasks. |
Application Layer Gateway Service (ALG) |
Manual | 🟢 OK to disable | Provides support for protocol plug-ins for Internet Connection Sharing |
Application Management (AppMgmt) |
Manual | 🟢 OK to disable | Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users are unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it fails to start. |
AppX Deployment Service (AppXSVC) |
Manual | 🟢 OK to disable | Provides infrastructure support for deploying Store applications. This service is started on demand and if disabled Store applications can't be deployed to the system, and doesn't function properly. |
AssignedAccessManager Service (AssignedAccessManagerSvc) |
Manual | ⛔ Don't disable | AssignedAccessManager Service supports kiosk experience in Windows. |
Auto Time Zone Updater (tzautoupdate) |
Disabled | ✅ Already disabled | Automatically sets the system time zone. |
AVCTP Service (BthAvctpSvc) |
Manual | 🟢 OK to disable | This is Audio Video Control Transport Protocol service. |
Background Intelligent Transfer Service (BITS) |
Manual | 🟢 OK to disable | Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, can't automatically download programs and other information. |
Background Tasks Infrastructure Service (BrokerInfrastructure) |
Automatic | ⛔ Don't disable | Windows infrastructure service that controls which background tasks can run on the system. |
Base Filtering Engine (BFE) |
Automatic | ⛔ Don't disable | The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service reduces the security of the system, resulting in unpredictable behavior in IPsec management and firewall applications. |
BitLocker Drive Encryption Service (BDESVC) |
Manual | ⛔ Don't disable | BDESVC hosts the BitLocker Drive Encryption service. BitLocker Drive Encryption provides secure startup for the operating system, and full volume encryption for OS, fixed or removable volumes. This service allows BitLocker to prompt users for various actions related to their volumes when mounted, and unlocks volumes automatically without user interaction. Additionally, it stores recovery information to Active Directory, if available, and, if necessary, ensures the most recent recovery certificates are used. Stopping or disabling the service would prevent users from using this functionality. |
Block Level Backup Engine Service (wbengine) |
Manual | 🟡 No guidance | The WBENGINE service is used by Windows Backup to perform backup and recovery operations. If this service is disabled, it can cause the currently running backup or recovery operation to fail. Disabling this service prevents backup and recovery operations using Windows Backup on this computer. |
Bluetooth Audio Gateway Service (BTAGService) |
Manual | 🟢 OK to disable | Service supporting the audio gateway role of the Bluetooth Handsfree Profile. |
Bluetooth Support Service (bthserv) |
Manual | 🟢 OK to disable | The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service prevent Bluetooth devices from operating properly and prevent new devices from being discovered or associated. |
BranchCache (PeerDistSvc) |
Manual | 🟢 OK to disable | This service caches network content from peers on the local subnet. |
Capability Access Manager Service (camsvc) |
Manual | 🟢 OK to disable | Capability Access Manager Service supports managing UWP apps access to app capabilities and checking an app's access to specific app capabilities. |
Cellular Time (autotimesvc) |
Manual | 🟢 OK to disable | This service sets time based on NITZ messages from a Mobile Network. |
Certificate Propagation (CertPropSvc) |
Manual | ⛔ Don't disable | Certificate Propagation service copies user and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and installs the smart card Plug and Play minidriver. Reconfiguring CertPropSvc isn't recommended. |
Client License Service (ClipSVC) |
Manual | 🟢 OK to disable | Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled applications bought using Microsoft Store doesn't behave correctly. |
CNG Key Isolation (KeyIso) |
Manual | ⛔ Don't disable | The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements. |
COM+ Event System (EventSystem) |
Automatic | ⛔ Don't disable | Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS closes and aren't able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it fails to start. |
COM+ System Application (COMSysApp) |
Manual | ⛔ Don't disable | Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components don't function properly. If this service is disabled, any services that explicitly depend on it fails to start. |
Connected Devices Platform Service (CDPSvc) |
Automatic | 🟢 OK to disable | This service is used for Connected Devices and Universal Glass scenarios. |
Connected User Experiences and Telemetry (DiagTrack) |
Automatic | 🟢 OK to disable | DiagTrack enables features that supports in-application and connected user experiences and manages the event-driven collection and transmission of diagnostic and usage information, which is used to improve the experience and quality of the Windows Platform, when the diagnostics and usage privacy option settings are enabled under Feedback and Diagnostics. |
CoreMessaging (CoreMessagingRegistrar) |
Automatic | ⛔ Don't disable | Manages communication between system components. |
Credential Manager (VaultSvc) |
Manual | ⛔ Don't disable | Provides secure storage and retrieval of credentials to users, applications and security service packages. |
Cryptographic Services (CryptSvc) |
Automatic | ⛔ Don't disable | Cryptograpic Services supports confirmation of file signatures and allows new programs to be installed, management of Trusted Root Certification Authority certificates from this computer, retrieval of root certificates from Windows Update, and enable scenarios such as SSL. Reconfiguring CryptSvc service isn't recommended. If this service is disabled, any services that explicitly depend on it fails to start. |
