What are the recommended hardened services settings for Windows for PCI DSS, NERC-CIP, NIST 800-53 / 800-171 or other compliance standards?
Security Best Practice advocates the minimizing of your IT systems' 'Attack Surface'. By using CIS Benchmark secure configuration guidance we can harden systems against attack. Known vulnerabilities can be removed and defenses strengthened by applying an expert-derived configuration policy.
Server 2019 Hardened Services List
Download The Complete Hardened Services Guide
A-D
ActiveX Installer (AxInstSV) Service
Display Name: ActiveX Installer (AxInstSV) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:AxInstSV
Description:Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings.
AllJoyn Router Service
Display Name: AllJoyn Router Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:AJRouter
Description:Routes AllJoyn messages for the local AllJoyn clients. If this service is stopped the AllJoyn clients that do not have their own bundled routers will be unable to run.
App Readiness Service
Display Name: App Readiness Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:AppReadiness
Description:Gets apps ready for use the first time a user signs in to this PC and when adding new apps.
Application Identity Service
Display Name: Application Identity Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:AppIDSvc
Description:Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced.
Application Information Service
Display Name: Application Information Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:Appinfo
Description:Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks.
Application Layer Gateway Service
Display Name: Application Layer Gateway Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:ALG
Description:Provides support for 3rd party protocol plug-ins for Internet Connection Sharing
Application Management Service
Display Name: Application Management Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:AppMgmt
Description:Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start.
AppX Deployment Service (AppXSVC) Service
Display Name: AppX Deployment Service (AppXSVC) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:AppXSvc
Description:Provides infrastructure support for deploying Store applications. This service is started on demand and if disabled Store applications will not be deployed to the system, and may not function properly.
Auto Time Zone Updater (tzautoupdate) Service
Display Name: Auto Time Zone Updater (tzautoupdate) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:tzautoupdate
Description:Automatically sets the system time zone.
Background Intelligent Transfer Service
Display Name: Background Intelligent Transfer Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:BITS
Description:Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information.
Background Tasks Infrastructure (BrokerInfrastructure) Service
Display Name: Background Tasks Infrastructure (BrokerInfrastructure) Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:BrokerInfrastructure
Description:Windows infrastructure service that controls which background tasks can run on the system.
Base Filtering Engine Service
Display Name: Base Filtering Engine Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:BFE
Description:The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.
Bluetooth Support Service (bthserv) Service
Display Name: Bluetooth Support Service (bthserv) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:bthserv
Description:The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated.
CDPUserSvc (cdpusersvc) Service
Display Name: CDPUserSvc (cdpusersvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:CDPUserSvc
Description:This user service is used for Connected Devices Platform scenarios
Certificate Propagation Service
Display Name: Certificate Propagation Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:CertPropSvc
Description:Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver.
Client License Service (ClipSVC) Service
Display Name: Client License Service (ClipSVC) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:ClipSVC
Description:Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled applications bought using Windows Store will not behave correctly.
CNG Key Isolation Service
Display Name: CNG Key Isolation Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:KeyIso
Description:The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements.
COM+ Event System Service
Display Name: COM+ Event System Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:EventSystem
Description:Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
COM+ System Application Service
Display Name: COM+ System Application Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:COMSysApp
Description:Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Computer Browser Service
Display Name: Computer Browser Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:Browser
Description:Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Connected Devices Platform Service (CDPSvc) Service
Display Name: Connected Devices Platform Service (CDPSvc) Service
Hardened Start Mode: Automatic, Hardened Expected State: Running, Stopped
Name:CDPSvc
Description:This service is used for Connected Devices and Universal Glass scenarios
Connected User Experiences and Telemetry (DiagTrack) Service
Display Name: Connected User Experiences and Telemetry (DiagTrack) Service
Hardened Start Mode: Automatic, Hardened Expected State: Running
Name:DiagTrack
Description:The Connected User Experiences and Telemetry service enables features that support in-application and connected user experiences. Additionally, this service manages the event driven collection and transmission of diagnostic and usage information (used to improve the experience and quality of the Windows Platform) when the diagnostics and usage privacy option settings are enabled under Feedback and Diagnostics.
Contact Data (PimIndexMaintenanceSvc) Service
Display Name: Contact Data (PimIndexMaintenanceSvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:PimIndexMaintenanceSvc
Description:Indexes contact data for fast contact searching. If you stop or disable this service, contacts might be missing from your search results.
CoreMessaging (CoreMessagingRegistrar) Service
Display Name: CoreMessaging (CoreMessagingRegistrar) Service
Hardened Start Mode: Automatic, Hardened Expected State: Running
Name:CoreMessagingRegistrar
Description:Manages communication between system components.
Credential Manager Service
Display Name: Credential Manager Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:VaultSvc
Description:Provides secure storage and retrieval of credentials to users, applications and security service packages.
Cryptographic Services Service
Display Name: Cryptographic Services Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:CryptSvc
Description:Provides three management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Data Sharing (DsSvc) Service
Display Name: Data Sharing (DsSvc) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:DsSvc
Description:Provides data brokering between applications.
Data Sharing (DcpSvc) Service
Display Name: Data Sharing (DcpSvc) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:DcpSvc
Description:The DCP (Data Collection and Publishing) service supports first party apps to upload data to cloud.
DCOM Server Process Launcher Service
Display Name: DCOM Server Process Launcher Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:DcomLaunch
Description:The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running.
Device Association (deviceassociationservice) Service
Display Name: Device Association (deviceassociationservice) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:DeviceAssociationService
Description:Enables pairing between the system and wired or wireless devices.
Device Install (DeviceInstall) Service
Display Name: Device Install (DeviceInstall) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:DeviceInstall
Description:Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Device Management Enrollment (DmEnrollmentSvc) Service
Display Name: Device Management Enrollment (DmEnrollmentSvc) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:DmEnrollmentSvc
Description:Performs Device Enrollment Activities for Device Management
Device Setup (DsmSvc) Service
Display Name: Device Setup (DsmSvc) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:DsmSvc
Description:Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly.
DevQuery Background Discovery Broker (DevQueryBroker) Service
Display Name: DevQuery Background Discovery Broker (DevQueryBroker) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:DevQueryBroker
Description:Enables apps to discover devices with a backgroud task
DHCP Client Service
Display Name: DHCP Client Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:Dhcp
Description:Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start.
Diagnostic Policy Service
Display Name: Diagnostic Policy Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:DPS
Description:The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function.
Diagnostic Service Host Service
Display Name: Diagnostic Service Host Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:WdiServiceHost
Description:The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function.
Diagnostic System Host Service
Display Name: Diagnostic System Host Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:WdiSystemHost
Description:The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function.
Distributed Link Tracking Client Service
Display Name: Distributed Link Tracking Client Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:TrkWks
Description:Maintains links between NTFS files within a computer or across computers in a network.
Distributed Transaction Coordinator Service
Display Name: Distributed Transaction Coordinator Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:MSDTC
Description:Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start.
DMWAPPushService (dmwappushservice) Service
Display Name: DMWAPPushService (dmwappushservice) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:dmwappushservice
Description:WAP Push Message Routing Service
DNS Client Service
Display Name: DNS Client Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:Dnscache
Description:The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start.
Downloaded Maps Manager (MapsBroker) Service
Display Name: Downloaded Maps Manager (MapsBroker) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:MapsBroker
Description:Windows service for application access to downloaded maps. This service is started on-demand by application accessing downloaded maps. Disabling this service will prevent apps from accessing maps.
E-K
Embedded Mode (embeddedmode) Service
Display Name: Embedded Mode (embeddedmode) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:embeddedmode
Description:The Embedded Mode service enables scenarios related to Background Applications. Disabling this service will prevent Background Applications from being activated.
Encrypting File System (EFS) Service
Display Name: Encrypting File System (EFS) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:EFS
Description:Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files.
Enterprise App Management (EntAppSvc) Service
Display Name: Enterprise App Management (EntAppSvc) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:EntAppSvc
Description:Enables enterprise application management.
Extensible Authentication Protocol Service
Display Name: Extensible Authentication Protocol Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:EapHost
Description:The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication.
Function Discovery Provider Host Service
Display Name: Function Discovery Provider Host Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:fdPHost
Description:The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services - Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources.
Function Discovery Resource Publication Service
Display Name: Function Discovery Resource Publication Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:FDResPub
Description:Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network.
Geolocation (lfsvc) Service
Display Name: Geolocation (lfsvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:lfsvc
Description:This service monitors the current location of the system and manages geofences (a geographical location with associated events). If you turn off this service, applications will be unable to use or receive notifications for geolocation or geofences.
Group Policy Client Service
Display Name: Group Policy Client Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:gpsvc
Description:The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is disabled.
Human Interface Device Access Service
Display Name: Human Interface Device Access Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:hidserv
Description:Activates and maintains the use of hot buttons on keyboards, remote controls, and other multimedia devices. It is recommended that you keep this service running.
HV Host Service
Display Name: HV Host Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:HvHost
Description:Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system.
Hyper-V Data Exchange Service (vmickvpexchange) Service
Display Name: Hyper-V Data Exchange Service (vmickvpexchange) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:vmickvpexchange
Description:Provides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer.
Hyper-V Guest Service Interface (vmicguestinterface) Service
Display Name: Hyper-V Guest Service Interface (vmicguestinterface) Service
Hardened Start Mode: Manual, Hardened Expected State: Running, Stopped
Name:vmicguestinterface
Description:Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine.
Hyper-V Guest Shutdown Service (vmicshutdown) Service
Display Name: Hyper-V Guest Shutdown Service (vmicshutdown) Service
Hardened Start Mode: Manual, Hardened Expected State: Running, Stopped
Name:vmicshutdown
Description:Provides a mechanism to shut down the operating system of this virtual machine from the management interfaces on the physical computer.
Hyper-V Heartbeat Service (vmicheartbeat) Service
Display Name: Hyper-V Heartbeat Service (vmicheartbeat) Service
Hardened Start Mode: Manual, Hardened Expected State: Running, Stopped
Name:vmicheartbeat
Description:Monitors the state of this virtual machine by reporting a heartbeat at regular intervals. This service helps you identify running virtual machines that have stopped responding.
Hyper-V PowerShell Direct Service (vmicvmsession) Service
Display Name: Hyper-V PowerShell Direct Service (vmicvmsession) Service
Hardened Start Mode: Manual, Hardened Expected State: Running, Stopped
Name:vmicvmsession
Description:Provides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network.
Hyper-V Remote Desktop Virtualization Service (vmicrdv) Service
Display Name: Hyper-V Remote Desktop Virtualization Service (vmicrdv) Service
Hardened Start Mode: Manual, Hardened Expected State: Running, Stopped
Name:vmicrdv
Description:Provides a platform for communication between the virtual machine and the operating system running on the physical computer.
Hyper-V Time Synchronization Service (vmictimesync) Service
Display Name: Hyper-V Time Synchronization Service (vmictimesync) Service
Hardened Start Mode: Manual, Hardened Expected State: Running, Stopped
Name:vmictimesync
Description:Synchronizes the system time of this virtual machine with the system time of the physical computer.
Hyper-V Volume Shadow Copy Requestor (vmicvss) Service
Display Name: Hyper-V Volume Shadow Copy Requestor (vmicvss) Service
Hardened Start Mode: Manual, Hardened Expected State: Running, Stopped
Name:vmicvss
Description:Coordinates the communications that are required to use Volume Shadow Copy Service to back up applications and data on this virtual machine from the operating system on the physical computer.
IKE and AuthIP IPsec Keying Modules Service
Display Name: IKE and AuthIP IPsec Keying Modules Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:IKEEXT
Description:The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running.
Interactive Services Detection Service
Display Name: Interactive Services Detection Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:UI0Detect
Description:Enables user notification of user input for interactive services, which enables access to dialogs created by interactive services when they appear. If this service is stopped, notifications of new interactive service dialogs will no longer function and there might not be access to interactive service dialogs. If this service is disabled, both notifications of and access to new interactive service dialogs will no longer function.
Internet Connection Sharing (ICS) Service
Display Name: Internet Connection Sharing (ICS) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:SharedAccess
Description:Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
IP Helper Service
Display Name: IP Helper Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:iphlpsvc
Description:Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer.
IPsec Policy Agent Service
Display Name: IPsec Policy Agent Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:PolicyAgent
Description:Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool "netsh ipsec". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Firewall is not available when this service is stopped.
KDC Proxy Server service (KPSSVC) Service
Display Name: KDC Proxy Server service (KPSSVC) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:KPSSVC
Description:KDC Proxy Server service runs on edge servers to proxy Kerberos protocol messages to domain controllers on the corporate network.
KtmRm for Distributed Transaction Coordinator Service
Display Name: KtmRm for Distributed Transaction Coordinator Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:KtmRm
Description:Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start.
L-R
Link-Layer Topology Discovery Mapper Service
Display Name: Link-Layer Topology Discovery Mapper Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:lltdsvc
Description:Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly.
Local Session Manager Service
Display Name: Local Session Manager Service
Hardened Start Mode: Automatic, Hardened Expected State: Running
Name:LSM
Description:Core Windows Service that manages local user sessions. Stopping or disabling this service will result in system instability.
