Windows processes made EASY !

[APK]

You don't need the application experience, help and support, logical disk manager (do you put in a new hdd or 2 every time you boot? no? didn't think so :)), IPSEC, and you dont need TCP IP netbios helper (unless you're on an archaic lan).

You're pretty much right on the NetBIOS helper, you're on the mark as well (disabled to this one, unless you hit the exception you noted) - the rest? I'd just go "MANUAL" @ first, & see if ANYTHING you use, cranks them on. If not, disable then, & ONLY then.

and i'd like to see you install most applications without having windows instrumentation/+com system in the background. :)

If you think this one's "bad", take a peek @ the one by membername "Bold Fortune"... I mean that too!

E.G./I.E.-> It's way, WAY too "radical" & imo, "off" on more than a FEW points... @ some point, I think he was trying to 'shave off' as much as he could from Windows itself...

I started doing an "exceptions" post reply to the services alone that he turns off, with what each COULD affect adversely, as you have noted in your points...

LOL, know what happened?

The forums board threw me an abend/errmsg of "too many blocks of quote per single post, limit exceeded"... heck, it was so much to reply to, it was unreal.

I think the guy was not out to "optimize" windows, but to ABSOLUTELY minimalize it, though... sure seemed like it.

Then again, I truly just "skimmed" thru it, as it was very long, so I just touched the "major points" the tweaks themselves... could be he WAS out to absolutely shave windows to the bone... & it gave me the wrong impression I guess, if I figured it was a guide like this, because he was trimming things that I have seen stop Windows cold.

& to be honest? I think he was lying about DCOM Server Process & his being able to keep it DISABLED or, something was majorly up. I have had Windows down to 5 services, & with NO services before, messing around with security ACL's on them.

Was cool running with NO services @ all though. Not much to do, but, cool.

in short this guide kinda sucks.

Well, like I stated? If you think those points you hit are "too much"??

Man... Then, you have to see the guide done by "Bold Fortune" here.

I hate knocking folks' 'hard work' & all that, but sometimes, I see services guides that are way, WAY too radical, & DISABLE too much (when @ most, MANUAL should be used, @ least, @ first... test, & see if ANYTHING forces your manual services to go "on/active" & if not, THEN, & ONLY THEN, set them DISABLED - this varies by user & application mix too!).

E.G.-> Bold Fortune's, as the example I point out on a post here about optimizing windows via services cutoffs? well... I single it out, because of what you said, & it had more... it mentions stopping DCOM Server Process & COM+ Event System!

I was like "no way, too many things won't run, & will throw errs @ best if DCOM Server Process's off & COM+ Event System are cranked off too" (@ most? I'd set COM+ to manual, but leave DCOM server alone bigtime as AUTOMATIC).

HIS HAD TO BE ABOUT BLASTING WINDOWS CLEAN TO THE BONE. Heck, mess with services ACL's & other security in Windows "wrong"? You can actually end up IN WINDOWS alright, but lol, no services.

APK

Edited December 4, 2007 by APK

[thunderstruck88]

^ i hear you apk

i made an nlited build without +com and i couldn't install .net framework and half of the available windows updates. i dont know how bold fortune and the like manage with a system like that.

i read his article and it was definately helpful on some things, but i would never even consider doing every single thing he states. i like his guides cause he takes the time to provide the reasoning and explanation of every dll/exe/etc that he deletes, and you can tell he has spent years on it, but i would never cripple my system by applying everything he does.

my current service configuration, curtesy of nlite (i reduced the iso from 650 mb to 128 or so, 100% compatible with everything i use... it took a million reinstalls and virtual machine mounts but i eventually got there :))

..and windows installer, which i was too lazy to crop-in.

i got more useless services that never get started set to manual that im too lazy to delete via regedit

Edited December 4, 2007 by thunderstruck88

[APK]

Well, like I said: I do NOT like "cutting down" others' work... but, sometimes, you have to (to save others' a hassle).

With services, it largely matters what the person's out to do & what tools/softwares they work with daily really...

E.G.-> Just going right away to DISABLED status on a services' startup value is NOT a good idea (this is the 1 'failing' I feel the msconfig.exe tool has on its services tab in fact - it often forces me to re-examine it using services.msc because of that...) - as there MAY come a time when you need that service, or some application you use will need it, & it's NOT there.

You have to TEST first, on your individual setup, in other words, with YOUR individual application mix & tasks you do.

(You may find your setup will have to have variations from various services tuning guides, & that's OK, as long as you know the "upsides" & "downsides" of what it is that happens when you turn off a service (or, conversely, IF you leave it running? KNOW if it has exploits, or what ports it holds open for soliciting connections (if any), & the services' logon entity SID)).