Data Sharing Service (DsSvc) |
Manual | ⛔ Don't disable | Provides data brokering between applications. |
Data Usage (DusmSvc) |
Automatic | ⛔ Don't disable | Network data usage, data limit, restrict background data, metered networks. |
DCOM Server Process Launcher (DcomLaunch) |
Automatic | ⛔ Don't disable | The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. Reconfiguring DcomLaunch service prevents proper functionality of programs using COM or DCOM. Reconfiguring DcomLaunch service isn't recommended. |
Delivery Optimization (DoSvc) |
Automatic | ⛔ Don't disable | Performs content delivery optimization tasks. |
Device Association Service (DeviceAssociationService) |
Manual | 🟢 OK to disable | Enables pairing between the system and wired or wireless devices. |
Device Install Service (DeviceInstall) |
Manual | ⛔ Don't disable | Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service results in system instability. |
Device Management Enrollment Service (DmEnrollmentSvc) |
Manual | 🟡 No guidance | Device Management Enrollment service performs device enrollment activities for device management. |
Device Management Wireless Application Protocol Push message Routing Service (dmwappushservice) |
Manual | 🟡 No guidance | This service provides wireless application push message routing. |
Device Setup Manager (DsmSvc) |
Manual | ⛔ Don't disable | Enables the detection, download and installation of device-related software. Reconfiguring DsmSvc results in devices using outdated software and isn't recommended. |
DevQuery Background Discovery Broker (DevQueryBroker) |
Manual | ⛔ Don't disable | Enables apps to discover devices with a background task. |
DHCP Client (Dhcp) |
Automatic | ⛔ Don't disable | Registers and updates IP addresses and DNS records for this computer. Reconfiguring the Dhcp service prevents receipt of dynamic IP addresses and DNS updates and isn't recommended. If this service is disabled, any services that explicitly depend on it fails to start. |
Diagnostic Execution Service (diagsvc) |
Manual | ⛔ Don't disable | Executes diagnostic actions for troubleshooting support. |
Diagnostic Policy Service (DPS) |
Automatic | ⛔ Don't disable | The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics don't function. |
Diagnostic System Host (WdiSystemHost) |
Manual | ⛔ Don't disable | The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. Reconfiguring the WdiSystemHost service causes diagnostics that depend on it to fail and isn't recommended. |
Dialog Blocking Service (DialogBlockingService) |
Disabled | ✅ Already disabled | Dialog Blocking Service |
Display Enhancement Service (DisplayEnhancementService) |
Manual | ⛔ Don't disable | A service for managing display enhancement such as brightness control. |
Display Policy Service (DispBrokerDesktopSvc) |
Automatic | ⛔ Don't disable | Manages the connection and configuration of local and remote displays. |
Distributed Link Tracking Client (TrkWks) |
Automatic | 🟢 OK to disable | Maintains links between NTFS files within a computer or across computers in a network. |
Distributed Transaction Coordinator (MSDTC) |
Automatic | 🟢 OK to disable | Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions fail. If this service is disabled, any services that explicitly depend on it fails to start. |
DNS Client (Dnscache) |
Automatic | ⛔ Don't disable | The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names continue to be resolved. However, the results of DNS name queries aren't cached and the computer's name isn't registered. If the service is disabled, any services that explicitly depend on it fails to start. |
Downloaded Maps Manager (MapsBroker) |
Automatic | 🟢 OK to disable | Windows service for application access to downloaded maps. This service is started on-demand by application accessing downloaded maps. Disabling this service prevents apps from accessing maps. |
Embedded Mode (embeddedmode) |
Manual | ⛔ Don't disable | The Embedded Mode service enables scenarios related to Background Applications. Disabling this service prevents Background Applications from being activated. |
Encrypting File System (EFS) |
Manual | ⛔ Don't disable | Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications are unable to access encrypted files. |
Enterprise App Management Service (EntAppSvc) |
Manual | 🟢 OK to disable | Enables enterprise application management. |
Extensible Authentication Protocol (EapHost) |
Manual | 🟢 OK to disable | The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication. |
Fax (Fax) |
Manual | 🟢 OK to disable | |
File History Service (fhsvc) |
Manual | ⛔ Don't disable | Protects user files from accidental loss by copying them to a backup location. |
Function Discovery Provider Host (fdPHost) |
Manual | 🟢 OK to disable | The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services - Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service disables network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols are unable to find network devices or resources. |
Function Discovery Resource Publication (FDResPub) |
Manual | 🟢 OK to disable | Publishes this computer and resources attached to this computer so they can be discovered over the network. Reconfiguring FDResPub service prevents discovery by other computers on the network. |
Geolocation Service (lfsvc) |
Manual | 🟢 OK to disable | This service monitors the current location of the system and manages geofences (a geographical location with associated events). If you turn off this service, applications are unable to use or receive notifications for geolocation or geofences. |
GraphicsPerfSvc (GraphicsPerfSvc) |
Manual | ⛔ Don't disable | Graphics performance monitor service. |
Group Policy Client (gpsvc) |
Automatic | ⛔ Don't disable | The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. Reconfiguring Group Policy Client services prevents management through Group Policy. Any components or applications that depend on the Group Policy component aren't functional if the service is disabled. |