Microsoft (R) Diagnostics Hub Standard Collector Service (diagnosticshub.standardcollector.service) Service
Display Name: Microsoft (R) Diagnostics Hub Standard Collector Service (diagnosticshub.standardcollector.service) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:diagnosticshub.standardcollector.service
Description:Diagnostics Hub Standard Collector Service. When running, this service collects real time ETW events and processes them.
Microsoft App-V Client Service
Display Name: Microsoft App-V Client Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:wlidsvc
Description:Enables user sign-in through Microsoft account identity services. If this service is stopped, users will not be able to logon to the computer with their Microsoft account.
Microsoft Account Sign-in Assistant Service
Display Name: Microsoft Account Sign-in Assistant Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:AppVClient
Description:Manages App-V users and virtual applications
Microsoft iSCSI Initiator Service
Display Name: Microsoft iSCSI Initiator Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:MSiSCSI
Description:Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start.
Microsoft Passport (NgcSvc) Service
Display Name: Microsoft Passport (NgcSvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:NgcSvc
Description:Provides process isolation for cryptographic keys used to authenticate to a user's associated identity providers. If this service is disabled, all uses and management of these keys will not be available, which includes machine logon and single-sign on for apps and websites. This service starts and stops automatically. It is recommended that you do not reconfigure this service.
Microsoft Passport Container (NgcCtnrSvc) Service
Display Name: Microsoft Passport Container (NgcCtnrSvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:NgcCtnrSvc
Description:Manages local user identity keys used to authenticate user to identity providers as well as TPM virtual smart cards. If this service is disabled, local user identity keys and TPM virtual smart cards will not be accessible. It is recommended that you do not reconfigure this service.
Microsoft Software Shadow Copy Provider Service
Display Name: Microsoft Software Shadow Copy Provider Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:swprv
Description:Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
Microsoft Storage Spaces SMP (smphost) Service
Display Name: Microsoft Storage Spaces SMP (smphost) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:smphost
Description:Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed.
Net.Tcp Port Sharing Service
Display Name: Net.Tcp Port Sharing Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:NetTcpPortSharing
Description:Provides ability to share TCP ports over the net.tcp protocol.
Netlogon Service
Display Name: Netlogon Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:Netlogon
Description:Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start.
Network Access Protection Agent Service
Display Name: Network Access Protection Agent Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:NcbService
Description:Brokers connections that allow Windows Store Apps to receive notifications from the internet.
Network Connections Service
Display Name: Network Connections Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:Netman
Description:Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Network Connectivity Assistant (ncasvc) Service
Display Name: Network Connectivity Assistant (ncasvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:NcaSvc
Description:Provides DirectAccess status notification for UI components
Network List Service
Display Name: Network List Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:netprofm
Description:Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change.
Network Location Awareness Service
Display Name: Network Location Awareness Service
Hardened Start Mode: Auto, Hardened Expected State: Stopped, Running
Name:NlaSvc
Description:Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Network Setup (NetSetupSvc) Service
Display Name: Network Setup (NetSetupSvc) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:NetSetupSvc
Description:The Network Setup Service manages the installation of network drivers and permits the configuration of low-level network settings. If this service is stopped, any driver installations that are in-progress may be cancelled.
Network Store Interface Service
Display Name: Network Store Interface Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:nsi
Description:This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start.
Offline Files (CscService) Service
Display Name: Offline Files (CscService) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:CscService
Description:The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state.
Optimize Drives (defragsvc) Service
Display Name: Optimize Drives (defragsvc) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:defragsvc
Description:Helps the computer run more efficiently by optimizing files on storage drives.
Performance Counter DLL Host (PerfHost) Service
Display Name: Performance Counter DLL Host (PerfHost) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:PerfHost
Description:Enables remote users and 64-bit processes to query performance counters provided by 32-bit DLLs. If this service is stopped, only local users and 32-bit processes will be able to query performance counters provided by 32-bit DLLs.
Performance Logs and Alerts Service
Display Name: Performance Logs and Alerts Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:pla
Description:Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
Phone (PhoneSvc) Service
Display Name: Phone (PhoneSvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:PhoneSvc
Description:Manages the telephony state on the device
Plug and Play Service
Display Name: Plug and Play Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:PlugPlay
Description:Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Portable Device Enumerator (WPDBusEnum) Service
Display Name: Portable Device Enumerator (WPDBusEnum) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:WPDBusEnum
Description:Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices.
Power Service
Display Name: Power Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:Power
Description:Manages power policy and power policy notification delivery.
Print Spooler Service
Display Name: Print Spooler Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:Spooler
Description:This service spools print jobs and handles interaction with the printer. If you turn off this service, you won't be able to print or see your printers.
Printer Extensions and Notifications (PrintNotify) Service
Display Name: Printer Extensions and Notifications (PrintNotify) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:PrintNotify
Description:This service opens custom printer dialog boxes and handles notifications from a remote print server or a printer. If you turn off this service, you won't be able to see printer extensions or notifications.
Problem Reports and Solutions Control Panel Support Service
Display Name: Problem Reports and Solutions Control Panel Support Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:wercplsupport
Description:This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports and Solutions control panel.
Program Compatibility Assistant (PcaSvc) Service
Display Name: Program Compatibility Assistant (PcaSvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:PcaSvc
Description:This service provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detects known compatibility problems. If this service is stopped, PCA will not function properly.
Quality Windows Audio Video Experience (QWAVE) Service
Display Name: Quality Windows Audio Video Experience (QWAVE) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:QWAVE
Description:Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization.
Radio Management Service (RmSvc) Service
Display Name: Radio Management Service (RmSvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:RmSvc
Description:Radio Management and Airplane Mode Service
Remote Access Auto Connection Manager Service
Display Name: Remote Access Auto Connection Manager Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:RasAuto
Description:Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
Remote Access Connection Manager Service
Display Name: Remote Access Connection Manager Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:RasMan
Description:Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start.
Remote Desktop Configuration Service
Display Name: Remote Desktop Configuration Service
Hardened Start Mode: Manual, Hardened Expected State: Running
Name:SessionEnv
Description:Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates.
Remote Desktop Services Service
Display Name: Remote Desktop Services Service
Hardened Start Mode: Manual, Hardened Expected State: Running
Name:TermService
Description:Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item.
Remote Desktop Services UserMode Port Redirector
Display Name: Remote Desktop Services UserMode Port Redirector
Hardened Start Mode: Manual, Hardened Expected State: Running
Name:UmRdpService
Description:Allows the redirection of Printers/Drives/Ports for RDP connections
Remote Procedure Call (RPC) Service
Display Name: Remote Procedure Call (RPC) Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:RpcSs
Description:The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running.
Remote Procedure Call (RPC) Locator Service
Display Name: Remote Procedure Call (RPC) Locator Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:RpcLocator
Description:In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility.
Remote Registry Service
Display Name: Remote Registry Service
Hardened Start Mode: Auto, Hardened Expected State: Stopped/Running
Name:RemoteRegistry
Description:Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
Resultant Set of Policy Provider Service
Display Name: Resultant Set of Policy Provider Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:RSoPProv
Description:Provides a network service that processes requests to simulate application of Group Policy settings for a target user or computer in various situations and computes the Resultant Set of Policy settings.
Routing and Remote Access Service
Display Name: Routing and Remote Access Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:RemoteAccess
Description:Offers routing services to businesses in local area and wide area network environments.
RPC Endpoint Mapper Service
Display Name: RPC Endpoint Mapper Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:RpcEptMapper
Description:Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly.
S-V
Secondary Logon Service
Display Name: Secondary Logon Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:seclogon
Description:Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Secure Socket Tunneling Protocol Service
Display Name: Secure Socket Tunneling Protocol Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:SstpSvc
Description:Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers.
Security Accounts Manager Service
Display Name: Security Accounts Manager Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:SamSs
Description:The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled.
Sensor Data Service (SensorDataService) Service
Display Name: Sensor Data Service (SensorDataService) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:SensorDataService
Description:Delivers data from a variety of sensors
Sensor Monitoring Service (SensrSvc) Service
Display Name: Sensor Monitoring Service (SensrSvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:SensrSvc
Description:Monitors various sensors in order to expose data and adapt to system and user state. If this service is stopped or disabled, the display brightness will not adapt to lighting conditions. Stopping this service may affect other system functionality and features as well.
Sensor Service (SensorService) Service
Display Name: Sensor Service (SensorService) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:SensorService
Description:A service for sensors that manages different sensors' functionality. Manages Simple Device Orientation (SDO) and History for sensors. Loads the SDO sensor that reports device orientation changes. If this service is stopped or disabled, the SDO sensor will not be loaded and so auto-rotation will not occur. History collection from Sensors will also be stopped.
Server Service
Display Name: Server Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:LanmanServer
Description:Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Shell Hardware Detection Service
Display Name: Shell Hardware Detection Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:ShellHWDetection
Description:Provides notifications for AutoPlay hardware events.
Smart Card Service
Display Name: Smart Card Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:SCardSvr
Description:Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
Smart Card Device Enumeration (ScDeviceEnum) Service
Display Name: Smart Card Device Enumeration (ScDeviceEnum) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:ScDeviceEnum
Description:Creates software device nodes for all smart card readers accessible to a given session. If this service is disabled, WinRT APIs will not be able to enumerate smart card readers.
Smart Card Removal Policy (SCPolicySvc) Service
Display Name: Smart Card Removal Policy (SCPolicySvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:SCPolicySvc
Description:Allows the system to be configured to lock the user desktop upon smart card removal.
SNMP Trap Service
Display Name: SNMP Trap Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:SNMPTRAP
Description:Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start.
Software Protection Service
Display Name: Software Protection Service
Hardened Start Mode: Auto, Hardened Expected State: Stopped, Running
Name:sppsvc
Description:Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service.
Special Administration Console Helper Service
Display Name: Special Administration Console Helper Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:sacsvr
Description:Allows administrators to remotely access a command prompt using Emergency Management Services.
Spot Verifier Service
Display Name: Spot Verifier Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:svsvc
Description:Verifies potential file system corruptions.
SSDP Discovery Service
Display Name: SSDP Discovery Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:SSDPSRV
Description:Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start.
State Repository (StateRepository) Service
Display Name: State Repository (StateRepository) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:StateRepository
Description:Provides required infrastructure support for the application model.
Still Image Acquisition Events (WiaRpc) Service
Display Name: Still Image Acquisition Events (WiaRpc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:WiaRpc
Description:Launches applications associated with still image acquisition events.
Storage (StorSvc) Service
Display Name: Storage (StorSvc) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:StorSvc
Description:Provides enabling services for storage settings and external storage expansion
Storage Tiers Management Service
Display Name: Storage Tiers Management Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:TieringEngineService
Description:Optimizes the placement of data in storage tiers on all tiered storage spaces in the system.
Superfetch Service
Display Name: Superfetch Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:SysMain
Description:Maintains and improves system performance over time.
Sync Host (OneSyncSvc) Service
Display Name: Sync Host (OneSyncSvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:OneSyncSvc
Description:This service synchronizes mail, contacts, calendar and various other user data. Mail and other applications dependent on this functionality will not work properly when this service is not running.
System Event Notification Service
Display Name: System Event Notification Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:SENS
Description:Monitors system events and notifies subscribers to COM+ Event System of these events.
System Events Broker Service
Display Name: System Events Broker Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:SystemEventsBroker
Description:Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered.
Task Scheduler Service
Display Name: Task Scheduler Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:Schedule
Description:Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
TCP/IP NetBIOS Helper Service
Display Name: TCP/IP NetBIOS Helper Service
Hardened Start Mode: Manual, Hardened Expected State: Running
Name:lmhosts
Description:Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Telephony Service
Display Name: Telephony Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:TapiSrv
Description:Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service.
Themes Service
Display Name: Themes Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:Themes
Description:Provides user experience theme management.
Tile Data model server Service
Display Name: Tile Data model server Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:tiledatamodelsvc
Description:Tile Server for tile updates.
Time Broker (TimeBrokerSvc) Service
Display Name: Time Broker (TimeBrokerSvc) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:TimeBrokerSvc
Description:Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered.
Touch Keyboard and Handwriting Panel Service
Display Name: Touch Keyboard and Handwriting Panel Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:TabletInputService
Description:Enables Touch Keyboard and Handwriting Panel pen and ink functionality
Update Orchestrator Service for Windows Update (UsoSvc) Service
Display Name: Update Orchestrator Service for Windows Update (UsoSvc) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:UsoSvc
Description:Manages Windows Updates. If stopped, your devices will not be able to download and install latest updates.
UPnP Device Host Service
Display Name: UPnP Device Host Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:upnphost
Description:Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start.
User Access Logging Service
Display Name: User Access Logging Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:UALSVC
Description:This service logs unique client access requests, in the form of IP addresses and user names, of installed products and roles on the local server. This information can be queried, via Powershell, by administrators needing to quantify client demand of server software for offline Client Access License (CAL) management. If the service is disabled, client requests will not be logged and will not be retrievable via Powershell queries. Stopping the service will not affect query of historical data (see supporting documentation for steps to delete historical data). The local system administrator must consult his, or her, Windows Server license terms to determine the number of CALs that are required for the server software to be appropriately licensed; use of the UAL service and data does not alter this obligation.
