Appendix. Services

Table E-1 lists the background services installed by default in Windows Vista. Note that some of the following may not be present in your system (depending on your Windows edition or installed components), and you may see some services on your own computer that aren't listed here (which may have been added after you installed Windows Vista).

One of the advantages of services over standard applications and drivers is that they are run when Windows starts, but before a user logs in.

Services can be started, stopped, and configured to automatically start with the Services utility (services.msc). By default, most of the services listed in Table E-1 will remain dormant (stopped) until started by the user (directly or indirectly by starting a program that depends on these services). For more information on services, see "Microsoft Management Console," in Chapter 10.

If you disable any service, any other services that explicitly depend on it will fail to start. So be careful before disabling services, and if you find that one refuses to start, it may be because a service on which it depends has been disabled. Check the Event Viewer (see Chapter 11) for error messages from services.

Table E-1. Services in Windows Vista




Application Experience


Processes application compatibility cache requests for applications when they are launched.

Application Information


Helps interactive applications run with additional administrative privileges.

Application Layer Gateway Service


Provides support for third-party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.

Application Management


Provides software installation services such as Assign, Publish, and Remove.

Background Intelligent Transfer Service


Uses idle network bandwidth to transfer data.

Base Filtering Engine


Manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will reduce system security and cause unpredictable behavior in IPsec management and firewall applications.

Block Level Backup Engine Service


Performs block-level backup and recovery of data.

Certificate Propagation


Propagates certificates from smart cards.

CNG Key Isolation


Service stores and uses long-lived private keys and associated cryptographic operations in a secure process.

COM+ Event System


Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing component object model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications.

COM+ System Application


Manages the configuration and tracking of components based on COM+. If the service is stopped, most components based on COM+ will not function properly.

Computer Browser


Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained.

Cryptographic Services


Provides four management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly.

DCOM Server Process Launcher


Provides launch functionality for distributed component object model (DCOM) services. DCOM allows COM components to communicate over networks.

Desktop Window Manager Session Manager


Provides startup and maintenance services for the Desktop Window Manager, which is the windowing system that enables Windows Aero.

DFS Replication


Replicates files among multiple PCs and keeps them synchronized.

DHCP Client


Manages network configuration by registering and updating Internet Protocol (IP) addresses and Domain Name System (DNS) names.

Diagnostic Policy Service


Enables detection of problems, troubleshooting, and problem resolution for Windows components. If the service is stopped, diagnostics will no longer function.

Diagnostic Service Host


Enables detection of problems, troubleshooting, and problem resolution for Windows components. If the service is stopped, diagnostics will no longer function.

Diagnostic System Host


Enables detection of problems, troubleshooting, and problem resolution for Windows components. If the service is stopped, diagnostics will no longer function.

Distributed Link Tracking Client


Maintains links between NTFS files within a computer or across computers in a network domain.

Distributed Transaction Coordinator


Coordinates transactions that span multiple resource managers, such as databases, message queues, and filesystems. If this service is stopped, these transactions will not occur.

DNS Client


Resolves and caches DNS names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers.

Extensible Authentication Protocol


The Extensible Authentication Protocol (EAP) service provides network authentication for 802.1x wired and wireless, Virtual Private Network (VPN), and Network Access Protection (NAP). It also provides APIs used by network access clients, including wireless and VPN clients, during the authentication process. If you disable the service, the PC cannot access networks that require EAP authentication.



Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network.

Function Discovery Provider Host


The Host process for Function Discovery providers, which allows resources to be discovered over the network.

Function Discovery Resource Publication


Make information available to the computer and its attached resources so that they can be discovered over the network. If the service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network.

Group Policy Client


Applies settings configured by administrators for the computer and users through Group Policy. If the service is stopped or disabled, applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not work if the service is stopped or disabled.

Health Key and Certificate Management


Provides X.509 certificate and key management services for the Network Access Protection Agent. Enforcement technologies that use X.509 certificates may not function properly without the service.

Human Interface Device Access


Enables generic input access to Human Interface Devices (HIDs), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function.

IKE and AuthIP IPsec Keying Module


Modules used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the service will disable IKE and AuthIP key exchange with peer computers.

Interactive Services Detection


Enables notification of user input for interactive services. This enables access to dialogs created by interactive services when they appear. If the service is stopped, notifications of new interactive service dialogs will no longer function. If the service is disabled, both notifications of and access to new interactive service dialogs will no longer function.