Human Interface Device Service (hidserv) |
Manual | ⛔ Don't disable | Activates and maintains the use of hot buttons on keyboards, remote controls, and other multimedia devices. Reconfiguring the HidServ service isn't recommended. |
HV Host Service (HvHost) |
Manual | 🟢 OK to disable | Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system. |
Hyper-V Data Exchange Service (vmickvpexchange) |
Manual | 🟢 OK to disable | Provides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer. |
Hyper-V Guest Service Interface (vmicguestinterface) |
Manual | 🟢 OK to disable | Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine. |
Hyper-V Guest Shutdown Service (vmicshutdown) |
Manual | 🟢 OK to disable | Provides a mechanism to shut down the operating system of this virtual machine from the management interfaces on the physical computer. |
Hyper-V Heartbeat Service (vmicheartbeat) |
Manual | 🟢 OK to disable | Monitors the state of this virtual machine by reporting a heartbeat at regular intervals. This service helps you identify running virtual machines that stop responding. |
Hyper-V PowerShell Direct Service (vmicvmsession) |
Manual | 🟢 OK to disable | Provides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network. |
Hyper-V Remote Desktop Virtualization Service (vmicrdv) |
Manual | 🟢 OK to disable | Provides a platform for communication between the virtual machine and the operating system running on the physical computer. |
Hyper-V Time Synchronization Service (vmictimesync) |
Manual | 🟢 OK to disable | Synchronizes the system time of this virtual machine with the system time of the physical computer. |
Hyper-V Volume Shadow Copy Requestor (vmicvss) |
Manual | 🟢 OK to disable | Hyper-V Volume Shadow Copy Requestor service coordinates communications required by Volume Shadow Copy Service to back up applications and data on this virtual machine from the operating system on the physical computer. |
IKE and AuthIP IPsec Keying Modules (IKEEXT) |
Manual | ⛔ Don't disable | The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service prevents IKE and AuthIP key exchange with peer computers. Reconfiguring IKEEXT Service compromises security due to IPSec failures and isn't recommended. |
Internet Connection Sharing (SharedAccess) |
Manual | 🟢 OK to disable | Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. |
IP Helper (iphlpsvc) |
Automatic | 🟢 OK to disable | Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer doesn't have the enhanced connectivity benefits that these technologies offer. |
IP Translation Configuration Service (IpxlatCfgSvc) |
Manual | 🟢 OK to disable | Configures and enables translation from v4 to v6 and vice versa. |
IPsec Policy Agent (PolicyAgent) |
Manual | ⛔ Don't disable | Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool netsh ipsec . Reconfiguring PolicyAgent causes network connectivity issues if your policy requires that connections use IPsec, prevents remote management of Windows Firewall and isn't recommended. |
KtmRm for Distributed Transaction Coordinator (KtmRm) |
Manual | ⛔ Don't disable | Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). Reconfiguring the KtmRm service isn't recommended. Both MSDTC and KTM start this service automatically when needed. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager fails and any services that explicitly depend on it fails to start. |
Language Experience Service (LxpSvc) |
Manual | ⛔ Don't disable | Provides infrastructure support for deploying and configuring localized Windows resources. Reconfiguring the LxpSvc prevents the deployment of Windows languages and isn't recommended. |
Link-Layer Topology Discovery Mapper (lltdsvc) |
Manual | 🟢 OK to disable | Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map doesn't function properly. |
Local Profile Assistance Service (wlpasvc) |
Automatic | 🟢 OK to disable | This service provides profile management for subscriber identity modules. |
Local Session Manager (LSM) |
Automatic | ⛔ Don't disable | Core Windows Service that manages local user sessions. Reconfiguring Local Session Manager service causes system instability and isn't recommended. |
Microsoft (R) Diagnostics Hub Standard Collector (diagnosticshub.standardcollector.service) |
Manual | ⛔ Don't disable | Diagnostics Hub Standard Collector Service collects real time ETW events and processes them. Reconfiguring this service isn't recommended. |
Microsoft Account Sign-in Assistant (wlidsvc) |
Manual | 🟢 OK to disable | Enables user sign-in through Microsoft account identity services. If this service is stopped, users aren't able to log on to the computer with their Microsoft account. |
Microsoft App-V Client (AppVClient) |
Disabled | ✅ Already disabled | Manages App-V users and virtual applications. |
Microsoft Defender Antivirus Network Inspection Service (WdNisSvc) |
Manual | ⛔ Don't disable | Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols. |
Microsoft Defender Antivirus Service (WinDefend) |
Automatic | ⛔ Don't disable | Helps protect users from malware and other potentially unwanted software. |
Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) |
Automatic | 🟡 No guidance | Keeps Microsoft Edge up to update. Disabling MicrosoftEdgeElevationService prevents application updates. |
Microsoft Edge Update Service (edgeupdate) |
Automatic (Delayed Start) |
⛔ Don't disable | Keeps your Microsoft software up to date. If this service is disabled or stopped, your Microsoft software doesn't update. As a result, security vulnerabilities and issues can't be fixed. This service uninstalls itself when there's no Microsoft software using it. |
Microsoft Edge Update Service (edgeupdatem) |