User Data Access (UserDataSvc) Service
Display Name: User Data Access (UserDataSvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:UserDataSvc
Description:Provides apps access to structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly.
User Data Storage (UnistoreSvc) Service
Display Name: User Data Storage (UnistoreSvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:UnistoreSvc
Description:Handles storage of structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly.
User Experience Virtualization (UevAgentService) Service
Display Name: User Experience Virtualization (UevAgentService) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:UevAgentService
Description:Provides support for application and OS settings roaming
User Manager (UserManager) Service
Display Name: User Manager (UserManager) Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:UserManager
Description:User Manager provides the runtime components required for multi-user interaction. If this service is stopped, some applications may not operate correctly.
User Profile (ProfSvc) Service
Display Name: User Profile (ProfSvc) Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:ProfSvc
Description:This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully sign in or sign out, apps might have problems getting to users' data, and components registered to receive profile event notifications won't receive them.
Virtual Disk Service
Display Name: Virtual Disk Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:vds
Description:Provides management services for disks, volumes, file systems, and storage arrays.
Volume Shadow Copy Service
Display Name: Volume Shadow Copy Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:VSS
Description:Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
W-Z
WalletService (WalletService) Service
Display Name: WalletService (WalletService) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:WalletService
Description:Hosts objects used by clients of the wallet
Windows Audio Service
Display Name: Windows Audio Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:Audiosrv
Description:Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start
Windows Audio Endpoint Builder Service
Display Name: Windows Audio Endpoint Builder Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:AudioEndpointBuilder
Description:Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start
Windows Biometric Service
Display Name: Windows Biometric Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:WbioSrvc
Description:The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process.
Windows Connection Manager (wcmsvc) Service
Display Name: Windows Connection Manager (wcmsvc) Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:FrameServer
Description:Enables multiple clients to access video frames from camera devices.
Windows Camera Frame (FrameServer) Service
Display Name: Windows Camera Frame (FrameServer) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:Wcmsvc
Description:Makes automatic connect/disconnect decisions based on the network connectivity options currently available to the PC and enables management of network connectivity based on Group Policy settings.
Windows Defender Network Inspection (WdNisSvc) Service
Display Name: Windows Defender Network Inspection (WdNisSvc) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped/Running
Name:WdNisSvc
Description:Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols
Windows Defender (WinDefend) Service
Display Name: Windows Defender (WinDefend) Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:WinDefend
Description:Helps protect users from malware and other potentially unwanted software
Windows Driver Foundation - User-mode Driver Framework (wudfsvc) Service
Display Name: Windows Driver Foundation - User-mode Driver Framework (wudfsvc) Service
Hardened Start Mode: Manual, Hardened Expected State: Running/Stopped
Name:wudfsvc
Description:Creates and manages user-mode driver processes. This service cannot be stopped.
Windows Encryption Provider Host (WEPHOSTSVC) Service
Display Name: Windows Encryption Provider Host (WEPHOSTSVC) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:WEPHOSTSVC
Description:Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts
Windows Error Reporting (WerSvc) Service
Display Name: Windows Error Reporting (WerSvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:WerSvc
Description:Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed.
Windows Event Collector (Wecsvc) Service
Display Name: Windows Event Collector (Wecsvc) Service
Hardened Start Mode: Manual, Hardened Expected State: Running/Stopped
Name:Wecsvc
Description:This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted.
Windows Event Log (EventLog) Service
Display Name: Windows Event Log (EventLog) Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:EventLog
Description:This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system.
Windows Firewall (MpsSvc) Service
Display Name: Windows Firewall (MpsSvc) Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:MpsSvc
Description:Windows Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network.
Windows Font Cache (FontCache) Service
Display Name: Windows Font Cache (FontCache) Service
Hardened Start Mode: Auto, Hardened Expected State: Stopped, Running
Name:FontCache
Description:Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance.
Windows Image Acquisition (WIA) (stisvc) Service
Display Name: Windows Image Acquisition (WIA) (stisvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:stisvc
Description:Provides image acquisition services for scanners and cameras
Windows Insider (wisvc) Service
Display Name: Windows Insider (wisvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:wisvc
Description:wisvc
Windows Installer Service
Display Name: Windows Installer Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:msiserver
Description:Adds, modifies, and removes applications provided as a Windows Installer (*.msi, *.msp) package. If this service is disabled, any services that explicitly depend on it will fail to start.
Windows License Manager (LicenseManager) Service
Display Name: Windows License Manager (LicenseManager) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:LicenseManager
Description:Provides infrastructure support for the Windows Store. This service is started on demand and if disabled then content acquired through the Windows Store will not function properly.
Windows Management Instrumentation Service
Display Name: Windows Management Instrumentation Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:Winmgmt
Description:Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Windows Mobile Hotspot Service (icssvc) Service
Display Name: Windows Mobile Hotspot Service (icssvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:icssvc
Description:Provides the ability to share a cellular data connection with another device.
Windows Modules Installer Service
Display Name: Windows Modules Installer Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:TrustedInstaller
Description:Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer.
Windows Push Notifications System (WpnService) Service
Display Name: Windows Push Notifications System (WpnService) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:WpnService
Description:This service runs in session 0 and hosts the notification platform and connection provider which handles the connection between the device and WNS server.
Windows Push Notifications User (WpnUserService) Service
Display Name: Windows Push Notifications User (WpnUserService) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:WpnUserService
Description:This service hosts Windows notification platform which provides support for local and push notifications. Supported notifications are tile, toast and raw.
Windows Remote Management (WS-Management) Service
Display Name: Windows Remote Management (WS-Management) Service
Hardened Start Mode: Auto, Hardened Expected State: Stopped, Running
Name:WinRM
Description:Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix.
Windows Search (WSearch) Service
Display Name: Windows Search (WSearch) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:WSearch
Description:Provides content indexing, property caching, and search results for files, e-mail, and other content.
Windows Time Service
Display Name: Windows Time Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:W32Time
Description:Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Windows Update Service
Display Name: Windows Update Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped/Running
Name:wuauserv
Description:Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API.
WinHTTP Web Proxy Auto-Discovery (WinHttpAutoProxySvc) Service
Display Name: WinHTTP Web Proxy Auto-Discovery (WinHttpAutoProxySvc) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped/Running
Name:WinHttpAutoProxySvc
Description:WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol.
Wired AutoConfig Service
Display Name: Wired AutoConfig Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:dot3svc
Description:The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service.
WMI Performance Adapter Service
Display Name: WMI Performance Adapter Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:wmiApSrv
Description:Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated.
Workstation Service
Display Name: Workstation Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:LanmanWorkstation
Description:Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Xbox Live Auth Manager (XblAuthManager) Service
Display Name: Xbox Live Auth Manager (XblAuthManager) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:XblAuthManager
Description:Provides authentication and authorization services for interacting with Xbox Live. If this service is stopped, some applications may not operate correctly.
Xbox Live Game Save (XblGameSave) Service
Display Name: Xbox Live Game Save (XblGameSave) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:XblGameSave
Description:This service syncs save data for Xbox Live save enabled games. If this service is stopped, game save data will not upload to or download from Xbox Live.
OPTIONAL
Optional Services List: NNT ChangeTracker Gen7 Agent (Gen7Agent)
Display Name: Optional Services List: NNT ChangeTracker Gen7 Agent (Gen7Agent)
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:Gen7Agent
Description:NNT ChangeTracker Gen7 Agent (Gen7AgentService) collects system configuration change information on behalf of NNT Change Tracker.
Optional Services List: NNT Change Tracker Gen 7 MongoDB Service
Display Name: Optional Services List: NNT Change Tracker Gen 7 MongoDB Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:MongoDB
Description:MongoDB is the database for today's applications: innovative, fast time-to-market, globally scalable, reliable, and inexpensive to operate. With MongoDB, you can build applications that were never possible with traditional relational databases.
Optional Services List: NNT Change Tracker Gen 7 Redis Service
Display Name: Optional Services List: NNT Change Tracker Gen 7 Redis Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:Redis
Description:Redis is a high-performance, in-memory data structure store, used as database, cache and message broker used by the NNT Change Tracker Hub to handle high-volume event loads.
Optional Services List: ASP.NET State Service (aspnet_state) Service
Display Name: Optional Services List: ASP.NET State Service (aspnet_state) Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:aspnet_state
Description:Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
Optional Services List: World Wide Web Publishing Service
Display Name: Optional Services List: World Wide Web Publishing Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:W3SVC
Description:The World Wide Web Publishing Service (W3SVC) provides Web connectivity and administration of Web sites through the IIS snap-in. The service provides HTTP services for applications on the Windows operating system and contains a process manager and a configuration manager.
Optional Services List: W3C Logging Service
Display Name: Optional Services List: W3C Logging Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:w3logsvc
Description:W3C extended logging is type of server side logging that can be enabled on the server session or URL group. When W3C logging is enabled on a URL group, logging is performed only on requests that are routed to the URL Group. A separate log file is created for each URL group configured to enable W3C logging.
Server 2016 Hardened Services List
Download The Complete Hardened Services Guide
A-D
ActiveX Installer (AxInstSV) Service
Display Name: ActiveX Installer (AxInstSV) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:AxInstSV
Description:Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings.
AllJoyn Router Service
Display Name: AllJoyn Router Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:AJRouter
Description:Routes AllJoyn messages for the local AllJoyn clients. If this service is stopped the AllJoyn clients that do not have their own bundled routers will be unable to run.
App Readiness Service
Display Name: App Readiness Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:AppReadiness
Description:Gets apps ready for use the first time a user signs in to this PC and when adding new apps.
Application Host Helper Service
Display Name: Application Host Helper Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:AppHostSvc
Description:Provides administrative services for IIS, for example configuration history and Application Pool account mapping. If this service is stopped, configuration history and locking down files or directories with Application Pool specific Access Control Entries will not work.
Application Identity Service
Display Name: Application Identity Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:AppIDSvc
Description:Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced.
Application Information Service
Display Name: Application Information Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:Appinfo
Description:Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks.
Application Layer Gateway Service
Display Name: Application Layer Gateway Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:ALG
Description:Provides support for 3rd party protocol plug-ins for Internet Connection Sharing
Application Management Service
Display Name: Application Management Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:AppMgmt
Description:Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start.
AppX Deployment Service (AppXSVC) Service
Display Name: AppX Deployment Service (AppXSVC) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:AppXSvc
Description:Provides infrastructure support for deploying Store applications. This service is started on demand and if disabled Store applications will not be deployed to the system, and may not function properly.
ASP.NET State Service (aspnet_state) Service
Display Name: ASP.NET State Service (aspnet_state) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:aspnet_state
Description:Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
Auto Time Zone Updater (tzautoupdate) Service
Display Name: Auto Time Zone Updater (tzautoupdate) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:tzautoupdate
Description:Automatically sets the system time zone.
Background Intelligent Transfer Service
Display Name: Background Intelligent Transfer Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:BITS
Description:Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information.
Background Tasks Infrastructure (BrokerInfrastructure) Service
Display Name: Background Tasks Infrastructure (BrokerInfrastructure) Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:BrokerInfrastructure
Description:Windows infrastructure service that controls which background tasks can run on the system.
Base Filtering Engine Service
Display Name: Base Filtering Engine Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:BFE
Description:The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.
Bluetooth Support Service (bthserv) Service
Display Name: Bluetooth Support Service (bthserv) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:bthserv
Description:The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated.
CDPUserSvc (cdpusersvc) Service
Display Name: CDPUserSvc (cdpusersvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:CDPUserSvc
Description:This user service is used for Connected Devices Platform scenarios
Certificate Propagation Service
Display Name: Certificate Propagation Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:CertPropSvc
Description:Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver.
Client License Service (ClipSVC) Service
Display Name: Client License Service (ClipSVC) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:ClipSVC
Description:Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled applications bought using Windows Store will not behave correctly.
CNG Key Isolation Service
Display Name: CNG Key Isolation Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:KeyIso
Description:The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements.
COM+ Event System Service
Display Name: COM+ Event System Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:EventSystem
Description:Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
COM+ System Application Service
Display Name: COM+ System Application Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:COMSysApp
Description:Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Computer Browser Service
Display Name: Computer Browser Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:Browser
Description:Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Connected Devices Platform Service (CDPSvc) Service
Display Name: Connected Devices Platform Service (CDPSvc) Service
Hardened Start Mode: Automatic, Hardened Expected State: Running, Stopped
Name:CDPSvc
Description:This service is used for Connected Devices and Universal Glass scenarios
Connected User Experiences and Telemetry (DiagTrack) Service
Display Name: Connected User Experiences and Telemetry (DiagTrack) Service
Hardened Start Mode: Automatic, Hardened Expected State: Running
Name:DiagTrack
Description:The Connected User Experiences and Telemetry service enables features that support in-application and connected user experiences. Additionally, this service manages the event driven collection and transmission of diagnostic and usage information (used to improve the experience and quality of the Windows Platform) when the diagnostics and usage privacy option settings are enabled under Feedback and Diagnostics.
