How To: Determine what Services are running in Windows XP

When you bring up the Task Manager you'll see an entry for Services and the amount of memory consumed. However this one listing is actually all the Services combined into a single entry. As you can see I have them trimmed down to only the Services needed for this machine. To view the complete list: From a command prompt: Start | Run (type) cmd (click Ok) (type) tasklist /svc (press Enter)(XP Pro only) You will see all the Services running in process. To save the onscreen info: Right-click and select: Select All Right-click again and select: Mark Open Notepad and Paste the info File - Save As: tasklist.txt or (type) "tasklist /svc >tasklist.txt" (no quotes)

To Remove any unneeded running Processes

Log on as Administrator
Start | Settings | Control Panel | Administrative Tools | Services

• Default settings for services
• Descriptions of System Services (XP/2003)
• Windows XP Home and Pro Service Configurations by Black Viper
• W2K Tweak Guide

Once completed, repeat the "tasklist /svc" method and compare. 
If you use the "tasklist /svc >tasklist.txt" method, change the second output (to prevent overwriting the previous file)  to: "tasklist /svc >tasklist1.txt" (no quotes) then compare. You can also view this info in System Information, however the text output loses the formatting and is almost unreadable.

Note: to temporarily disable a Service while troubleshooting:
Start | Run (type) "msconfig" (no quotes)
Click on the Services tab, uncheck desired service. (for testing only!)

To display the Process Identifier in Task Manager

Right-click on the Taskbar, select: Task Manager Click on the Processes tab, click View (up top) Select: "Select Columns", and select: PID (Process Identifier) from there you can also select any of the other options available. You can also sort the entries by clicking on the header in each section. Note: Each time you remove or add a Service the PID for the Services.exe entry will change. Protecting your Security and Privacy On a stand-alone system you should disable or at least Stop and set to "Manual" the Remote Access services, unless you really have a need for these. This would include [example] TCP/IP NetBIOS Helper, Telnet, Routing and Remote Access, Remote Access Auto Connection Manager, QoS RSVP, Remote Registry, etc. The point to all this is that the amount of unneeded services running directly affects the amount of Ports open and exposes the user to unnecessary risks. This tends to leave your Firewall full of holes!

Even XP's Firewall (ICF) can achieve "Stealth" results [more info] After a while you'll notice all these things are tied together. If you're getting "Message Service" pop-ups it's usually because one or more of your Ports are open. [more info - on pop-ups] A great place to start is by testing your setup by running ShieldsUP [Internet port vulnerabilities]

Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":

Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.

The SANS Top 20 Internet Security Vulnerabilities
"These non essential services increase the exploit surface significantly."

Microsoft TechNet - Threats and Countermeasures: Security Settings in Windows (XP)
"Therefore, you should disable or remove any unneeded services"

To avoid the above manual method

Sysinternals Freeware - Autoruns - this terrific utility can display and disable (if needed) [screenshot]

Safe XP allows users to quickly tweak various security and privacy related settings in XP.
This is a very useful little freeware utility! Compare the recommended Safe XP settings to the one's on Black Viper's site, then decide for yourself what is needed. [Screenshot]

Windows XP Security Console (MVP site)
Allows you to assign various restrictions to specific users, whether you're running XP Pro or XP Home.

How To: Generate a Printout of running Services

Run HijackThis | Config [button]
Select: "Include list of running processes in logfiles"

Click the "Misc Tools" [button]
Select: "List also minor sections", Select: "List empty sections"

Click "Generate Startuplist log" [button]
Open "Startuplist.txt" and scroll down to: "Enumerating Windows NT\2K\XP Services"

Use Netstat to Determine what Services are "Listening"

	From a Command Prompt (type) "netstat -ano" (no quotes)
To create a text file of this info - (type) "netstat -ano >autocon.txt" You can also use Sysinternals Freeware - TCPView to view a detailed listings of all TCP and UDP endpoints on your system

Related Articles

• Windows 2000 Services tweak guide
• Description of Svchost.exe
• Default Processes in Windows 2000
• Glossary of Windows 2000 Services
• A Description of the "Restore Startup Programs" Option
• How to Modify the List of Programs that Run When You Start Windows [98/NT/2K] [XP]
• Description of Universal Plug and Play Features in Windows ME/XP
• How to Eliminate a Process That Is Not Responding Without Restarting
• Description of the Microsoft Computer Browser Service
• Windows XP Resource Kit (online)

Other Sites with Services Info

• Windows XP Professional Services 1Ghz (redirects to Major Geeks)
• Services in Win XP by James Eshelman - MVP
• WinPatrol [freeware] also has an excellent section on Services

Privacy Policy
Copyright © 1998 - 2007 All rights reserved.
http://www.mvps.org/winhelp2002/services.htm