Manual | ⛔ Don't disable | Keeps your Microsoft software up to date. If this service is disabled or stopped, your Microsoft software doesn't update. As a result, security vulnerabilities and issues can't be fixed. This service uninstalls itself when there's no Microsoft software using it. |
Microsoft iSCSI Initiator Service (MSiSCSI) |
Manual | 🟢 OK to disable | Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer isn't able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it fails to start. |
Microsoft Keyboard Filter (MsKeyboardFilter) |
Manual | 🟡 No guidance | Controls keystroke filtering and mapping. |
Microsoft Passport (NgcSvc) |
Manual | 🟢 OK to disable | Provides process isolation for cryptographic keys used to authenticate to a user's associated identity providers. If this service is disabled, all uses and management of these keys aren't available, which includes machine logon and single-sign on for apps and websites. This service starts and stops automatically. Reconfiguring the NgcSvc service isn't recommended. |
Microsoft Passport Container (NgcCtnrSvc) |
Manual | 🟢 OK to disable | Manages local user identity keys used to authenticate user to identity providers and TPM virtual smart cards. If this service is disabled, local user identity keys and TPM virtual smart cards aren't accessible. Reconfiguring the NgcCtnrSvc isn't recommended. |
Microsoft Software Shadow Copy Provider (swprv) |
Manual | 🟢 OK to disable | Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies can't be managed. If this service is disabled, any services that explicitly depend on it fails to start. |
Microsoft Storage Spaces SMP (smphost) |
Manual | 🟢 OK to disable | Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces can't be managed. |
Microsoft Store Install Service (InstallService) |
Manual | 🟢 OK to disable | |
Microsoft Windows SMS Router Service (SmsRouter) |
Manual | 🟢 OK to disable | |
Natural Authentication (NaturalAuthentication) |
Manual | 🟢 OK to disable | Signal aggregator service evaluates signals based on time, network, geolocation, bluetooth and cdf factors. Supported features are Device Unlock, Dynamic Lock and Dynamo MDM policies. |
Net.Tcp Port Sharing Service (NetTcpPortSharing) |
Disabled | ✅ Already disabled | Provides ability to share TCP ports over the net.tcp protocol. |
Netlogon (Netlogon) |
Manual | 🟢 OK to disable | Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer doesn't authenticate users and services and the domain controller can't register DNS records. If this service is disabled, any services that explicitly depend on it fails to start. |
Network Connected Devices Auto-Setup (NcdAutoSetup) |
Manual | 🟢 OK to disable | Network Connected Devices Auto-Setup service monitors and installs qualified devices that connect to a qualified network. Stopping or disabling this service prevents Windows from discovering and installing qualified network connected devices automatically. Users can still manually add network connected devices to a PC through the user interface. |
Network Connection Broker (NcbService) |
Manual | 🟢 OK to disable | Brokers connections that allow Microsoft Store Apps to receive notifications from the internet. |
Network Connections (Netman) |
Manual | ⛔ Don't disable | Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. |
Network Connectivity Assistant (NcaSvc) |
Manual | 🟢 OK to disable | Provides DirectAccess status notification for UI components. |
Network List Service (netprofm) |
Manual | 🟡 No guidance | Network List Service collects and stores properties for connected networks, and notifies applications when these properties change. |
Network Location Awareness (NlaSvc) |
Automatic | 🟢 OK to disable | Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it fails to start. |
Network Setup Service (NetSetupSvc) |
Manual | ⛔ Don't disable | The Network Setup Service manages the installation of network drivers and permits the configuration of low-level network settings. Stopping NetSetupSvc causes in-progress driver installations to fail and prevents configuration. Reconfiguring NetSetupSvc isn't recommended. |
Network Store Interface Service (nsi) |
Automatic | 🟡 No guidance | This service delivers network notifications (for example, interface addition/deleting etc.) to user mode clients. Stopping this service causes loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service fails to start. |
Offline Files (CscService) |
Manual | 🟢 OK to disable | The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches activity events and changes in cache state. |
OpenSSH Authentication Agent (ssh-agent) |
Disabled | ✅ Already disabled | Agent to hold private keys used for public key authentication. |
Optimize drives (defragsvc) |
Manual | 🟢 OK to disable | Helps the computer run more efficiently by optimizing files on storage drives. |
Parental Controls (WpcMonSvc) |
Manual | 🟢 OK to disable | Enforces parental controls for child accounts in Windows. If this service is stopped or disabled, parental controls aren't enforced. |
Payments and NFC/SE Manager (SEMgrSvc) |
Manual | 🟢 OK to disable | Manages payments and Near Field Communication (NFC) based secure elements. |
Peer Name Resolution Protocol (PNRPsvc) |
Manual | 🟢 OK to disable | |
Peer Networking Grouping (p2psvc) |
Manual | 🟢 OK to disable | |
Peer Networking Identity Manager (p2pimsvc) |
Manual | 🟢 OK to disable | |
Performance Counter DLL Host (PerfHost) |
Manual | ⛔ Don't disable | Enables remote users and 64-bit processes to query performance counters provided by 32-bit DLLs. If this service is stopped, only local users and 32-bit processes are able to query performance counters provided by 32-bit DLLs. |
Performance Logs & Alerts (pla) |
Manual | ⛔ Don't disable | Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information isn't collected. If this service is disabled, any services that explicitly depend on it fails to start. |
Phone Service (PhoneSvc) |
Manual | 🟢 OK to disable | Manages the telephony state on the device. |