Internet Connection Sharing (ICS)


Provides Network Address Translation (NAT), addressing, name resolution, and/or intrusion prevention services for a home or small-office network.

IP Helper


Provides automatic IPv6 connectivity over an IPv4 network. If the service is stopped, the PC will only have IPv6 connectivity if it is connected to a native IPv6 network.

IPsec Policy Agent


Enforces IPsec policies created through the IP Security Policies Snap-in or the command-line tool netsh ipsec. If you stop the service, you may experience network connectivity issues if your policy requires that connections use IPsec. Remote management of the Windows Firewall will not be available if the service is stopped.

KtmRm for Distributed Transaction Coordinator


Coordinates transactions between MSDTC and the Kernel Transaction Manager (KTM).

Link-Layer Topology Discovery Mapper


Creates the Network Map in the Network and Sharing Center. If this service is disabled, the Network Map will not function properly.

Microsoft .NET Framework NGEN


Microsoft .NET Framework native image generator (NGEN).

Microsoft iSCSI Initiator Service


Manages Internet SCSI (iSCSI) sessions from the computer to remote iSCSI target devices. If the service is stopped, this computer will not be able to log in or access iSCSI targets.

Microsoft Software Shadow Copy Provider


Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed.

Multimedia Class Scheduler


Used mainly by multimedia applications, this service enables relative prioritization of work based on system-wide task priorities. If the service is stopped, individual tasks resort to their default priority.

Net.Tcp Port Sharing Service


Provides ability to share TCP ports over the net.tcp protocol.



Maintains a secure channel between the PC and the domain controller for authenticating users and services. If the service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records.

Network Access Protection Agent


Enables NAP functionality, which allows network administrators to set security requirements for computers that want to connect to a network.

Network Connections


Manages objects in the Network and Dial-Up Connections folder.

Network List Service


Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change.

Network Location Awareness


Collects and stores configuration information for the network and notifies programs when the information is modified. If the service is stopped, configuration information might be unavailable.

Network Store Interface Service


Delivers network notifications to clients. Stopping the service will cause loss of network connectivity.

Offline Files


Performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state.

Parental Controls


Enables Parental Controls. If the service is not running, Parental Controls will not work.

Peer Name Resolution Protocol


Enables Serverless Peer Name Resolution over the Internet. If disabled, some Peer-to-Peer and Collaborative applications, such as Windows Meetings, may not function.

Peer Networking Grouping


Provides Peer Networking Grouping services.

Peer Networking Identity Manager


Provides Identity service for Peer Networking.

Performance Logs & Alerts


Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected.

Plug and Play


Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.

PnP-X IP Bus Enumerator


Manages the virtual network bus. It discovers network-connected devices using the SSDP/WS discovery protocols and gives them presence in PnP. If this service is stopped or disabled, presence of NCD devices will not be maintained in PnP.

PNRP Machine Name Publication Service


Publishes a machine name using the Peer Name Resolution Protocol.

Portable Device Enumerator Service


Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and the Image Import Wizard to transfer and synchronize content using removable mass-storage devices.

Print Spooler


Loads files to memory for later printing.

Problem Reports and Solutions Control Panel Support


Provides support for viewing, sending, and deleting system-level problem reports for the Problem Reports and Solutions control panel.

Program Compatibility Assistant Service


Provides support for the Program Compatibility Assistant. If this service is stopped, the Program Compatibility Assistant will not function properly. If this service is disabled, any services that depend on it will fail to start.

Protected Storage


Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.

Quality Windows Audio Video Experience (qWave)


A networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality of service (QoS) for AV applications.



Provides support for improving system performance using ReadyBoost.

Remote Access Auto Connection Manager


Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.

Remote Access Connection Manager


Creates a network connection.

Remote Procedure Call (RPC)


Provides the endpoint mapper and other miscellaneous RPC services.

Remote Procedure Call (RPC) Locator


Manages the RPC name service database.

Remote Registry


Enables remote users to modify Registry settings on this computer. If this service is stopped, only users on this computer can modify the Registry.

Routing and Remote Access


Offers routing services to businesses in local- and wide-area network environments.

Secondary Logon


Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable.

Security Accounts Manager


Stores security information for local user accounts.

Security Center


Monitors system security settings and configurations.



Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable.

Shell Hardware Detection


Provides notifications for AutoPlay hardware events.

SL UI Notification Service


Provides Software Licensing activation and notification.

Smart Card


Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards.

Smart Card Removal Policy


Allows the system to be configured to lock the user desktop upon smart card removal.



Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages.