One of the BEST ways to secure them, is to NOT run them, period. However, knowing what you may be affecting is another important thing to realize IF you elect to set them to DISABLED especially.

APK

P.S.=> Yours looks almost EXACTLY like mine (good choice on NOD32 by the way, great program, great design), except I set:

Logical Disk Manager & Shell Hardware Detection to MANUAL here...

Plus, I run a 3rd party service you don't (Port Reporter from MS)

The #id.string one... is that a remnant of a spyware/trojan/virus/malware? Looks it... trim it out, by finding it here:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

I also don't use THEMES (I like the "CLASSIC" Windows 2000 shell - lighter & faster, no GDI/User32 graphics subsystems repaints/overlays added work required... efficiency happens to fit the look I like better, so, I go with it!)

I also don't use DNS or DHCP clients, but, my LinkSys router lets me "get away with that" & I am online, just fine.

Unlike yourself though, I keep EventLogs active (but, I do so, for security & analysis purposes)...

However, I gain efficiency on this, by:

Moving my EVENTLOGS to a Solid-State UPS backed Ramdisk board via the subkeys here & altering their FILE values in each:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog

Under there, you will see the std. SYSTEM, Application, & SECURITY logs... each has a FILE value you can change to gain here by using other disks to house the logs.

On the SSD I use? I set it up like this (which you can do for a 2nd HDD if you wish & gain too, albeit not as much on seeks/reads/access speeds):

1.) 2gb on it, 1st 1gb parition = pagefile.sys

&

2.) 2nd 1gb partition =

a. webbrower caches

b. SANDBOXIE sandbox

c. Logging from EventLogs, apps, & services

d. %temp/tmp% environmental variables temp ops work

e. Lastly my %COMSPEC% cmd.exe is housed on it along with my HOSTS file for speed (this last one's easily moved in the registry too, DataBasePath value in Tcp/IP Parameters section in services, registry services path noted above, albeit in the Tcp services Parameters area))

This stops fragmenations happening due to small files being written & enlarged on my main C: drive which houses my OS & programs, only... & doesn't burden my main disk with I/O for them.

(This can alternately be done on a 2nd std. mechanical HDD, & it's how I used to do it, prior to getting this SSD in fact... it works!)

You probably have a very nice setup on yours I have to admit - security, & efficiency/speed, definitely... apk

Edited December 4, 2007 by APK

[thunderstruck88]

^thanks dude

the id string turned out to be bonjour mdnsresponder.exe, installed by msn messenger for sharing folders capability. i had unregistered the dll as per a tutorial i found around here a while ago but i forgot to axe the service

and about the router: mine has an option for static dhcp leases. its already in use in my home network (configured the router with no WPA protection whatsoever, but MAC address restrictions instead) but when i turn off the actual dhcp server it doesnt work. how did you configure static ips on yours? thanks

o and about disabling the DNS client: is there a tweak for not having an error popping up every time you select "Repair Connection" via control panel? Thats the problem with using windows, huh? its not smart enough to figure out that theres no DNS client running so refreshing it is completely useless! :)

[sundayx Veteran]

Windows processes made easy, here http://www.sysinfo.org/startuplist.php

[Aahz]

Disabling an unwanted service is kind of like locking an unwanted thread...you should delete them all-together and get it over with already.

I'm not worried so much about RAM and resources as I am about inherently insecure/flawed services installed on my machine to begin with. Get something like nLite and get rid of the damn things instead of worrying about disabled vs. manual.

You are always conserving a resource when you remove them from the installation disc = HDD space. (you just have to know what you are doing) :yes:

[APK]

I'm not worried so much about RAM and resources as I am about inherently insecure/flawed services installed on my machine to begin with. Get something like nLite and get rid of the damn things instead of worrying about disabled vs. manual.

What happens if one day you need to use said service (for whatever reasons), say, you wanted to network your machine with a newly purchased one, & you outright burnt out workstation & server services? That's just 1 example... (there are many more.)

Ordinarily, I'd agree with you, but given time & different things you'd learn about & want to do, you might need them in the future.

To each his own though, & I am serious about that.

