Nmedia - Fotolia


How to safely stop unnecessary Windows 10 services

Windows 10 comes with a lot of services, but not all of them are necessary. Consider stopping unnecessary Windows 10 services to boost performance and security.

Windows 10 relies on a vast array of services to enable and supplement OS capabilities, but not all services installed on a Windows 10 PC are required for normal everyday operation.

Administrators can decide which services to start automatically at boot time or they can exert additional control to start, stop, restart or simply disable certain services. This enables PC administrators to tailor the service suite on a system to optimize performance, reduce resource use, secure the system against intrusion or even aid in system troubleshooting.

It is important for PC users and IT administrators to apply due diligence if they decide to stop Windows 10 services. IT should understand what each service does, its dependencies, and the potential consequences of stopping or disabling the service.

Reasons to stop Windows 10 services

The most common reason to stop Windows 10 services is to boost the OS performance. Since Windows must run each service in the background, disabling unnecessary services eases the computing load, albeit slightly. This doesn't necessarily guarantee better performance for other applications, but it's usually helpful to free up unnecessary interruptions in CPU cycles. If performance is the primary goal, it's important to validate the effectiveness of the tactic by benchmarking the performance of a target application before and after service streamlining.

A second reason to disable unnecessary services is to reduce the Windows resource footprint, such as memory usage, on the computer. While most modern PCs have ample resources for large OSes such as Windows, older systems or systems with demanding applications can sometimes be starved for resources.

The most common reason to stop Windows 10 services is to boost the OS performance.

One common example is virtualization, which enables a computer to run two or more VMs. As an example, desktop virtualization can allow the same computer to run everyday Windows 10 in one VM, and then run some version of Linux or macOS in another VM. Virtualization is designed to use much more of a computer's available resources, eliminating the need to buy additional computers, but resources can get tight, and disabling unnecessary services can help fit that next VM onto the system.

A third reason to disable unnecessary Windows 10 services is to make a computer more secure. Simply curtailing unnecessary communication or remote access capabilities can prevent potential vectors of attack. However, it is also possible to disable vital security services, so IT admins must avoid accidentally exposing the system to outside threats.

IT can disable some services as an aid to system troubleshooting. As one example, a computer may be unable to release and renew an IP address automatically if the Dynamic Host Configuration Protocol Client service stops -- the traditional ipconfig /release and ipconfig /renew commands don't work. By checking and restarting the DHCP Client service, a system administrator or knowledgeable user can basically "fix" the system's automatic IP addressing.

Accessing services

IT administrators or users with administrative privileges can access the Windows 10 Services applet by simply typing services.msc in the Windows 10 search area of the Taskbar. The search will return an application entry called "Services." Click the Services entry in the search list, and the Services dialog will open.

Services dialog
The interface of the Services dialog.

To examine the services specific to the PC, select the Services (Local) entry in the left menu list. The Services dialog will then provide a list of installed services and a brief description. Select the Extended tab at the bottom of the dialog to see additional text such as descriptions and options for each selected service.

Each service shows its Status indicating whether a service is running, stopped or not loaded/running (blank). Status is heavily influenced by the varied Startup Type options available:

  • Automatic services load and start at boot time and are usually running. Disabling these unnecessary services will typically have the greatest effect on system performance. IT can disable automatic services by setting the Startup Type to Manual or Disabled.
  • Automatic (Delayed Start) services will start just after the system boots. IT can disable automatic (Delayed Start) services by setting the Startup Type to Manual or Disabled.
  • Automatic (Delayed Start, Trigger Start) services will start after the system boots, but only when the service is called. The service will not run if it is not called.
  • Manual services allow Windows to start a service if it is needed. In many cases, Manual services are often unnecessary and are not currently running. Manual services typically do not influence performance and IT does not need to specifically disable them.
  • Manual (Trigger Start) services allow Windows to start services when the service is specifically called. If the service is not called, the service will not start. The service will run once triggered by Windows or a third-party application. Unnecessary Manual (Triggered Start) services can be disabled by setting the Startup Type to Disabled.
  • Disabled services will not start even if the service is called, and this can sometimes cause unwanted or regularly occurring errors in Event Viewer. IT can set disabled services that result in unwanted error messages to Manual.

Administrators and users can manage services by right clicking the desired service and selecting Properties from the context menu. The Startup Type and Status can be adjusted through the General tab. Simply click Apply to accept any changes and select OK to close the service's Properties dialog. Advanced administrators and users can also use the service's Properties to control how the service recovers from a service failure, and to see any dependencies associated with the service.

Properties tab
The Properties tab of the AVCTP service.

Commonly disabled services

A typical PC can list hundreds of individual services, so it is impossible to make recommendations about disabling each one. However, there are common services that many Windows 10 computers share that IT admins can potentially disable.

Communication services

Computer communication is essential to most PCs, but there are numerous ways to communicate, and some unused avenues of communication can be shut down to better protect the system from intrusion.

  • Bluetooth Support Service handles discovery and association of Bluetooth devices. Stopping or disabling this service will prevent installed Bluetooth devices from operating properly and prevent the computer from discovering or pairing new devices. Disable this service (and associated services such as Bluetooth Audio Gateway Service and Bluetooth User Support Service) if the computer does not use Bluetooth devices.
  • Infrared Monitor Service handles management and file transfers using infrared devices. This service is only installed if infrared devices are available/supported on the PC. Stopping or disabling this service will prevent infrared devices from operating. Disable this service if the computer does not use infrared devices for file transfers.
  • Internet Connection Sharing is a legacy service that handles network translation, addressing, name resolution, DNS, and intrusion protection for home and small office networks. Windows 10 usually runs this as a Manual (Trigger Start) service which does not regularly run, even on PCs with active internet connections. It may not be necessary to disable this service, but IT admins can do so if they desire.
  • Remote Registry service enables remote users to change registry settings on the PC. Disable this service to prevent remote changes to the registry.
  • TCP/IP NetBIOS Helper service supports NetBIOS over TCP/IP and NetBIOS name resolution. This allows workgroup users to share files, print and log on to the LAN. This service is often Manual (Trigger Start) but running, so disabling this service will prevent network printing and so on. Disable this service if the PC is not part of a LAN, using a network-based printer and so on.
  • Telephony service provides Telephony API support for applications that use telephony devices on the local computer. Disable this service if there are no telephony devices used on the PC.