Plug and Play (PlugPlay) |
Manual | 🟡 No guidance | Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service results in system instability. |
PNRP Machine Name Publication Service (PNRPAutoReg) |
Manual | 🟢 OK to disable | |
Portable Device Enumerator Service (WPDBusEnum) |
Manual | 🟢 OK to disable | Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices. |
Power (Power) |
Automatic | ⛔ Don't disable | Manages power policy and power policy notification delivery. |
Print Spooler (Spooler) |
Automatic | 🟢 OK to disable | This service spools print jobs and handles interaction with the printer. If you turn off this service, you aren't able to print or see your printers. |
Printer Extensions and Notifications (PrintNotify) |
Manual | 🟢 OK to disable | This service opens custom printer dialog boxes and handles notifications from a remote print server or a printer. Reconfiguring PrintNotivy prevents use of printer extensions and prevents notifications. |
Problem Reports and Solutions Control Panel Support (wercplsupport) |
Manual | 🟡 No guidance | This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports and Solutions control panel. |
Program Compatibility Assistant Service (PcaSvc) |
Automatic | 🟢 OK to disable | This service provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detects known compatibility problems. If this service is stopped, PCA doesn't function properly. |
Quality Windows Audio Video Experience (QWAVE) |
Manual | 🟢 OK to disable | Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization. |
Radio Management Service (RmSvc) |
Manual | 🟢 OK to disable | Radio Management and Airplane Mode Service. |
Recommended Troubleshooting Service (TroubleshootingSvc) |
Manual | 🟡 No guidance | Enables automatic mitigation for known problems by applying recommended troubleshooting. Disabling TroubleshootingSvc prevents recommended troubleshooting for problems on your device. |
Remote Access Auto Connection Manager (RasAuto) |
Manual | 🟢 OK to disable | Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address. |
Remote Access Connection Manager (RasMan) |
Manual | 🟢 OK to disable | Manages dial-up and virtual private network** (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it fails to start. |
Remote Desktop Configuration (SessionEnv) |
Manual | ⛔ Don't disable | Remote Desktop Configuration service** (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates. |
Remote Desktop Services (TermService) |
Manual | ⛔ Don't disable | Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item. |
Remote Desktop Services UserMode Port Redirector (UmRdpService) |
Manual | ⛔ Don't disable | Allows the redirection of Printers/Drives/Ports for RDP connections. |
Remote Procedure Call (RpcSs) |
Automatic | ⛔ Don't disable | The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM don't function properly. Disabling RpcSs service isn't recommended. |
Remote Procedure Call Locator (RpcLocator) |
Manual | 🟢 OK to disable | In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service doesn't provide any functionality and is present for application compatibility. |
Remote Registry (RemoteRegistry) |
Automatic | ⛔ Don't disable | Enables remote users to modify registry settings on this computer. Disabling RemoteRegistry service restricts registry updating to local users only and isn't recommended. |
Retail Demo Service (RetailDemo) |
Automatic | 🟢 OK to disable | The Retail Demo service controls device activity while the device is in retail demo mode. |
Routing and Remote Access (RemoteAccess) |
Disabled | ✅ Already disabled | Offers routing services to businesses in local area and wide area network environments. |
RPC Endpoint Mapper (RpcEptMapper) |
Automatic | ⛔ Don't disable | Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services doesn't function properly. |
Secondary Logon (seclogon) |
Manual | ⛔ Don't disable | Enables starting processes under alternate credentials. If this service is stopped, this type of logon access us unavailable. If this service is disabled, any services that explicitly depend on it fails to start. |
Secure Socket Tunneling Protocol Service (SstpSvc) |
Manual | 🟢 OK to disable | Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users aren't able to use SSTP to access remote servers. |
Security Accounts Manager (SamSs) |
Automatic | ⛔ Don't disable | The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service prevents other services in the system from being notified when the SAM is ready, which causes those services to fail to start correctly. This service shouldn't be disabled. |
Security Center (wscsvc) |
Manual | ⛔ Don't disable | The WSCSVC (Windows Security Center) service monitors and reports security health settings on the computer. The health settings include firewall (on/off), antivirus (on/off/out of date), antispyware (on/off/out of date), Windows Update (automatically/manually download and install updates), User Account Control (on/off), and Internet settings (recommended/not recommended). The service provides COM APIs for independent software vendors to register and record the state of their products to the Security Center service. The Security and Maintenance UI uses the service to provide systray alerts and a graphical view of the security health states in the Security and Maintenance control panel. Network Access Protection (NAP) uses the service to report the security health states of clients to the NAP Network Policy Server to make network quarantine decisions. The service also has a public API that allows external consumers to programmatically retrieve the aggregated security health state of the system. |
Sensor Data Service (SensorDataService) |
Manual | 🟢 OK to disable | Delivers data from various sensors. |
Sensor Monitoring Service (SensrSvc) |