APK

[APK]

^thanks dude

You're welcome. I just saw that & was like "Whoa Nelly", lol...

the id string turned out to be bonjour mdnsresponder.exe, installed by msn messenger for sharing folders capability. i had unregistered the dll as per a tutorial i found around here a while ago but i forgot to axe the service

Then, it's just a "cosmetic fix" I was giving you - if you burnt the lib that did the actual function, you really DID do what you needed to do anyhow.

and about the router: mine has an option for static dhcp leases. its already in use in my home network (configured the router with no WPA protection whatsoever, but MAC address restrictions instead) but when i turn off the actual dhcp server it doesnt work. how did you configure static ips on yours? thanks

I use a LinkSys BEFSX41, probably NOT the same as yours is, but, I did it one day just by testing to see if I could turn off BOTH the DNS CLIENT &/or DHCP CLIENT services, & it turned out that I could (where I never could using Windows XP Pro, it seems I can on Windows Server 2003, AND "get away with it").

Nothing special either really - I just list the IP Address of my router as my DEFAULT GATEWAY really. It works.

and about disabling the DNS client: is there a tweak for not having an error popping up every time you select "Repair Connection" via control panel?

I never, EVER have to do that, FORTUNATELY, so I never see it. Mine's not a wireless, it's "good ole' reliable copper wire RJ45" based.

Thats the problem with using windows, huh? its not smart enough to figure out that theres no DNS client running so refreshing it is completely useless! :)

LOL! Well, I think it depends on the version of Windows possibly, after all, I am not using XP like most folks are, & I can't truly tell you what may be allowing me to dispense with using DHCP client &/or DNS client, because I am NOT acting here using "Back Office" DNS/DHCP server services here either.

I would take a peek @ the last page though, & see what I was showing about how to move EventLogs + other apps' logs, %temp/tmp% ops, webbrowser caches, %comspec% location, possibly your HOSTS file & more to another disk though...

(AND< not necessarily an SSD like I use, but just another HDD...)

Just so you don't fragment your other MAIN C: disk (with your OS & Programs on it) with those temp/logs/webcache files (i.e.-.> having those files cause other ones on your main disk to frag & so you get more space on it back too, & MAINLY so you do not burden your OS + Programs disk with I/O for pagefile.sys, logs, webbrowser caches, OR %temp/tmp% ops).

APK

[+longgonebn Subscriber²]

I don't know if this was mentioned in this thread yet but if you are going to disable or set to manual these services you need to know one thing.

If you use adobe products, i found out because I use them and use Illustrator a lot, you need "Printer Spool" to be set to Automatic, otherwise if you try to save it will crash Illustrator.

[k22]

in case anyone disables something and cannot remember what the default was...

http://www.microsoft.com/resources/documen...s.mspx?mfr=true

[Darkon11]

First: I'm amazed that a topic can last an entire year !

Second: In the meantime I've reduced the needed services as you can see.

[APK]

First: I'm amazed that a topic can last an entire year !

Second: In the meantime I've reduced the needed services as you can see.

I take it you are trying to "shave windows down" as much as possible, AND, still have it be able to get into the OS shell... correct?

• You can do w/out DHCP, IF You have a router (I do it here, incidentally - I just set my router as my default gateway & OFF WE GO, no DHCP required)...
  

• You can also run without Logical Disk Manager set AUTOMATIC too (set manual).
  

• You can also run w/ out SHELL HARDWARE DETECTION set AUTOMATIC too, & turn it off later (if you went manual and it comes on anyhow).
  

See this post (got me "modded up" @ SLASHDOT):

http://slashdot.org/comments.pl?sid=157321&cid=13190570

It outlines how "low you can go" actually... & even lower IF you have a router (see my note on DHCP above). In actuality, I am fairly SURE you can leave ONLY Plug & Play & RPC running... & STILL get into Windows (but, question is, HOW MUCH CAN YOU DO AT THAT POINT, lol!)

:)

Also, if you REALLY want to get "crazy" & run windows, WITHOUT SERVICES @ ALL (& I have done it, quite by accident)? Alter the logon entities of the services (their ACL's) & you can LITERALLY get into Windows OS Explorer.exe shell, BUT, you cannot DO a heck of a lot either! Sounds nuts, but, I ran into that when I was experimenting with securing services...

I.E.-> I ran with NO SERVICES @ ALL, because I set them to a user that was either inactive (as the user the service logs on under in services.msc) OR, I made it so it logged on as my GUEST account (which is disabled)... it's been SO long, but I KNOW it is 'doable' & you can STILL get into Windows.

(IF ANY OF YOU ARE CRAZY ENOUGH TO TRY THIS LATTER ONE - be sure you have a backup of your system! F8 "Last Known Good Configuration" OR "Safe Mode" may help you out of it also, if it goes "nuts" on you!)