Contact Data (PimIndexMaintenanceSvc) Service
Display Name: Contact Data (PimIndexMaintenanceSvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:PimIndexMaintenanceSvc
Description:Indexes contact data for fast contact searching. If you stop or disable this service, contacts might be missing from your search results.
CoreMessaging (CoreMessagingRegistrar) Service
Display Name: CoreMessaging (CoreMessagingRegistrar) Service
Hardened Start Mode: Automatic, Hardened Expected State: Running
Name:CoreMessagingRegistrar
Description:Manages communication between system components.
Credential Manager Service
Display Name: Credential Manager Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:VaultSvc
Description:Provides secure storage and retrieval of credentials to users, applications and security service packages.
Cryptographic Services Service
Display Name: Cryptographic Services Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:CryptSvc
Description:Provides three management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Data Sharing (DsSvc) Service
Display Name: Data Sharing (DsSvc) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:DsSvc
Description:Provides data brokering between applications.
Data Sharing (DcpSvc) Service
Display Name: Data Sharing (DcpSvc) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:DcpSvc
Description:The DCP (Data Collection and Publishing) service supports first party apps to upload data to cloud.
DCOM Server Process Launcher Service
Display Name: DCOM Server Process Launcher Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:DcomLaunch
Description:The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running.
Device Association (deviceassociationservice) Service
Display Name: Device Association (deviceassociationservice) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:DeviceAssociationService
Description:Enables pairing between the system and wired or wireless devices.
Device Install (DeviceInstall) Service
Display Name: Device Install (DeviceInstall) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:DeviceInstall
Description:Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Device Management Enrollment (DmEnrollmentSvc) Service
Display Name: Device Management Enrollment (DmEnrollmentSvc) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:DmEnrollmentSvc
Description:Performs Device Enrollment Activities for Device Management
Device Setup (DsmSvc) Service
Display Name: Device Setup (DsmSvc) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:DsmSvc
Description:Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly.
DevQuery Background Discovery Broker (DevQueryBroker) Service
Display Name: DevQuery Background Discovery Broker (DevQueryBroker) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:DevQueryBroker
Description:Enables apps to discover devices with a backgroud task
DHCP Client Service
Display Name: DHCP Client Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:Dhcp
Description:Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start.
Diagnostic Policy Service
Display Name: Diagnostic Policy Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:DPS
Description:The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function.
Diagnostic Service Host Service
Display Name: Diagnostic Service Host Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:WdiServiceHost
Description:The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function.
Diagnostic System Host Service
Display Name: Diagnostic System Host Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:WdiSystemHost
Description:The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function.
Distributed Link Tracking Client Service
Display Name: Distributed Link Tracking Client Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:TrkWks
Description:Maintains links between NTFS files within a computer or across computers in a network.
Distributed Transaction Coordinator Service
Display Name: Distributed Transaction Coordinator Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:MSDTC
Description:Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start.
DMWAPPushService (dmwappushservice) Service
Display Name: DMWAPPushService (dmwappushservice) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:dmwappushservice
Description:WAP Push Message Routing Service
DNS Client Service
Display Name: DNS Client Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:Dnscache
Description:The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start.
Downloaded Maps Manager (MapsBroker) Service
Display Name: Downloaded Maps Manager (MapsBroker) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:MapsBroker
Description:Windows service for application access to downloaded maps. This service is started on-demand by application accessing downloaded maps. Disabling this service will prevent apps from accessing maps.
E-K
Embedded Mode (embeddedmode) Service
Display Name: Embedded Mode (embeddedmode) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:embeddedmode
Description:The Embedded Mode service enables scenarios related to Background Applications. Disabling this service will prevent Background Applications from being activated.
The Enhanced Mitigation Experience Toolkit (EMET) Service
Display Name: The Enhanced Mitigation Experience Toolkit (EMET) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:emet_service
Description:The Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited. EMET achieves this goal by using security mitigation technologies. These technologies function as special protections and obstacles that an exploit author must defeat to exploit software vulnerabilities. These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited. However, they work to make exploitation as difficult as possible to perform. EMET also provides a configurable SSL/TLS certificate pinning feature that is called Certificate Trust. This feature is intended to detect (and stop, with EMET 5.0) man-in-the-middle attacks that are leveraging the public key infrastructure (PKI).
Encrypting File System (EFS) Service
Display Name: Encrypting File System (EFS) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:EFS
Description:Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files.
Enterprise App Management (EntAppSvc) Service
Display Name: Enterprise App Management (EntAppSvc) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:EntAppSvc
Description:Enables enterprise application management.
Extensible Authentication Protocol Service
Display Name: Extensible Authentication Protocol Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:EapHost
Description:The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication.
Function Discovery Provider Host Service
Display Name: Function Discovery Provider Host Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:fdPHost
Description:The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services - Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources.
Function Discovery Resource Publication Service
Display Name: Function Discovery Resource Publication Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:FDResPub
Description:Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network.
Geolocation (lfsvc) Service
Display Name: Geolocation (lfsvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:lfsvc
Description:This service monitors the current location of the system and manages geofences (a geographical location with associated events). If you turn off this service, applications will be unable to use or receive notifications for geolocation or geofences.
Group Policy Client Service
Display Name: Group Policy Client Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:gpsvc
Description:The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is disabled.
Human Interface Device Access Service
Display Name: Human Interface Device Access Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:hidserv
Description:Activates and maintains the use of hot buttons on keyboards, remote controls, and other multimedia devices. It is recommended that you keep this service running.
HV Host Service
Display Name: HV Host Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:HvHost
Description:Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system.
Hyper-V Data Exchange Service (vmickvpexchange) Service
Display Name: Hyper-V Data Exchange Service (vmickvpexchange) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:vmickvpexchange
Description:Provides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer.
Hyper-V Guest Service Interface (vmicguestinterface) Service
Display Name: Hyper-V Guest Service Interface (vmicguestinterface) Service
Hardened Start Mode: Manual, Hardened Expected State: Running, Stopped
Name:vmicguestinterface
Description:Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine.
Hyper-V Guest Shutdown Service (vmicshutdown) Service
Display Name: Hyper-V Guest Shutdown Service (vmicshutdown) Service
Hardened Start Mode: Manual, Hardened Expected State: Running, Stopped
Name:vmicshutdown
Description:Provides a mechanism to shut down the operating system of this virtual machine from the management interfaces on the physical computer.
Hyper-V Heartbeat Service (vmicheartbeat) Service
Display Name: Hyper-V Heartbeat Service (vmicheartbeat) Service
Hardened Start Mode: Manual, Hardened Expected State: Running, Stopped
Name:vmicheartbeat
Description:Monitors the state of this virtual machine by reporting a heartbeat at regular intervals. This service helps you identify running virtual machines that have stopped responding.
Hyper-V PowerShell Direct Service (vmicvmsession) Service
Display Name: Hyper-V PowerShell Direct Service (vmicvmsession) Service
Hardened Start Mode: Manual, Hardened Expected State: Running, Stopped
Name:vmicvmsession
Description:Provides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network.
Hyper-V Remote Desktop Virtualization Service (vmicrdv) Service
Display Name: Hyper-V Remote Desktop Virtualization Service (vmicrdv) Service
Hardened Start Mode: Manual, Hardened Expected State: Running, Stopped
Name:vmicrdv
Description:Provides a platform for communication between the virtual machine and the operating system running on the physical computer.
Hyper-V Time Synchronization Service (vmictimesync) Service
Display Name: Hyper-V Time Synchronization Service (vmictimesync) Service
Hardened Start Mode: Manual, Hardened Expected State: Running, Stopped
Name:vmictimesync
Description:Synchronizes the system time of this virtual machine with the system time of the physical computer.
Hyper-V Volume Shadow Copy Requestor (vmicvss) Service
Display Name: Hyper-V Volume Shadow Copy Requestor (vmicvss) Service
Hardened Start Mode: Manual, Hardened Expected State: Running, Stopped
Name:vmicvss
Description:Coordinates the communications that are required to use Volume Shadow Copy Service to back up applications and data on this virtual machine from the operating system on the physical computer.
IKE and AuthIP IPsec Keying Modules Service
Display Name: IKE and AuthIP IPsec Keying Modules Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:IKEEXT
Description:The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running.
Interactive Services Detection Service
Display Name: Interactive Services Detection Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:UI0Detect
Description:Enables user notification of user input for interactive services, which enables access to dialogs created by interactive services when they appear. If this service is stopped, notifications of new interactive service dialogs will no longer function and there might not be access to interactive service dialogs. If this service is disabled, both notifications of and access to new interactive service dialogs will no longer function.
Internet Connection Sharing (ICS) Service
Display Name: Internet Connection Sharing (ICS) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:SharedAccess
Description:Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
IP Helper Service
Display Name: IP Helper Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:iphlpsvc
Description:Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer.
IPsec Policy Agent Service
Display Name: IPsec Policy Agent Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:PolicyAgent
Description:Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool "netsh ipsec". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Firewall is not available when this service is stopped.
KDC Proxy Server service (KPSSVC) Service
Display Name: KDC Proxy Server service (KPSSVC) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:KPSSVC
Description:KDC Proxy Server service runs on edge servers to proxy Kerberos protocol messages to domain controllers on the corporate network.
KtmRm for Distributed Transaction Coordinator Service
Display Name: KtmRm for Distributed Transaction Coordinator Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:KtmRm
Description:Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start.
L-R
Link-Layer Topology Discovery Mapper Service
Display Name: Link-Layer Topology Discovery Mapper Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:lltdsvc
Description:Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly.
Local Session Manager Service
Display Name: Local Session Manager Service
Hardened Start Mode: Automatic, Hardened Expected State: Running
Name:LSM
Description:Core Windows Service that manages local user sessions. Stopping or disabling this service will result in system instability.
Microsoft (R) Diagnostics Hub Standard Collector Service (diagnosticshub.standardcollector.service) Service
Display Name: Microsoft (R) Diagnostics Hub Standard Collector Service (diagnosticshub.standardcollector.service) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:diagnosticshub.standardcollector.service
Description:Diagnostics Hub Standard Collector Service. When running, this service collects real time ETW events and processes them.
Microsoft App-V Client Service
Display Name: Microsoft App-V Client Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:wlidsvc
Description:Enables user sign-in through Microsoft account identity services. If this service is stopped, users will not be able to logon to the computer with their Microsoft account.
Microsoft Account Sign-in Assistant Service
Display Name: Microsoft Account Sign-in Assistant Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:AppVClient
Description:Manages App-V users and virtual applications
Microsoft iSCSI Initiator Service
Display Name: Microsoft iSCSI Initiator Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:MSiSCSI
Description:Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start.
Microsoft Passport (NgcSvc) Service
Display Name: Microsoft Passport (NgcSvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:NgcSvc
Description:Provides process isolation for cryptographic keys used to authenticate to a user's associated identity providers. If this service is disabled, all uses and management of these keys will not be available, which includes machine logon and single-sign on for apps and websites. This service starts and stops automatically. It is recommended that you do not reconfigure this service.
Microsoft Passport Container (NgcCtnrSvc) Service
Display Name: Microsoft Passport Container (NgcCtnrSvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:NgcCtnrSvc
Description:Manages local user identity keys used to authenticate user to identity providers as well as TPM virtual smart cards. If this service is disabled, local user identity keys and TPM virtual smart cards will not be accessible. It is recommended that you do not reconfigure this service.
Microsoft Software Shadow Copy Provider Service
Display Name: Microsoft Software Shadow Copy Provider Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:swprv
Description:Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
Microsoft Storage Spaces SMP (smphost) Service
Display Name: Microsoft Storage Spaces SMP (smphost) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:smphost
Description:Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed.
Net.Tcp Port Sharing Service
Display Name: Net.Tcp Port Sharing Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:NetTcpPortSharing
Description:Provides ability to share TCP ports over the net.tcp protocol.
Netlogon Service
Display Name: Netlogon Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:Netlogon
Description:Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start.
Network Access Protection Agent Service
Display Name: Network Access Protection Agent Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:NcbService
Description:Brokers connections that allow Windows Store Apps to receive notifications from the internet.
Network Connections Service
Display Name: Network Connections Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:Netman
Description:Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Network Connectivity Assistant (ncasvc) Service
Display Name: Network Connectivity Assistant (ncasvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:NcaSvc
Description:Provides DirectAccess status notification for UI components
Network List Service
Display Name: Network List Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:netprofm
Description:Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change.
Network Location Awareness Service
Display Name: Network Location Awareness Service
Hardened Start Mode: Auto, Hardened Expected State: Stopped, Running
Name:NlaSvc
Description:Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Network Setup (NetSetupSvc) Service
Display Name: Network Setup (NetSetupSvc) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:NetSetupSvc
Description:The Network Setup Service manages the installation of network drivers and permits the configuration of low-level network settings. If this service is stopped, any driver installations that are in-progress may be cancelled.