Media services

Computers handle a wide range of services related to audio and video. Systems that do not handle audio and video can potentially forego related services.

  • Audio Video Control Transport Protocol service handles some Bluetooth elements, and can be disabled if the PC does not use Bluetooth audio device or wireless headphones.
  • Fax service enables the PC to send and receive faxes. Admins can stop this service if the PC is not intended to support fax operation, which is also dependent on other services such as print spooling and telephony.
  • Touch Keyboard and Handwriting Panel service handles touch keyboard and handwriting management for late model PCs such as Microsoft Surface Pro PCs. Some users find touch keyboards annoying and prefer to use the pen as a mouse-type input device. Disable this service to stop the touch keyboard from running.
  • Windows Camera Frame Server service allows multiple client devices to access video frames from cameras. Admins can disable this service if the PC is not used for video or video editing tasks.
  • Windows Image Acquisition services support image handling from scanners and cameras. This service is often started automatically, but IT can disable it if the PC is not receiving image data from scanners or cameras.

Security services

It is never a sound policy to disable security services, but it can be safe to disable certain services that go unused, such as encryption or smart cards, or have been replaced by other third-party security services, such as firewalls.

  • BitLocker Drive Encryption service provides secure OS boot and full volume encryption for storage volumes. When BitLocker is used, it locks and unlocks volumes, relies on Active Directory for recovery and can even support recovery certificates. However, if BitLocker encryption is not being used, IT can stop the service.
  • Certificate Propagation service is typically related to smart card use, copying user and root certificates from smart cards into the user's certificate store. If smart cards are not used, this service can be stopped or disabled.
  • Encrypting File System service supplies the principal mechanisms needed to store encrypted files on NTFS volumes. If users do not access encrypted files on the computer, admins can stop this service.
  • Netlogon service handles the connection between the PC and the local domain controller that authenticates users and network services such as DNS. IT can stop this service if the PC is not part of a network domain, such as a Windows workgroup.
  • Smart Card Services handle smart card operations by the PC. Smart cards are tamper-proof devices used to enhance authentication security for tasks such as system sign-on and securing email. IT can stop this service, along with the Smart Card Device Enumeration Service and Smart Card Removal Policy Service if the PC does not employ smart cards.
  • Windows Defender Antivirus Service is basically the default antimalware tool under Windows and should NOT be stopped or disabled unless there is another third-party antivirus or antimalware software tool running on the PC.
  • Windows Defender Antivirus Network Inspection Service is the default intrusion detection/prevention tool under Windows and should NOT be disabled unless there is another third-party intrusion detection system/intrusion prevention system running on the PC.
  • Windows Defender Firewall is the default network firewall under Windows that checks and controls network traffic access to communication ports, blocking unauthorized access to the computer across the internet or LAN. IT should NOT disable this service unless there is another third-party firewall running on the PC.

Windows services

Some Windows services are considered intrusive. IT can disable many Windows 10 services to reduce the Windows 10 footprint.

  • File History service makes copies of files to a backup location, enabling users to recover files from accidental loss. IT admins can disable this service if they prefer, but recovery capabilities will be unavailable.
  • Parental Controls service enforces parental control choices for child accounts under Windows. Admins can disable this service if there are no child accounts on the system, but parental controls will not be enforced.
  • Print Spooler service organizes print jobs and printer management. If the computer does not use a printer, scanner or fax, the printer spooler service can be stopped or disabled.
  • Sensor Service manages various sensors on mobile devices such as Microsoft Surface Pro for tasks such as device orientation sensors for display auto-rotation. When Windows 10 is installed on a desktop, IT can disable the Sensor Service, along with related services such as Sensor Monitoring Service and Sensor Data Service.
  • Windows Biometric Service enables applications to capture, compare, manipulate and store biometric data. If the PC does not access biometric hardware or samples, the service can be stopped or disabled.
  • Windows Error Reporting Service can send error information to Microsoft when programs stop working, as well as produce logs for diagnostic and repair services. IT can stop this service on static, well-proven systems where errors and diagnostic requirements are rare but stopping the service will prevent error reporting and diagnostic logging.
  • Windows Insider Service must be enabled for the computer to use the Windows Insider Program. However, this is primarily for software developers and power users with an interest in using early builds and other software. IT can disable this service for users that do not participate in the Windows Insider Program.
  • Windows Mobile Hotspot Service allows a computer to share a cellular data connection with another device. If the computer does not have a cellular connection available such as a smartphone, IT can disable the service.
  • Windows Time Service handles date and time synchronization for all clients and servers in the network. If the computer is not responsible for synchronizing network operations, the service can be stopped or disabled.

3 best practices to stop Windows 10 services

Always read the detailed description that accompanies each service and make an informed determination as to whether a specific service is needed on a computer. Not all services listed in this tip can be safely disabled on every computer.

Disable only one service at a time and validate that the PC is working properly before disabling subsequent services. This way, it is a simple matter to trace unexpected errors or functionality loss to the corresponding service and re-enable it quickly.

Establish a system restore point before working with services. In many cases, unexpected problems arising after disabling services can be corrected by recovering the system restore point.

Dig Deeper on Windows OS and management

Virtual Desktop