APK

P.S.=> I think a former co-worker of mine, Dr. Mark Russinovich, has ANOTHER way to do this, but... the specifics of HIS method eludes me now, but he also has discovered a way to run Windows, WITHOUT any services also... but, iirc, he too ran into what I did (limited functionality)... apk

Edited April 1, 2008 by APK

[APK]

I don't know if this was mentioned in this thread yet but if you are going to disable or set to manual these services you need to know one thing.

If you use adobe products, i found out because I use them and use Illustrator a lot, you need "Printer Spool" to be set to Automatic, otherwise if you try to save it will crash Illustrator.

Good point, & MAINLY because doing ADOBE .pdf formatted documents is just (iirc) really printing, albeit, TO A DOCUMENT (instead of to a printer port).

APK

[Darkon11]

I take it you are trying to "shave windows down" as much as possible, AND, still have it be able to get into the OS shell... correct?

• You can do w/out DHCP, IF You have a router (I do it here, incidentally - I just set my router as my default gateway & OFF WE GO, no DHCP required)...
  

• You can also run without Logical Disk Manager set AUTOMATIC too (set manual).
  

• You can also run w/ out SHELL HARDWARE DETECTION set AUTOMATIC too, & turn it off later (if you went manual and it comes on anyhow).
  

See this post (got me "modded up" @ SLASHDOT):

http://slashdot.org/comments.pl?sid=157321&cid=13190570

It outlines how "low you can go" actually... & even lower IF you have a router (see my note on DHCP above). In actuality, I am fairly SURE you can leave ONLY Plug & Play & RPC running... & STILL get into Windows (but, question is, HOW MUCH CAN YOU DO AT THAT POINT, lol!)

:)

Also, if you REALLY want to get "crazy" & run windows, WITHOUT SERVICES @ ALL (& I have done it, quite by accident)? Alter the logon entities of the services (their ACL's) & you can LITERALLY get into Windows OS Explorer.exe shell, BUT, you cannot DO a heck of a lot either! Sounds nuts, but, I ran into that when I was experimenting with securing services...

I.E.-> I ran with NO SERVICES @ ALL, because I set them to a user that was either inactive (as the user the service logs on under in services.msc) OR, I made it so it logged on as my GUEST account (which is disabled)... it's been SO long, but I KNOW it is 'doable' & you can STILL get into Windows.

(IF ANY OF YOU ARE CRAZY ENOUGH TO TRY THIS LATTER ONE - be sure you have a backup of your system! F8 "Last Known Good Configuration" OR "Safe Mode" may help you out of it also, if it goes "nuts" on you!)

APK

P.S.=> I think a former co-worker of mine, Dr. Mark Russinovich, has ANOTHER way to do this, but... the specifics of HIS method eludes me now, but he also has discovered a way to run Windows, WITHOUT any services also... but, iirc, he too ran into what I did (limited functionality)... apk

No, I don't have a router but you can still do without DHCP setting static the IP (which I don't like).

As I said in one of my first post this is not a barebone configuration and you can actually cut out something more. But I wanted a pretty functional windows W/O all the unnecessary (for me) stuff .

I don't advice to go further since you could have an instable system.

Regards.

[Steven Block]

Just use CCleaner. Much much easier.

[APK]

No, I don't have a router but you can still do without DHCP setting static the IP (which I don't like).

The ONLY "problem" with that, is that IF you set you address STATIC in nature, & are in fact assigned addresses dynamically/periodically (which ISP/BSP's will do, so you cannot setup a website etc. et al w/ out paying "business account" prices), is that your IP address WILL CHANGE, eventually... meaning IF for instance, you setup a website on your homebox, eventually, it would not be reachable anymore...

As I said in one of my first post this is not a barebone configuration and you can actually cut out something more. But I wanted a pretty functional windows W/O all the unnecessary (for me) stuff .

Agreed, & I do much the same (have for years, since around 1994 or so in fact)... from this forums? I suppose THIS:

====================================

APK "A to Z" Internet Speedup & Security Text!

====================================

https://www.neowin.net/news/main/01/11/29/a...--security-text

(Posted by me101 on 29 November 2001 - 04:40 ? no comments & 795 views)

====================================>

Would be evidence of that, in & of itself (dated 2001 from here when me101 posted it, but it's actual origination date was around 1997-1998 thru 2002 when it was hosted @ NTCompatible.com)... been into this "madness-N-lunacy" for a 'little while'... lol!

I don't advice to go further since you could have an instable system.

Regards.

True, IF you push "too far", & like I said above, lol, while I was "experimenting" w/ securing services (because MacOS X had that on Windows for QUITE A WHILE in fact), I found you can get into Windows with no services alright, but, man... you can't DO much either, but, I suppose that depends on WHAT it is you intend to do with a PC that is...

APK