Network Store Interface Service
Display Name: Network Store Interface Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:nsi
Description:This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start.
Offline Files (CscService) Service
Display Name: Offline Files (CscService) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:CscService
Description:The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state.
Optimize Drives (defragsvc) Service
Display Name: Optimize Drives (defragsvc) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:defragsvc
Description:Helps the computer run more efficiently by optimizing files on storage drives.
Performance Counter DLL Host (PerfHost) Service
Display Name: Performance Counter DLL Host (PerfHost) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:PerfHost
Description:Enables remote users and 64-bit processes to query performance counters provided by 32-bit DLLs. If this service is stopped, only local users and 32-bit processes will be able to query performance counters provided by 32-bit DLLs.
Performance Logs and Alerts Service
Display Name: Performance Logs and Alerts Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:pla
Description:Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
Phone (PhoneSvc) Service
Display Name: Phone (PhoneSvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:PhoneSvc
Description:Manages the telephony state on the device
Plug and Play Service
Display Name: Plug and Play Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:PlugPlay
Description:Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Portable Device Enumerator (WPDBusEnum) Service
Display Name: Portable Device Enumerator (WPDBusEnum) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:WPDBusEnum
Description:Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices.
Power Service
Display Name: Power Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:Power
Description:Manages power policy and power policy notification delivery.
Print Spooler Service
Display Name: Print Spooler Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:Spooler
Description:This service spools print jobs and handles interaction with the printer. If you turn off this service, you won't be able to print or see your printers.
Printer Extensions and Notifications (PrintNotify) Service
Display Name: Printer Extensions and Notifications (PrintNotify) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:PrintNotify
Description:This service opens custom printer dialog boxes and handles notifications from a remote print server or a printer. If you turn off this service, you won't be able to see printer extensions or notifications.
Problem Reports and Solutions Control Panel Support Service
Display Name: Problem Reports and Solutions Control Panel Support Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:wercplsupport
Description:This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports and Solutions control panel.
Program Compatibility Assistant (PcaSvc) Service
Display Name: Program Compatibility Assistant (PcaSvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:PcaSvc
Description:This service provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detects known compatibility problems. If this service is stopped, PCA will not function properly.
Quality Windows Audio Video Experience (QWAVE) Service
Display Name: Quality Windows Audio Video Experience (QWAVE) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:QWAVE
Description:Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization.
Radio Management Service (RmSvc) Service
Display Name: Radio Management Service (RmSvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:RmSvc
Description:Radio Management and Airplane Mode Service
Remote Access Auto Connection Manager Service
Display Name: Remote Access Auto Connection Manager Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:RasAuto
Description:Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
Remote Access Connection Manager Service
Display Name: Remote Access Connection Manager Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:RasMan
Description:Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start.
Remote Desktop Configuration Service
Display Name: Remote Desktop Configuration Service
Hardened Start Mode: Manual, Hardened Expected State: Running
Name:SessionEnv
Description:Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates.
Remote Desktop Services Service
Display Name: Remote Desktop Services Service
Hardened Start Mode: Manual, Hardened Expected State: Running
Name:TermService
Description:Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item.
Remote Desktop Services UserMode Port Redirector
Display Name: Remote Desktop Services UserMode Port Redirector
Hardened Start Mode: Manual, Hardened Expected State: Running
Name:UmRdpService
Description:Allows the redirection of Printers/Drives/Ports for RDP connections
Remote Procedure Call (RPC) Service
Display Name: Remote Procedure Call (RPC) Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:RpcSs
Description:The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running.
Remote Procedure Call (RPC) Locator Service
Display Name: Remote Procedure Call (RPC) Locator Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:RpcLocator
Description:In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility.
Remote Registry Service
Display Name: Remote Registry Service
Hardened Start Mode: Auto, Hardened Expected State: Stopped/Running
Name:RemoteRegistry
Description:Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
Resultant Set of Policy Provider Service
Display Name: Resultant Set of Policy Provider Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:RSoPProv
Description:Provides a network service that processes requests to simulate application of Group Policy settings for a target user or computer in various situations and computes the Resultant Set of Policy settings.
Routing and Remote Access Service
Display Name: Routing and Remote Access Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:RemoteAccess
Description:Offers routing services to businesses in local area and wide area network environments.
RPC Endpoint Mapper Service
Display Name: RPC Endpoint Mapper Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:RpcEptMapper
Description:Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly.
S-V
Secondary Logon Service
Display Name: Secondary Logon Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:seclogon
Description:Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Secure Socket Tunneling Protocol Service
Display Name: Secure Socket Tunneling Protocol Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:SstpSvc
Description:Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers.
Security Accounts Manager Service
Display Name: Security Accounts Manager Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:SamSs
Description:The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled.
Sensor Data Service (SensorDataService) Service
Display Name: Sensor Data Service (SensorDataService) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:SensorDataService
Description:Delivers data from a variety of sensors
Sensor Monitoring Service (SensrSvc) Service
Display Name: Sensor Monitoring Service (SensrSvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:SensrSvc
Description:Monitors various sensors in order to expose data and adapt to system and user state. If this service is stopped or disabled, the display brightness will not adapt to lighting conditions. Stopping this service may affect other system functionality and features as well.
Sensor Service (SensorService) Service
Display Name: Sensor Service (SensorService) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:SensorService
Description:A service for sensors that manages different sensors' functionality. Manages Simple Device Orientation (SDO) and History for sensors. Loads the SDO sensor that reports device orientation changes. If this service is stopped or disabled, the SDO sensor will not be loaded and so auto-rotation will not occur. History collection from Sensors will also be stopped.
Server Service
Display Name: Server Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:LanmanServer
Description:Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Shell Hardware Detection Service
Display Name: Shell Hardware Detection Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:ShellHWDetection
Description:Provides notifications for AutoPlay hardware events.
Smart Card Service
Display Name: Smart Card Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:SCardSvr
Description:Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
Smart Card Device Enumeration (ScDeviceEnum) Service
Display Name: Smart Card Device Enumeration (ScDeviceEnum) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:ScDeviceEnum
Description:Creates software device nodes for all smart card readers accessible to a given session. If this service is disabled, WinRT APIs will not be able to enumerate smart card readers.
Smart Card Removal Policy (SCPolicySvc) Service
Display Name: Smart Card Removal Policy (SCPolicySvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:SCPolicySvc
Description:Allows the system to be configured to lock the user desktop upon smart card removal.
SNMP Trap Service
Display Name: SNMP Trap Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:SNMPTRAP
Description:Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start.
Software Protection Service
Display Name: Software Protection Service
Hardened Start Mode: Auto, Hardened Expected State: Stopped, Running
Name:sppsvc
Description:Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service.
Special Administration Console Helper Service
Display Name: Special Administration Console Helper Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:sacsvr
Description:Allows administrators to remotely access a command prompt using Emergency Management Services.
Spot Verifier Service
Display Name: Spot Verifier Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:svsvc
Description:Verifies potential file system corruptions.
SSDP Discovery Service
Display Name: SSDP Discovery Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:SSDPSRV
Description:Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start.
State Repository (StateRepository) Service
Display Name: State Repository (StateRepository) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:StateRepository
Description:Provides required infrastructure support for the application model.
Still Image Acquisition Events (WiaRpc) Service
Display Name: Still Image Acquisition Events (WiaRpc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:WiaRpc
Description:Launches applications associated with still image acquisition events.
Storage (StorSvc) Service
Display Name: Storage (StorSvc) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:StorSvc
Description:Provides enabling services for storage settings and external storage expansion
Storage Tiers Management Service
Display Name: Storage Tiers Management Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:TieringEngineService
Description:Optimizes the placement of data in storage tiers on all tiered storage spaces in the system.
Superfetch Service
Display Name: Superfetch Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:SysMain
Description:Maintains and improves system performance over time.
Sync Host (OneSyncSvc) Service
Display Name: Sync Host (OneSyncSvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:OneSyncSvc
Description:This service synchronizes mail, contacts, calendar and various other user data. Mail and other applications dependent on this functionality will not work properly when this service is not running.
System Event Notification Service
Display Name: System Event Notification Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:SENS
Description:Monitors system events and notifies subscribers to COM+ Event System of these events.
System Events Broker Service
Display Name: System Events Broker Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:SystemEventsBroker
Description:Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered.
Task Scheduler Service
Display Name: Task Scheduler Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:Schedule
Description:Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
TCP/IP NetBIOS Helper Service
Display Name: TCP/IP NetBIOS Helper Service
Hardened Start Mode: Manual, Hardened Expected State: Running
Name:lmhosts
Description:Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Telephony Service
Display Name: Telephony Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:TapiSrv
Description:Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service.
Themes Service
Display Name: Themes Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:Themes
Description:Provides user experience theme management.
Tile Data model server Service
Display Name: Tile Data model server Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:tiledatamodelsvc
Description:Tile Server for tile updates.
Time Broker (TimeBrokerSvc) Service
Display Name: Time Broker (TimeBrokerSvc) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:TimeBrokerSvc
Description:Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered.
Touch Keyboard and Handwriting Panel Service
Display Name: Touch Keyboard and Handwriting Panel Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:TabletInputService
Description:Enables Touch Keyboard and Handwriting Panel pen and ink functionality
Update Orchestrator Service for Windows Update (UsoSvc) Service
Display Name: Update Orchestrator Service for Windows Update (UsoSvc) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:UsoSvc
Description:Manages Windows Updates. If stopped, your devices will not be able to download and install latest updates.
UPnP Device Host Service
Display Name: UPnP Device Host Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:upnphost
Description:Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start.
User Access Logging Service
Display Name: User Access Logging Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:UALSVC
Description:This service logs unique client access requests, in the form of IP addresses and user names, of installed products and roles on the local server. This information can be queried, via Powershell, by administrators needing to quantify client demand of server software for offline Client Access License (CAL) management. If the service is disabled, client requests will not be logged and will not be retrievable via Powershell queries. Stopping the service will not affect query of historical data (see supporting documentation for steps to delete historical data). The local system administrator must consult his, or her, Windows Server license terms to determine the number of CALs that are required for the server software to be appropriately licensed; use of the UAL service and data does not alter this obligation.
User Data Access (UserDataSvc) Service
Display Name: User Data Access (UserDataSvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:UserDataSvc
Description:Provides apps access to structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly.
User Data Storage (UnistoreSvc) Service
Display Name: User Data Storage (UnistoreSvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:UnistoreSvc
Description:Handles storage of structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly.
User Experience Virtualization (UevAgentService) Service
Display Name: User Experience Virtualization (UevAgentService) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:UevAgentService
Description:Provides support for application and OS settings roaming
User Manager (UserManager) Service
Display Name: User Manager (UserManager) Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:UserManager
Description:User Manager provides the runtime components required for multi-user interaction. If this service is stopped, some applications may not operate correctly.
User Profile (ProfSvc) Service
Display Name: User Profile (ProfSvc) Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:ProfSvc
Description:This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully sign in or sign out, apps might have problems getting to users' data, and components registered to receive profile event notifications won't receive them.
Virtual Disk Service
Display Name: Virtual Disk Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:vds
Description:Provides management services for disks, volumes, file systems, and storage arrays.
Volume Shadow Copy Service
Display Name: Volume Shadow Copy Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:VSS
Description:Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
W-Z
WalletService (WalletService) Service
Display Name: WalletService (WalletService) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:WalletService
Description:Hosts objects used by clients of the wallet
Windows Audio Service
Display Name: Windows Audio Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:Audiosrv
Description:Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start
Windows Audio Endpoint Builder Service
Display Name: Windows Audio Endpoint Builder Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:AudioEndpointBuilder
Description:Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start
Windows Biometric Service
Display Name: Windows Biometric Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:WbioSrvc
Description:The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process.
Windows Connection Manager (wcmsvc) Service
Display Name: Windows Connection Manager (wcmsvc) Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:FrameServer
Description:Enables multiple clients to access video frames from camera devices.
Windows Camera Frame (FrameServer) Service
Display Name: Windows Camera Frame (FrameServer) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:Wcmsvc
Description:Makes automatic connect/disconnect decisions based on the network connectivity options currently available to the PC and enables management of network connectivity based on Group Policy settings.
Windows Defender Network Inspection (WdNisSvc) Service
Display Name: Windows Defender Network Inspection (WdNisSvc) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped/Running
Name:WdNisSvc
Description:Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols
Windows Defender (WinDefend) Service
Display Name: Windows Defender (WinDefend) Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:WinDefend
Description:Helps protect users from malware and other potentially unwanted software
Windows Driver Foundation - User-mode Driver Framework (wudfsvc) Service
Display Name: Windows Driver Foundation - User-mode Driver Framework (wudfsvc) Service
Hardened Start Mode: Manual, Hardened Expected State: Running/Stopped
Name:wudfsvc
Description:Creates and manages user-mode driver processes. This service cannot be stopped.
Windows Encryption Provider Host (WEPHOSTSVC) Service
Display Name: Windows Encryption Provider Host (WEPHOSTSVC) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:WEPHOSTSVC
Description:Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts
Windows Error Reporting (WerSvc) Service
Display Name: Windows Error Reporting (WerSvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:WerSvc
Description:Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed.