Software Licensing


Enables the download, installation, and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a reduced function mode.

SSDP Discovery Service


Enables discovery of UPnP devices on your home network.



Maintains and improves system performance over time.

System Event Notification


Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.

Tablet PC Input Service


Enables Tablet PC pen and ink functionality.

Task Scheduler


Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times.



Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.



Provides Telephony API (TAPI) support for programs that control telephony devices and IP-based voice connections on the local computer and, through the LAN, on servers that are also running the service.

Terminal Services


Allows multiple users to be connected interactively to a machine as well as the display of Desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.

Terminal Services Configuration


Responsible for all Terminal Services and Remote Desktop-related configuration and session maintenance activities that require SYSTEM context.

Terminal Services UserMode Port Redirector


Allows the redirection of printers/drives/ports for RDP connections.



Provides user experience theme management.

Thread Ordering Server


Provides ordered execution for a group of threads within a specific period of time.

TPM Base Services


Enables access to the Trusted Platform Module (TPM), which provides hardware-based cryptographic services to system components and applications. If this service is stopped or disabled, applications will be unable to use keys protected by the TPM.

Universal Plug and Play Device Host


Provides support to host Universal Plug and Play devices.

User Profile Service


Responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully log on or log off, applications may have problems getting to users' data, and components registered to receive profile event notifications will not receive them.

Virtual Disk


Provides management services for disks, volumes, filesystems, and hardware array objects such as subsystems, controllers, and so on.

Volume Shadow Copy


Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail.



Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available.

Windows Audio


Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly.

Windows Audio Endpoint Builder


Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly.

Windows Backup


Provides Windows Backup and Restore capabilities.

Windows CardSpace


Securely enables the creation, management, and disclosure of digital identities.

Windows Color System


Hosts third-party Windows Color System color device model and gamut map model plug-in modules.

Windows Connect NowConfig Registrar


Acts as a registrar; issues network credential to enrollee.

Windows Defender


Scans your computer for unwanted software, schedules scans, and gets the latest unwanted software definitions.

Windows Driver FoundationUser-mode Driver Framework


Manages user-mode driver host processes.

Windows Error Reporting Service


Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed.

Windows Event Collector


Manages persistent subscriptions to events from remote sources that support the WS-Management protocol. This includes Windows Vista event logs, hardware, and IPMI-enabled event sources. If this service is stopped or disabled, event subscriptions cannot be created and forwarded events cannot be accepted.

Windows Event Log


Manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain-text formats. Stopping this service may compromise security and reliability of the system.

Windows Firewall


Helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network.

Windows Image Acquisition (WIA)


Provides image acquisition services for scanners and cameras.

Windows Installer


Installs, repairs, and removes software according to instructions contained in .msi files.

Windows Management Instrumentation


Provides a common interface and object model to access management information about operating systems, devices, applications, and services. If this service is stopped, most Windows-based software will not function properly.

Windows Media Center Receiver Service


Windows Media Center Service for TV and FM broadcast reception.

Windows Media Center Scheduler Service


Starts and stops recording of TV programs within Windows Media Center.

Windows Media Center Service Launcher


Starts Windows Media Center Scheduler and Windows Media Center Receiver services at startup if TV is enabled within Windows Media Center.

Windows Media Player Network Sharing Service


Shares Windows Media Player libraries with other networked players and media devices using Universal Plug and Play.

Windows Modules Installer


Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, you may not be able to install or uninstall Windows updates.

Windows Presentation Foundation Font Cache


Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications.

Windows Process Activation Service


Provides process activation, resource management, and health management services for message-activated applications.

Windows Remote Management (WS-Management)


Implements the WS-Management protocol for remote management, a standard web services protocol used for remote software and hardware management.

Windows Search


Provides content indexing and property caching for file, email, and other content (via extensibility APIs). If the service is stopped or disabled, the Explorer will not be able to display virtual folder views of items, and search in the Explorer will fall back to item-by-item slow search.

Windows Time


Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable.

Windows Update


Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API.

WinHTTP Web Proxy Auto-Discovery Service


Implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol.

Wired AutoConfig


Performs IEEE 802.1X authentication on Ethernet interfaces.

WLAN AutoConfig


Enumerates WLAN adapters, and manages WLAN connections and profiles.

WMI Performance Adapter


Provides performance library information from WMI HiPerf providers.



Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable.

World Wide Web Publishing Service


Provides web connectivity and administration through the Internet Information Services Manager.

Part II: Nutshell Reference