Manual | 🟢 OK to disable | Monitors various sensors in order to expose data and adapt to system and user state. Reconfiguring Sensor Monitoring Service prevents dynamic response to changes in lighting conditions. Stopping this service might affect other system functionality and features as well. |
Sensor Service (SensorService) |
Manual | 🟢 OK to disable | A service for sensors that manages the functionality of different sensors. Manages Simple Device Orientation (SDO) and History for sensors. Loads the SDO sensor that reports device orientation changes. If this service is stopped or disabled, the SDO sensor doesn't load and autorotation doesn't occur. History collection from Sensors stop. |
Server (LanmanServer) |
Automatic | 🟢 OK to disable | Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions are unavailable. If this service is disabled, any services that explicitly depend on it fails to start. |
Shared PC Account Manager (shpamsvc) |
Automatic | 🟢 OK to disable | Manages profiles and accounts on a SharedPC configured device. |
Shell Hardware Detection (ShellHWDetection) |
Automatic | 🟢 OK to disable | Provides notifications for Auto-Play hardware events. |
Smart Card (SCardSvr) |
Manual | 🟢 OK to disable | Manages access to smart cards read by this computer. If this service is stopped, this computer is unable to read smart cards. If this service is disabled, any services that explicitly depend on it fails to start. |
Smart Card Device Enumeration Service (ScDeviceEnum) |
Manual | 🟢 OK to disable | Creates software device nodes for all smart card readers accessible to a given session. If this service is disabled, WinRT APIs aren't able to enumerate smart card readers. Needed almost exclusively for WinRT apps. |
Smart Card Removal Policy (SCPolicySvc) |
Manual | 🟢 OK to disable | Allows the system to be configured to lock the user desktop upon smart card removal. |
SNMP Trap (SNMPTRAP) |
Manual | 🟢 OK to disable | Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer don't receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it fails to start. |
Software Protection (sppsvc) |
Automatic | ⛔ Don't disable | Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications run in a notification mode. Disabling Software Protection isn't recommended. |
Spatial Data Service (SharedRealitySvc) |
Manual | ⛔ Don't disable | This service is used for Spatial Perception scenarios. |
Spot Verifier (svsvc) |
Manual | ⛔ Don't disable | Verifies potential file system corruptions. |
SSDP Discovery (SSDPSRV) |
Manual | 🟢 OK to disable | Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices aren't discovered. If this service is disabled, any services that explicitly depend on it fails to start. |
State Repository Service (StateRepository) |
Manual | ⛔ Don't disable | Provides required infrastructure support for the application model. |
Still Image Acquisition Events (WiaRpc) |
Manual | 🟢 OK to disable | Launches applications associated with still image acquisition events. |
Storage Service (StorSvc) |
Automatic (Delayed Start) |
🟡 No guidance | Provides enabling services for storage settings and external storage expansion. |
Storage Tiers Management (TieringEngineService) |
Manual | 🟡 No guidance | Optimizes the placement of data in storage tiers on all tiered storage spaces in the system. |
SysMain (SysMain) |
Automatic | ⛔ Don't disable | Maintains and improves system performance over time. |
System Event Notification Service (SENS) |
Automatic | 🟡 No guidance | Monitors system events and notifies subscribers to COM+ Event System of these events. |
System Events Broker (SystemEventsBroker) |
Automatic | ⛔ Don't disable | Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. |
System Guard Runtime Monitor Broker (SgrmBroker) |
Automatic (Delayed Start) |
⛔ Don't disable | Monitors and attests to the integrity of the Windows platform. |
Task Scheduler (Schedule) |
Automatic | ⛔ Don't disable | Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks aren't run at their scheduled times. If this service is disabled, any services that explicitly depend on it fails to start. |
TCP/IP NetBIOS Helper (lmhosts) |
Manual | 🟢 OK to disable | TCP/IP NetBIOS Helper service provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network enabling users to share files, print, and log on to the network. If this service is stopped, these functions aren't unavailable. If this service is disabled, any services that explicitly depend on it fails to start. |
Telephony (TapiSrv) |
Manual | 🟢 OK to disable | Provides Telephony API (TAPI) support for programs that control telephony devices. Disabling breaks Routing and Remote Access service (RRAS). |
Themes (Themes) |
Automatic | 🟢 OK to disable | Provides user experience theme management. Can't set accessibility themes when this service is disabled |
Time Broker (TimeBrokerSvc) |
Manual | ⛔ Don't disable | Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered. |
Touch Keyboard and Handwriting Panel Service (TabletInputService) |
Manual | 🟢 OK to disable | Enables Touch Keyboard and Handwriting Panel pen and ink functionality. |
Update Orchestrator Service for Windows Update (UsoSvc) |
Manual | ⛔ Don't disable | Manages Windows Updates. Stopping UsoSvc service prevents download and installing of latest updates. Windows Update (incl. WSUS) depends on this service. |
UPnP Device Host (upnphost) |
Manual | 🟢 OK to disable | Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices stop functioning, and hosted devices can't be added. If this service is disabled, any services that explicitly depend on it fails to start. |
User Experience Virtualization Service (UevAgentService) |
Disabled | ✅ Already disabled | Provides support for application and OS settings roaming. |
User Manager (UserManager) |
Automatic | ⛔ Don't disable | User Manager provides the runtime components required for multi-user interaction. Reconfiguring UserManager service might prevent applications from operating correctly and isn't recommended. |