Windows Event Collector (Wecsvc) Service
Display Name: Windows Event Collector (Wecsvc) Service
Hardened Start Mode: Manual, Hardened Expected State: Running/Stopped
Name:Wecsvc
Description:This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted.
Windows Event Log (EventLog) Service
Display Name: Windows Event Log (EventLog) Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:EventLog
Description:This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system.
Windows Firewall (MpsSvc) Service
Display Name: Windows Firewall (MpsSvc) Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:MpsSvc
Description:Windows Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network.
Windows Font Cache (FontCache) Service
Display Name: Windows Font Cache (FontCache) Service
Hardened Start Mode: Auto, Hardened Expected State: Stopped, Running
Name:FontCache
Description:Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance.
Windows Image Acquisition (WIA) (stisvc) Service
Display Name: Windows Image Acquisition (WIA) (stisvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:stisvc
Description:Provides image acquisition services for scanners and cameras
Windows Insider (wisvc) Service
Display Name: Windows Insider (wisvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:wisvc
Description:wisvc
Windows Installer Service
Display Name: Windows Installer Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:msiserver
Description:Adds, modifies, and removes applications provided as a Windows Installer (*.msi, *.msp) package. If this service is disabled, any services that explicitly depend on it will fail to start.
Windows License Manager (LicenseManager) Service
Display Name: Windows License Manager (LicenseManager) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:LicenseManager
Description:Provides infrastructure support for the Windows Store. This service is started on demand and if disabled then content acquired through the Windows Store will not function properly.
Windows Management Instrumentation Service
Display Name: Windows Management Instrumentation Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:Winmgmt
Description:Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Windows Mobile Hotspot Service (icssvc) Service
Display Name: Windows Mobile Hotspot Service (icssvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:icssvc
Description:Provides the ability to share a cellular data connection with another device.
Windows Modules Installer Service
Display Name: Windows Modules Installer Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:TrustedInstaller
Description:Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer.
Windows Push Notifications System (WpnService) Service
Display Name: Windows Push Notifications System (WpnService) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:WpnService
Description:This service runs in session 0 and hosts the notification platform and connection provider which handles the connection between the device and WNS server.
Windows Push Notifications User (WpnUserService) Service
Display Name: Windows Push Notifications User (WpnUserService) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:WpnUserService
Description:This service hosts Windows notification platform which provides support for local and push notifications. Supported notifications are tile, toast and raw.
Windows Presentation Foundation Font Cache (FontCache3.0.0.0) Service
Display Name: Windows Presentation Foundation Font Cache (FontCache3.0.0.0) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:FontCache3.0.0.0
Description:The Windows Presentation Foundation Font Cache 3.0.0.0 service optimizes performance of the Windows Presentation Foundation (WPF) application by caching commonly used font data. WPF applications start this service if it is not already running. It can be disabled, but doing so degrades the performance of WPF applications.
Windows Remote Management (WS-Management) Service
Display Name: Windows Remote Management (WS-Management) Service
Hardened Start Mode: Auto, Hardened Expected State: Stopped, Running
Name:WinRM
Description:Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix.
Windows Search (WSearch) Service
Display Name: Windows Search (WSearch) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:WSearch
Description:Provides content indexing, property caching, and search results for files, e-mail, and other content.
Windows Time Service
Display Name: Windows Time Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:W32Time
Description:Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Windows Update Service
Display Name: Windows Update Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped/Running
Name:wuauserv
Description:Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API.
WinHTTP Web Proxy Auto-Discovery (WinHttpAutoProxySvc) Service
Display Name: WinHTTP Web Proxy Auto-Discovery (WinHttpAutoProxySvc) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped/Running
Name:WinHttpAutoProxySvc
Description:WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol.
Wired AutoConfig Service
Display Name: Wired AutoConfig Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:dot3svc
Description:The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service.
WMI Performance Adapter Service
Display Name: WMI Performance Adapter Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Name:wmiApSrv
Description:Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated.
Workstation Service
Display Name: Workstation Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:LanmanWorkstation
Description:Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Xbox Live Auth Manager (XblAuthManager) Service
Display Name: Xbox Live Auth Manager (XblAuthManager) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:XblAuthManager
Description:Provides authentication and authorization services for interacting with Xbox Live. If this service is stopped, some applications may not operate correctly.
Xbox Live Game Save (XblGameSave) Service
Display Name: Xbox Live Game Save (XblGameSave) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:XblGameSave
Description:This service syncs save data for Xbox Live save enabled games. If this service is stopped, game save data will not upload to or download from Xbox Live.
OPTIONAL
Optional Services List: NNT ChangeTracker Gen7 Agent (Gen7Agent)
Display Name: Optional Services List: NNT ChangeTracker Gen7 Agent (Gen7Agent)
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:Gen7Agent
Description:NNT ChangeTracker Gen7 Agent (Gen7AgentService) collects system configuration change information on behalf of NNT Change Tracker.
Optional Services List: NNT Change Tracker Gen 7 MongoDB Service
Display Name: Optional Services List: NNT Change Tracker Gen 7 MongoDB Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:MongoDB
Description:MongoDB is the database for today's applications: innovative, fast time-to-market, globally scalable, reliable, and inexpensive to operate. With MongoDB, you can build applications that were never possible with traditional relational databases.
Optional Services List: NNT Change Tracker Gen 7 Redis Service
Display Name: Optional Services List: NNT Change Tracker Gen 7 Redis Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:Redis
Description:Redis is a high-performance, in-memory data structure store, used as database, cache and message broker used by the NNT Change Tracker Hub to handle high-volume event loads.
Optional Services List: ASP.NET State Service (aspnet_state) Service
Display Name: Optional Services List: ASP.NET State Service (aspnet_state) Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Name:aspnet_state
Description:Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
Optional Services List: World Wide Web Publishing Service
Display Name: Optional Services List: World Wide Web Publishing Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:W3SVC
Description:The World Wide Web Publishing Service (W3SVC) provides Web connectivity and administration of Web sites through the IIS snap-in. The service provides HTTP services for applications on the Windows operating system and contains a process manager and a configuration manager.
Optional Services List: W3C Logging Service
Display Name: Optional Services List: W3C Logging Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Name:w3logsvc
Description:W3C extended logging is type of server side logging that can be enabled on the server session or URL group. When W3C logging is enabled on a URL group, logging is performed only on requests that are routed to the URL Group. A separate log file is created for each URL group configured to enable W3C logging.
Server 2012R2 Hardened Services List
Download The Complete Hardened Services Guide
A-D
App Readiness Service
Display Name: App Readiness Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: The App Readiness Service gets apps ready for use the first time a user signs in to this PC and when adding new apps.
Application Experience Service
Display Name: Application Experience Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Application Experience service processes application compatibility cache requests for applications as they are launched.
Application Host Helper Service
Display Name: Application Host Helper Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: Handles administrative tasks for Internet Information Services (IIS), Microsoft's web server. This process can be safely disabled if you do not use IIS. It may also be safe to disable if you do not need to control access to dynamic application pools.
Application Identity Service
Display Name: Application Identity Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: This service determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced. This service is configured by default for a manual start. When started, by default it logs on using the local service account.
Application Information Service
Display Name: Application Information Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks.
Application Layer Gateway Service
Display Name: Application Layer Gateway Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Application Layer Gateway Service service provides support for 3rd party protocol plug-ins for Internet Connection Sharing.
Application Management Service
Display Name: Application Management Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Application Management service processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start.
AppX Deployment Service (AppXSVC) Service
Display Name: AppX Deployment Service (AppXSVC) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: The AppX Deployment Service provides infrastructure support for deploying Store applications. The AppX Deployment Service service is started on demand and if disabled Store applications will not be deployed to the system, and may not function properly.
ASP.NET State Service (aspnet_state) Service
Display Name: ASP.NET State Service (aspnet_state) Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
Background Intelligent Transfer Service
Display Name: Background Intelligent Transfer Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The Background Intelligent Transfer Service service transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information.
Background Tasks Infrastructure (BrokerInfrastructure) Service
Display Name: Background Tasks Infrastructure (BrokerInfrastructure) Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The Background Tasks Infrastructure service is a Windows infrastructure service that controls which background tasks can run on the system.
Base Filtering Engine Service
Display Name: Base Filtering Engine Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The Base Filtering Engine service the Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.
Certificate Propagation Service
Display Name: Certificate Propagation Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The Certificate Propagation service copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver.
CNG Key Isolation Service
Display Name: CNG Key Isolation Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: The CNG Key Isolation service the CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements.
COM+ Event System Service
Display Name: COM+ Event System Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The COM+ Event System service supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
COM+ System Application Service
Display Name: COM+ System Application Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The COM+ System Application service manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Computer Browser Service
Display Name: Computer Browser Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Computer Browser service maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Credential Manager Service
Display Name: Credential Manager Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: The Credential Manager service provides secure storage and retrieval of credentials to users, applications and security service packages.
Cryptographic Services Service
Display Name: Cryptographic Services Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The Cryptographic Services service provides four management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
DCOM Server Process Launcher Service
Display Name: DCOM Server Process Launcher Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The DCOM Server Process Launcher service the DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running.
Device Association (deviceassociationservice) Service
Display Name: Device Association (deviceassociationservice) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: The Device Association service enables pairing between the system and wired or wireless devices.
Device Install (deviceinstall) Service
Display Name: Device Install (deviceinstall) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: The Device Install service enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Device Setup (dsmsvc) Service
Display Name: Device Setup (dsmsvc) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: The Device Setup service enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly.
DHCP Client Service
Display Name: DHCP Client Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The DHCP Client service registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start.
Diagnostic Policy Service
Display Name: Diagnostic Policy Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Diagnostic Policy Service service the Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function.
Diagnostic Service Host Service
Display Name: Diagnostic Service Host Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Diagnostic Service Host service the Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function.
Diagnostic System Host Service
Display Name: Diagnostic System Host Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Diagnostic System Host service the Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function.
Distributed Link Tracking Client Service
Display Name: Distributed Link Tracking Client Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Distributed Link Tracking Client service maintains links between NTFS files within a computer or across computers in a network.
Distributed Transaction Coordinator Service
Display Name: Distributed Transaction Coordinator Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Distributed Transaction Coordinator service coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start.
DNS Client Service
Display Name: DNS Client Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The DNS Client service the DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start.
The Enhanced Mitigation Experience Toolkit (EMET) Service
Display Name: The Enhanced Mitigation Experience Toolkit (EMET) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: The Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited. EMET achieves this goal by using security mitigation technologies. These technologies function as special protections and obstacles that an exploit author must defeat to exploit software vulnerabilities. These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited. However, they work to make exploitation as difficult as possible to perform. EMET also provides a configurable SSL/TLS certificate pinning feature that is called Certificate Trust. This feature is intended to detect (and stop, with EMET 5.0) man-in-the-middle attacks that are leveraging the public key infrastructure (PKI).
Encrypting File System (EFS) Service
Display Name: Encrypting File System (EFS) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: Encrypting File System (EFS) is a feature of Windows that you can use to store information on your hard disk in an encrypted format. Encryption is the strongest protection that Windows provides to help you keep your information secure.
Extensible Authentication Protocol Service
Display Name: Extensible Authentication Protocol Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Extensible Authentication Protocol service the Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication.
E-K
Function Discovery Provider Host Service
Display Name: Function Discovery Provider Host Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Function Discovery Provider Host service the FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services – Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources.
Function Discovery Resource Publication Service
Display Name: Function Discovery Resource Publication Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Function Discovery Resource Publication service publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network.
Group Policy Client Service
Display Name: Group Policy Client Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The Group Policy Client service the service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is stopped or disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is stopped or disabled.
Health Key and Certificate Management Service
Display Name: Health Key and Certificate Management Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Health Key and Certificate Management service provides X.509 certificate and key management services for the Network Access Protection Agent (NAPAgent). Enforcement technologies that use X.509 certificates may not function properly without this service.
Human Interface Device Access Service
Display Name: Human Interface Device Access Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Human Interface Device Access service enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Hyper-V Data Exchange Service (vmickvpexchange) Service
Display Name: Hyper-V Data Exchange Service (vmickvpexchange) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: Provides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer.
Hyper-V Guest Service Interface (vmicguestinterface) Service
Display Name: Hyper-V Guest Service Interface (vmicguestinterface) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine.
Hyper-V Guest Shutdown Service (vmicshutdown) Service
Display Name: Hyper-V Guest Shutdown Service (vmicshutdown) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: Provides a mechanism to shut down the operating system of this virtual machine from the management interfaces on the physical computer.
Hyper-V Heartbeat Service (vmicheartbeat) Service
Display Name: Hyper-V Heartbeat Service (vmicheartbeat) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: Monitors the state of this virtual machine by reporting a heartbeat at regular intervals. This service helps you identify running virtual machines that have stopped responding.
Hyper-V Remote Desktop Virtualization Service (vmicrdv) Service
Display Name: Hyper-V Remote Desktop Virtualization Service (vmicrdv) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: Provides a platform for communication between the virtual machine and the operating system running on the physical computer.