User Profile Service (ProfSvc) |
Automatic | ⛔ Don't disable | This service is responsible for loading and unloading user profiles. Disabling or stopping User Profile Service prevents user sign-in and sign-out, apps might have problems getting to user data, and components don't receive profile event notifications. Reconfiguring User Profile Service isn't recommended. |
Virtual Disk (vds) |
Manual | 🟡 No guidance | Provides management services for disks, volumes, file systems, and storage arrays. |
Volume Shadow Copy (VSS) |
Manual | 🟢 OK to disable | Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies are unavailable for backup and the backup might fail. If this service is disabled, any services that explicitly depend on it fails to start. |
Volumetric Audio Compositor Service (VacSvc) |
Manual | 🟢 OK to disable | Hosts spatial analysis for Mixed Reality audio simulation. |
WalletService (WalletService) |
Manual | 🟢 OK to disable | Hosts objects used by clients of the wallet. |
WarpJITSvc (WarpJITSvc) |
Manual | 🟢 OK to disable | Enables JIT compilation support in d3d10warp.dll for processes in which code generation is disabled. |
Web Account Manager (TokenBroker) |
Manual | 🟢 OK to disable | This service is used by Web Account Manager to provide single-sign-on to apps and services. |
Web Client (WebClient) |
Manual | 🟢 OK to disable | Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions aren't available. If this service is disabled, any services that explicitly depend on it fails to start. |
Wi-Fi Direct Services Connection Manager (WFDSConMgrSvc) |
Manual | 🟢 OK to disable | Manages connections to wireless services, including wireless display and docking. |
Windows Audio (Audiosrv) |
Manual | 🟢 OK to disable | Manages audio for Windows-based programs. If this service is stopped, audio devices and effects don't function properly. If this service is disabled, any services that explicitly depend on it fails to start. |
Windows Audio Endpoint Builder (AudioEndpointBuilder) |
Manual | 🟢 OK to disable | Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects don't function properly. If this service is disabled, any services that explicitly depend on it fails to start. |
Windows Backup (SDRSVC) |
Manual | 🟢 OK to disable | Provides Windows Backup and Restore capabilities. |
Windows Biometric Service (WbioSrvc) |
Manual | 🟢 OK to disable | The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process. |
Windows Camera Frame Server (FrameServer) |
Manual | 🟢 OK to disable | Enables multiple clients to access video frames from camera devices. |
Windows Connect Now - Config Registrar (Wcncsvc) |
Automatic | 🟢 OK to disable | WCNCSVC hosts the Windows Connect Now Configuration, which is Microsoft's Implementation of Wireless Protected Setup (WPS) protocol. Wcncsvc service is used to configure Wireless LAN settings for an Access Point (AP) or a Wireless Device. The service is started programmatically as needed. |
Windows Connection Manager (Wcmsvc) |
Automatic | 🟢 OK to disable | Makes automatic connect/disconnect decisions based on the network connectivity options currently available to the PC and enables management of network connectivity based on Group Policy settings. |
Windows Defender Advanced Threat Protection Service (Sense) |
Manual | ⛔ Don't disable | Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols. |
Windows Defender Firewall (mpssvc) |
Manual | ⛔ Don't disable | Windows Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network. |
Windows Encryption Provider Host Service (WEPHOSTSVC) |
Manual | 🟢 OK to disable | Windows Encryption Provider Host Service brokers encryption related functionalities from non-Microsoft Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping Windows Encryption Provider Host Service compromises EAS compliancy checks established by connected Mail Accounts. |
Windows Error Reporting Service (WerSvc) |
Manual | ⛔ Don't disable | Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed. Collects and sends crash/hang data used by both Microsoft and non-Microsoft ISVs/IHVs. The data is used to diagnose crash-inducing bugs, which might include security bugs. Also needed for Corporate Error Reporting. |
Windows Event Collector (Wecsvc) |
Manual | ⛔ Don't disable | Windows Event Collector service manages persistent subscriptions to events from remote sources that support WS-Management protocol, including event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. When this service is stopped or disabled event subscriptions and forwarded events are prevented. Collects ETW events (including security events) for manageability, diagnostics. Lots of features and non-Microsoft tools rely on it, including security audit tools. |
Windows Event Log (EventLog) |
Automatic | ⛔ Don't disable | This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service might compromise security and reliability of the system. |
Windows Font Cache Service (FontCache) |
Automatic | ⛔ Don't disable | Optimizes performance of applications by caching commonly used font data. Applications start this service if it isn't already running. Reconfiguring Windows Font Cache Service might degrade application performance and isn't recommended. |
Windows Image Acquisition (stisvc) |
Manual | 🟢 OK to disable | Provides image acquisition services for scanners and cameras. |
Windows Insider Service (wisvc) |
Manual | 🟢 OK to disable | Provides infrastructure support for the Windows Insider Program. This service must remain enabled for the Windows Insider Program to work. |
Windows Installer (msiserver) |
Manual | ⛔ Don't disable | Adds, modifies, and removes applications provided as a Windows Installer (*.msi, *.msp) package. If this service is disabled, any services that explicitly depend on it fails to start. |
Windows License Manager Service (LicenseManager) |