Hyper-V Time Synchronization Service (vmictimesync) Service
Display Name: Hyper-V Time Synchronization Service (vmictimesync) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: Synchronizes the system time of this virtual machine with the system time of the physical computer.
Hyper-V Volume Shadow Copy Requestor (vmicvss) Service
Display Name: Hyper-V Volume Shadow Copy Requestor (vmicvss) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: Coordinates the communications that are required to use Volume Shadow Copy Service to back up applications and data on this virtual machine from the operating system on the physical computer.
IKE and AuthIP IPsec Keying Modules Service
Display Name: IKE and AuthIP IPsec Keying Modules Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: The IKE and AuthIP IPsec Keying Modules service the IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running.
Interactive Services Detection Service
Display Name: Interactive Services Detection Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Interactive Services Detection service enables user notification of user input for interactive services, which enables access to dialogs created by interactive services when they appear. If this service is stopped, notifications of new interactive service dialogs will no longer function and there might not be access to interactive service dialogs. If this service is disabled, both notifications of and access to new interactive service dialogs will no longer function.
Internet Connection Sharing (ICS) Service
Display Name: Internet Connection Sharing (ICS) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Internet Connection Sharing (ICS) service provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Internet Explorer ETW Collector Service
Display Name: Internet Explorer ETW Collector Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: ETW Collector Service for Internet Explorer. When running, this service collects real time ETW events and processes them.
IP Helper Service
Display Name: IP Helper Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The IP Helper service provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer.
IPsec Policy Agent Service
Display Name: IPsec Policy Agent Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The IPsec Policy Agent service internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool "netsh ipsec". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Firewall is not available when this service is stopped.
KDC Proxy Server service (kpssvc) Service
Display Name: KDC Proxy Server service (kpssvc) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: The KDC Proxy Server service runs on edge servers to proxy Kerberos protocol messages to domain
KtmRm for Distributed Transaction Coordinator Service
Display Name: KtmRm for Distributed Transaction Coordinator Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The KtmRm for Distributed Transaction Coordinator service coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start.
L-R
Link-Layer Topology Discovery Mapper Service
Display Name: Link-Layer Topology Discovery Mapper Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Link-Layer Topology Discovery Mapper service creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly.
Microsoft iSCSI Initiator Service
Display Name: Microsoft iSCSI Initiator Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped
Description: The Microsoft iSCSI Initiator Service service manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start.
Microsoft Software Shadow Copy Provider Service
Display Name: Microsoft Software Shadow Copy Provider Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: The Microsoft Software Shadow Copy Provider service manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
Microsoft Storage Spaces SMP (smphost) Service
Display Name: Microsoft Storage Spaces SMP (smphost) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed.
Multimedia Class Scheduler Service
Display Name: Multimedia Class Scheduler Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Multimedia Class Scheduler service enables relative prioritization of work based on system-wide task priorities. This is intended mainly for multimedia applications. If this service is stopped, individual tasks resort to their default priority.
Net.Tcp Port Sharing Service
Display Name: Net.Tcp Port Sharing Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Net.Tcp Port Sharing Service (NetTcpPortSharing) provides the ability for multiple user processes to share TCP ports over the net.tcp protocol. This service allows a net.tcp port to be shared and secured in a similar fashion as port 80 is for HTTP traffic.
Netlogon Service
Display Name: Netlogon Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Netlogon service maintains an encrypted channel between your computer and the domain controller that it uses to authenticate users and services.
Network Access Protection Agent Service
Display Name: Network Access Protection Agent Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Network Access Protection Agent service the Network Access Protection (NAP) agent service collects and manages health information for client computers on a network. Information collected by NAP agent is used to make sure that the client computer has the required software and settings. If a client computer is not compliant with health policy, it can be provided with restricted network access until its configuration is updated. Depending on the configuration of health policy, client computers might be automatically updated so that users quickly regain full network access without having to manually update their computer.
Network Connections Service
Display Name: Network Connections Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: The Network Connections service manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Network Connectivity Assistant (ncasvc) Service
Display Name: Network Connectivity Assistant (ncasvc) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped, Running
Description: Provides DirectAccess status notification for UI components.
Network List Service
Display Name: Network List Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The Network List Service service identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change.
Network Location Awareness Service
Display Name: Network Location Awareness Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The Network Location Awareness service collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Network Store Interface Service
Display Name: Network Store Interface Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The Network Store Interface Service service this service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start.
Optimize Drives (defragsvc) Service
Display Name: Optimize Drives (defragsvc) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: The Offline Files (CscService) service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches events to accounts or logs configured for receiving events related to Offline Files activities and changes in cache state.
Performance Counter DLL Host (perfhost) Service
Display Name: Performance Counter DLL Host (perfhost) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: The Performance Logs and Alerts (pla) service collects performance data from local or remote computers based on preconfigured schedule parameters, and then writes the data to a log or triggers an alert.
Performance Logs and Alerts Service
Display Name: Performance Logs and Alerts Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: The Performance Logs and Alerts (pla) service collects performance data from local or remote computers based on preconfigured schedule parameters, and then writes the data to a log or triggers an alert.
Plug and Play Service
Display Name: Plug and Play Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: The Plug and Play service enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Portable Device Enumerator Service
Display Name: Portable Device Enumerator Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Portable Device Enumerator Service service enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices.
Power Service
Display Name: Power Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The Power service manages power policy and power policy notification delivery.
Print Spooler Service
Display Name: Print Spooler Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Print Spooler service loads files to memory for later printing.
Printer Extensions and Notifications Service
Display Name: Printer Extensions and Notifications Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: This service opens custom printer dialog boxes and handles notifications from a remote print server or a printer. If you turn off this service, you won't be able to see printer extensions or notifications.
Problem Reports and Solutions Control Panel Support Service
Display Name: Problem Reports and Solutions Control Panel Support Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Problem Reports and Solutions Control Panel Support service this service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports and Solutions control panel.
Remote Access Auto Connection Manager Service
Display Name: Remote Access Auto Connection Manager Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Remote Access Auto Connection Manager service creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
Remote Access Connection Manager Service
Display Name: Remote Access Connection Manager Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Remote Access Connection Manager service manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start.
Remote Desktop Configuration Service
Display Name: Remote Desktop Configuration Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Remote Desktop Configuration service remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates.
Remote Desktop Services Service
Display Name: Remote Desktop Services Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Remote Desktop Services service allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item.
Remote Desktop Services UserMode Port Redirector
Display Name: Remote Desktop Services UserMode Port Redirector
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Remote Desktop Services UserMode Port Redirector (UmRdpService) service allows the redirection of printers, drives, and ports for remote desktop sessions.
Remote Procedure Call (RPC) Service
Display Name: Remote Procedure Call (RPC) Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The Remote Procedure Call (RPC) service the RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running.
Remote Procedure Call (RPC) Locator Service
Display Name: Remote Procedure Call (RPC) Locator Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Remote Procedure Call (RPC) Locator service in Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility.
Remote Registry Service
Display Name: Remote Registry Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The Remote Registry service enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
Resultant Set of Policy Provider Service
Display Name: Resultant Set of Policy Provider Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Resultant Set of Policy Provider service provides a network service that processes requests to simulate application of Group Policy settings for a target user or computer in various situations and computes the Resultant Set of Policy settings.
Routing and Remote Access Service
Display Name: Routing and Remote Access Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Routing and Remote Access service offers routing services to businesses in local area and wide area network environments.
RPC Endpoint Mapper Service
Display Name: RPC Endpoint Mapper Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The RPC Endpoint Mapper service resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly.
S-V
Secondary Logon Service
Display Name: Secondary Logon Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Secondary Logon service enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Secure Socket Tunneling Protocol Service
Display Name: Secure Socket Tunneling Protocol Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Secure Socket Tunneling Protocol Service service provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers.
Security Accounts Manager Service
Display Name: Security Accounts Manager Service
Hardened Start Mode: Auto, Hardened Expected State: Stopped
Description: The Security Accounts Manager (SamSs) service is a protected subsystem that manages user and group account information.
Server Service
Display Name: Server Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Server service supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Shell Hardware Detection Service
Display Name: Shell Hardware Detection Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The Shell Hardware Detection service provides notifications for AutoPlay hardware events.
Smart Card Service
Display Name: Smart Card Service
Hardened Start Mode: Auto, Hardened Expected State: Stopped, Running
Description: The Smart Card service manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
Smart Card Device Enumeration Service
Display Name: Smart Card Device Enumeration Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: Creates software device nodes for all smart card readers accessible to a given session. If this service is disabled, WinRT APIs will not be able to enumerate smart card readers.
Smart Card Removal Policy Service
Display Name: Smart Card Removal Policy Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: The Smart Card Removal Policy service allows the system to be configured to lock the user desktop upon smart card removal.
SNMP Trap Service
Display Name: SNMP Trap Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The SNMP Trap service receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start.
Software Protection Service
Display Name: Software Protection Service
Hardened Start Mode: Auto, Hardened Expected State: Stopped, Running
Description: The Software Protection service enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service.
Special Administration Console Helper Service
Display Name: Special Administration Console Helper Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Special Administration Console Helper service allows administrators to remotely access a command prompt using Emergency Management Services.
Spot Verifier Service
Display Name: Spot Verifier Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: Verifies potential file system corruptions.
SSDP Discovery Service
Display Name: SSDP Discovery Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The SSDP Discovery service discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start.
Storage Tiers Management Service
Display Name: Storage Tiers Management Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: The Storage Tiers Management (TieringEngineService) service Optimizes the placement of data in storage tiers on all tiered storage spaces in the system.
Superfetch Service
Display Name: Superfetch Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Superfetch (Sysmain) service maintains and improves system performance over time. Superfetch is part of a collection of performance-enhancing features that address responsiveness issues related to demand paging. We do not recommend the use of Superfetch on servers unless the server is being used as a workstation.
System Event Notification Service
Display Name: System Event Notification Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The System Event Notification Service service monitors system events and notifies subscribers to COM+ Event System of these events.
System Events Broker Service
Display Name: System Events Broker Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The Storage Tiers Management (systemeventsbroker) service coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered.
Task Scheduler Service
Display Name: Task Scheduler Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The Task Scheduler service enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
TCP/IP NetBIOS Helper Service
Display Name: TCP/IP NetBIOS Helper Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The TCP/IP NetBIOS Helper service provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Telephony Service
Display Name: Telephony Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Telephony service provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service.
Themes Service
Display Name: Themes Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Themes service provides user experience theme-management services. A desktop theme is a predefined set of icons, fonts, colors, sounds, and other elements that give the computer desktop a unified and distinctive look.
Thread Ordering Server Service
Display Name: Thread Ordering Server Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Thread Ordering Server service provides ordered execution for a group of threads within a specific period of time.
UPnP Device Host Service
Display Name: UPnP Device Host Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The UPnP Device Host service allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start.
User Access Logging Service
Display Name: User Access Logging Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The User Access Logging Service (ualsvc) This service logs unique client access requests, in the form of IP addresses and user names, of installed products and roles on the local server. This information can be queried, via Powershell, by administrators needing to quantify client demand of server software for offline Client Access License (CAL) management. If the service is disabled, client requests will not be logged and will not be retrievable via Powershell queries. Stopping the service will not affect query of historical data (see supporting documentation for steps to delete historical data). The local system administrator must consult his, or her, Windows Server license terms to determine the number of CALs that are required for the server software to be appropriately licensed; use of the UAL service and data does not alter this obligation.
User Profile Service
Display Name: User Profile Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The User Profile Service service this service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully logon or logoff, applications may have problems getting to users' data, and components registered to receive profile event notifications will not receive them.
Virtual Disk Service
Display Name: Virtual Disk Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: The Virtual Disk service provides management services for disks, volumes, file systems, and storage arrays.
Volume Shadow Copy Service
Display Name: Volume Shadow Copy Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: The Volume Shadow Copy service manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
W-Z
Windows Audio Service
Display Name: Windows Audio Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Windows Audio service manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Windows Audio Endpoint Builder Service
Display Name: Windows Audio Endpoint Builder Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Windows Audio Endpoint Builder service manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Windows Color System Service
Display Name: Windows Color System Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Windows Color System service the WcsPlugInService service hosts third-party Windows Color System color device model and gamut map model plug-in modules. These plug-in modules are vendor-specific extensions to the Windows Color System baseline color device and gamut map models. Stopping or disabling the WcsPlugInService service will disable this extensibility feature, and the Windows Color System will use its baseline model processing rather than the vendor's desired processing. This might result in inaccurate color rendering.
Windows Connection Manager (wcmsvc) Service
Display Name: Windows Connection Manager (wcmsvc) Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: Windows Connection Manager (wcmsvc) Service makes automatic connect/disconnect decisions based on the network connectivity options currently available to the PC and enables management of network connectivity based on Group Policy settings.
Windows Driver Foundation - User-mode Driver Framework Service
Display Name: Windows Driver Foundation - User-mode Driver Framework Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Windows Driver Foundation - User-mode Driver Framework service manages user-mode driver host processes.