Manual | 🟢 OK to disable | Provides infrastructure support for the Microsoft Store. This service is started on demand. When disabled, content acquired through the Microsoft Store doesn't function properly. |
Windows Management Instrumentation (Winmgmt) |
Automatic | ⛔ Don't disable | Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software doesn't function properly. If this service is disabled, any services that explicitly depend on it fails to start. |
Windows Management Service (WManSvc) |
Manual | ⛔ Don't disable | Performs management including Provisioning and Enrollment activities. |
Windows Media Player Network Sharing Service (WMPNetworkSvc) |
Manual | 🟢 OK to disable | Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play. |
Windows Mobile Hotspot Service (icssvc) |
Manual | 🟢 OK to disable | Provides the ability to share a cellular data connection with another device. |
Windows Modules Installer (TrustedInstaller) |
Manual | ⛔ Don't disable | Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer. |
Windows Perception Service (spectrum) |
Manual | 🟢 OK to disable | Enables spatial perception, spatial input, and holographic rendering. |
Windows Perception Simulation Service (perceptionsimulation) |
Manual | 🟢 OK to disable | Enables spatial perception simulation, virtual camera management and spatial input simulation. |
Windows Push Notifications System Service (WpnService) |
Automatic | ⛔ Don't disable | This service runs in session 0 and hosts the notification platform and connection provider, which handles the connection between the device and WNS server. |
Windows PushToInstall Service (PushToInstall) |
Manual | 🟢 OK to disable | Provides infrastructure support for the Microsoft Store. This service is started automatically and if disabled then remote installations don't function properly. |
Windows Remote Management (WinRM) |
Automatic | ⛔ Don't disable | Windows Remote Management** (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service uses a listener configured with the winrm.cmd command line tool or through Group Policy to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service doesn't depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS don't use the /wsman URL prefix. |
Windows Search (WSearch) |
Manual | 🟢 OK to disable | Provides content indexing, property caching, and search results for files, e-mail, and other content. |
Windows Security Service (SecurityHealthService) |
Automatic | ⛔ Don't disable | Windows Security Service handles unified device protection and health information. |
Windows Time (W32Time) |
Automatic | ⛔ Don't disable | Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization is prevented. Reconfiguring the Windows Time service isn't recommended. |
Windows Update (wuauserv) |
Manual | 🟢 OK to disable | Enables the detection, download, and installation of updates for Windows and other programs. Disabling Windows Update service prevents Windows Update, its automatic updating feature, and programs aren't able to use the Windows Update Agent (WUA) API. |
Windows Update Medic Service (WaaSMedicSvc) |
Manual | ⛔ Don't disable | |
WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc) |
Manual | ⛔ Don't disable | WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for autodiscovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol. Anything that uses the network stack can have a functional dependency on this service. Many organizations rely on WinHTTPAutoProxySvc to configure their internal networks' HTTP proxy routing. Without it, internally originating HTTP connections to the Internet fail. |
Wired AutoConfig (dot3svc) |
Manual | 🟢 OK to disable | The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that don't enforce 802.1X authentication are unaffected by the DOT3SVC service. |
WLAN Autoconfig (WLANSVC) |
Manual | 🟢 OK to disable | The WLANSVC service provides the logic required to configure, discover, connect to, and disconnect from a wireless local area network (WLAN) as defined by IEEE 802.11 standards. WLANSVC service also contains the logic to turn your computer into a software access point so that other devices or computers can connect to your computer wirelessly. Stopping or disabling the WLANSVC service make all WLAN adapters on your computer inaccessible from the Windows networking UI. Disabling WLANSVC isn't recommended if your computer has a WLAN adapter. |
WMI Performance Adapter (wmiApSrv) |
Manual | ⛔ Don't disable | Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated. |
Work Folders (workfolderssvc) |
Automatic | 🟢 OK to disable | This service syncs files with the Work Folders server, enabling you to use the files in Work Folders. |
Workstation (LanmanWorkstation) |
Automatic | ⛔ Don't disable | Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections are unavailable. If this service is disabled, any services that explicitly depend on it fails to start. |
WWAN AutoConfig (WwanSvc) |
Manual | 🟢 OK to disable | This service manages mobile broadband (GSM & CDMA) data card/embedded module adapters and connections by autoconfiguring the networks. Disabling WwanSvc isn't recommended for best user experience of mobile broadband devices. |
Xbox Accessory Management Service (XboxGipSvc) |
Manual | 🔵 Should be disabled | This service manages connected Xbox Accessories. |
Xbox Live Auth Manager (XblAuthManager) |
Manual | 🔵 Should be disabled | Provides authentication and authorization services for interacting with Xbox Live. If this service is stopped, some applications don't operate correctly. |
Xbox Live Game Save (XblGameSave) |
Manual | 🔵 Should be disabled | This service syncs save data for Xbox Live save enabled games. If this service is stopped, game save data doesn't upload to or download from Xbox Live. |
Xbox Live Networking Service (XboxNetApiSvc) |
Manual | 🔵 Should be disabled | This service supports the Windows.Networking.XboxLive application programming interface. |