Windows Encryption Provider Host Service
Display Name: Windows Encryption Provider Host Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts
Windows Error Reporting Service
Display Name: Windows Error Reporting Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Windows Error Reporting Service service allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed.
Windows Event Collector Service
Display Name: Windows Event Collector Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Windows Event Collector service this service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted.
Windows Event Log Service
Display Name: Windows Event Log Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The Windows Event Log service this service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system.
Windows Firewall Service
Display Name: Windows Firewall Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The Windows Firewall service windows Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network.
Windows Font Cache (fontcache) Service
Display Name: Windows Font Cache (fontcache) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: The Windows Font Cache Service service optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance.
Windows Installer Service
Display Name: Windows Installer Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: The Windows Installer service adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
Windows Management Instrumentation Service
Display Name: Windows Management Instrumentation Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The Windows Management Instrumentation service provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Windows Modules Installer Service
Display Name: Windows Modules Installer Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: The Windows Modules Installer service enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer.
Windows Presentation Foundation Font Cache (fontcache3.0.0.0) Service
Display Name: Windows Presentation Foundation Font Cache (fontcache3.0.0.0) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: The Windows Font Cache Service service optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance.
Windows Process Activation Service Service
Display Name: Windows Process Activation Service Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The Windows Process Activation Service (WAS) manages the activation and lifetime of the worker processes that contain applications that host Windows Communication Foundation (WCF) services. The WAS process model generalizes the IIS process model for the HTTP server by removing the dependency on HTTP. This allows WCF services to use both HTTP and non-HTTP protocols, such as Net.TCP, in a hosting environment that supports message-based activation and offers the ability to host a large number of applications on a computer.
Windows Remote Management (WS-Management) Service
Display Name: Windows Remote Management (WS-Management) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Windows Remote Management (WS-Management) service windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix.
Windows Store Service (WSService)
Display Name: Windows Store Service (WSService)
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: Provides infrastructure support for Windows Store.This service is started on demand and if disabled applications bought using Windows Store will not behave correctly.
Windows Time Service
Display Name: Windows Time Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The Windows Time service maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Windows Update Service
Display Name: Windows Update Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The Windows Update service enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API.
WinHTTP Web Proxy Auto-Discovery Service
Display Name: WinHTTP Web Proxy Auto-Discovery Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The WinHTTP Web Proxy Auto-Discovery Service service winHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol.
Wired AutoConfig Service
Display Name: Wired AutoConfig Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Wired AutoConfig service the Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service.
WMI Performance Adapter Service
Display Name: WMI Performance Adapter Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: The WMI Performance Adapter service provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated.
Workstation Service
Display Name: Workstation Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The Workstation service creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Optional Services List: NNT ChangeTracker Gen7 Agent (Gen7Agent)
Display Name: Optional Services List: NNT ChangeTracker Gen7 Agent (Gen7Agent)
(Hardened Start Mode: Auto, Hardened Expected State: Running)
Description: NNT ChangeTracker Gen7 Agent (Gen7AgentService) collects system configuration change information on behalf of NNT Change Tracker.
Optional Services List: NNT Change Tracker Gen 7 MongoDB Service
Display Name: Optional Services List: NNT Change Tracker Gen 7 MongoDB Service
(Hardened Start Mode: Auto, Hardened Expected State: Running)
Description: MongoDB is the database for today's applications: innovative, fast time-to-market, globally scalable, reliable, and inexpensive to operate. With MongoDB, you can build applications that were never possible with traditional relational databases.
Optional Services List: NNT Change Tracker Gen 7 Redis Service
Display Name: Optional Services List: NNT Change Tracker Gen 7 Redis Service
(Hardened Start Mode: Disabled, Hardened Expected State: Stopped)
Description: Redis is a high-performance, in-memory data structure store, used as database, cache and message broker used by the NNT Change Tracker Hub to handle high-volume event loads.
Optional Services List: ASP.NET State Service (aspnet_state) Service
Display Name: Optional Services List: ASP.NET State Service (aspnet_state) Service
(Hardened Start Mode: Auto, Hardened Expected State: Running)
Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
Optional Services List: World Wide Web Publishing Service
Display Name: Optional Services List: World Wide Web Publishing Service
(Hardened Start Mode: Disabled, Hardened Expected State: Stopped)
Description: The World Wide Web Publishing Service (W3SVC) provides Web connectivity and administration of Web sites through the IIS snap-in. The service provides HTTP services for applications on the Windows operating system and contains a process manager and a configuration manager.
Optional Services List: W3C Logging Service
Display Name: Optional Services List: W3C Logging Service
(Hardened Start Mode: Disabled, Hardened Expected State: Stopped)
Description: W3C extended logging is type of server side logging that can be enabled on the server session or URL group. When W3C logging is enabled on a URL group, logging is performed only on requests that are routed to the URL Group. A separate log file is created for each URL group configured to enable W3C logging.
Server 2008R2 Hardened Services List
Download The Complete Hardened Services Guide
A-D
Application Experience Service
Display Name: Application Experience Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Application Experience service processes application compatibility cache requests for applications as they are launched.
Application Host Helper Service
Display Name: Application Host Helper Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: Handles administrative tasks for Internet Information Services (IIS), Microsoft's web server. This process can be safely disabled if you do not use IIS. It may also be safe to disable if you do not need to control access to dynamic application pools.
Application Identity Service
Display Name: Application Identity Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: This service determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced. This service is configured by default for a manual start. When started, by default it logs on using the local service account.
Application Information Service
Display Name: Application Information Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks.
Application Layer Gateway Service
Display Name: Application Layer Gateway Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Application Layer Gateway Service service provides support for 3rd party protocol plug-ins for Internet Connection Sharing.
Application Management Service
Display Name: Application Management Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Application Management service processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start.
Background Intelligent Transfer Service
Display Name: Background Intelligent Transfer Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The Background Intelligent Transfer Service service transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information.
Base Filtering Engine Service
Display Name: Base Filtering Engine Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The Base Filtering Engine service the Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.
Certificate Propagation Service
Display Name: Certificate Propagation Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The Certificate Propagation service copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver.
CNG Key Isolation Service
Display Name: CNG Key Isolation Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: The CNG Key Isolation service the CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements.
COM+ Event System Service
Display Name: COM+ Event System Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The COM+ Event System service supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
COM+ System Application Service
Display Name: COM+ System Application Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The COM+ System Application service manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Computer Browser Service
Display Name: Computer Browser Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Computer Browser service maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Credential Manager Service
Display Name: Credential Manager Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: The Credential Manager service provides secure storage and retrieval of credentials to users, applications and security service packages.
Cryptographic Services Service
Display Name: Cryptographic Services Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The Cryptographic Services service provides four management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
DCOM Server Process Launcher Service
Display Name: DCOM Server Process Launcher Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The DCOM Server Process Launcher service the DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running.
Desktop Window Manager Session Manager Service
Display Name: Desktop Window Manager Session Manager Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Desktop Window Manager Session Manager service provides Desktop Window Manager startup and maintenance services. The service supports the Themes service and checks that applications are compatible with the Windows Aero user experience in Windows Vista. If an application is not compatible with Aero, this service causes it revert to a classic Windows theme that it supports. If your computer does not support Aero graphics, you may see improved performance by disabling this service.
Diagnostic Policy Service
Display Name: Diagnostic Policy Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Diagnostic Policy Service service the Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function.
Diagnostic Service Host Service
Display Name: Diagnostic Service Host Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Diagnostic Service Host service the Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function.
Diagnostic System Host Service
Display Name: Diagnostic System Host Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Diagnostic System Host service the Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function.
Distributed Link Tracking Client Service
Display Name: Distributed Link Tracking Client Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Distributed Link Tracking Client service maintains links between NTFS files within a computer or across computers in a network.
Distributed Transaction Coordinator Service
Display Name: Distributed Transaction Coordinator Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Distributed Transaction Coordinator service coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start.
DHCP Client Service
Display Name: DHCP Client Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The DHCP Client service registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start.
DNS Client Service
Display Name: DNS Client Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The DNS Client service the DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start.
E-K
Encrypting File System (EFS) Service
Display Name: Encrypting File System (EFS) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: Encrypting File System (EFS) is a feature of Windows that you can use to store information on your hard disk in an encrypted format. Encryption is the strongest protection that Windows provides to help you keep your information secure.
Extensible Authentication Protocol Service
Display Name: Extensible Authentication Protocol Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Extensible Authentication Protocol service the Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication.
Function Discovery Provider Host Service
Display Name: Function Discovery Provider Host Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Function Discovery Provider Host service the FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services – Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources.
Function Discovery Resource Publication Service
Display Name: Function Discovery Resource Publication Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Function Discovery Resource Publication service publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network.
Group Policy Client Service
Display Name: Group Policy Client Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The Group Policy Client service the service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is stopped or disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is stopped or disabled.
Health Key and Certificate Management Service
Display Name: Health Key and Certificate Management Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Health Key and Certificate Management service provides X.509 certificate and key management services for the Network Access Protection Agent (NAPAgent). Enforcement technologies that use X.509 certificates may not function properly without this service.
Human Interface Device Access Service
Display Name: Human Interface Device Access Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Human Interface Device Access service enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
IKE and AuthIP IPsec Keying Modules Service
Display Name: IKE and AuthIP IPsec Keying Modules Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: The IKE and AuthIP IPsec Keying Modules service the IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running.
Interactive Services Detection Service
Display Name: Interactive Services Detection Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Interactive Services Detection service enables user notification of user input for interactive services, which enables access to dialogs created by interactive services when they appear. If this service is stopped, notifications of new interactive service dialogs will no longer function and there might not be access to interactive service dialogs. If this service is disabled, both notifications of and access to new interactive service dialogs will no longer function.
Internet Connection Sharing (ICS) Service
Display Name: Internet Connection Sharing (ICS) Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Internet Connection Sharing (ICS) service provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Internet Explorer ETW Collector Service
Display Name: Internet Explorer ETW Collector Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: ETW Collector Service for Internet Explorer. When running, this service collects real time ETW events and processes them.
IP Helper Service
Display Name: IP Helper Service
Hardened Start Mode: Auto, Hardened Expected State: Running
Description: The IP Helper service provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer.
IPsec Policy Agent Service
Display Name: IPsec Policy Agent Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The IPsec Policy Agent service internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool "netsh ipsec". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Firewall is not available when this service is stopped.
KDC Proxy Server service (kpssvc) Service
Display Name: KDC Proxy Server service (kpssvc) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: The KDC Proxy Server service runs on edge servers to proxy Kerberos protocol messages to domain
KtmRm for Distributed Transaction Coordinator Service
Display Name: KtmRm for Distributed Transaction Coordinator Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The KtmRm for Distributed Transaction Coordinator service coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start.
L-R
Link-Layer Topology Discovery Mapper Service
Display Name: Link-Layer Topology Discovery Mapper Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Link-Layer Topology Discovery Mapper service creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly.
Microsoft Fibre Channel Platform Registration Service
Display Name: Microsoft Fibre Channel Platform Registration Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: The Microsoft Fibre Channel Platform Registration Service registers the platform with all available Fibre Channel fabrics and maintains the registrations. A fabric is a network topology where devices are connected to each other through one or more high-efficiency data paths. This service is used in support of storage area networks. This service is installed by default on Windows Server 2008, and the service startup type is Manual.
Microsoft iSCSI Initiator Service
Display Name: Microsoft iSCSI Initiator Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped
Description: The Microsoft iSCSI Initiator Service service manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start.
Microsoft Software Shadow Copy Provider Service
Display Name: Microsoft Software Shadow Copy Provider Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: The Microsoft Software Shadow Copy Provider service manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
Microsoft Storage Spaces SMP (smphost) Service
Display Name: Microsoft Storage Spaces SMP (smphost) Service
Hardened Start Mode: Manual, Hardened Expected State: Stopped, Running
Description: Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed.
Multimedia Class Scheduler Service
Display Name: Multimedia Class Scheduler Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Multimedia Class Scheduler service enables relative prioritization of work based on system-wide task priorities. This is intended mainly for multimedia applications. If this service is stopped, individual tasks resort to their default priority.
Net.Tcp Port Sharing Service
Display Name: Net.Tcp Port Sharing Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Net.Tcp Port Sharing Service (NetTcpPortSharing) provides the ability for multiple user processes to share TCP ports over the net.tcp protocol. This service allows a net.tcp port to be shared and secured in a similar fashion as port 80 is for HTTP traffic.
Netlogon Service
Display Name: Netlogon Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Netlogon service maintains an encrypted channel between your computer and the domain controller that it uses to authenticate users and services.
Network Access Protection Agent Service
Display Name: Network Access Protection Agent Service
Hardened Start Mode: Disabled, Hardened Expected State: Stopped
Description: The Network Access Protection Agent service the Network Access Protection (NAP) agent service collects and manages health information for client computers on a network. Information collected by NAP agent is used to make sure that the client computer has the required software and settings. If a client computer is not compliant with health policy, it can be provided with restricted network access until its configuration is updated. Depending on the configurat