| Alerter |
| Makes it possible to automaticly sent messages to registered users,
about certain system events or alerts when they happen. The registered
users needs to have the Messenger service started to receive the messages. |
| |
| Application Layer
Gateway Service |
Allows 3rd party software plug-ins to interface
with the Internet Connection Sharing and Internet Connection Firewall.
For example if having a plug-in for monitoring or logging firewall
activity, or a plug-in to allow a 3rd party protocol to pass through the
router functionality of ICS/ICF.
Note one of these 3rd party protocols is the MSN Messenger, and if this
service is disabled the application cannot pass through the ICS/ICF. |
| |
| Application
Management |
| Is used to provide software installation services
such as Assign, Publish and Remove. It handles deployment of software
for computers joined to a domain. |
| |
| Automatic Updates |
Enables automatic
monitoring, download and installation of
critical Windows updates. If the service is
disabled the operating system can still be
updated manually.
Note if wanting to disable this service one
should first turn off the Automatic Updating
feature:
- Win2k SP3+:
Control Panel -> Automatic Updates-applet.
- WinXP/Win2k3: Right
click My Computer, select
Properties and go to Automatic
Updates-tab.
Note after WinXP SP2 one
cannot use the Start-Menu shortcut (WUpdMgr.exe)
without having this service running, but the
direct URL
windowsupdate.microsoft.com still works.
One can configure the current configuration
(Applied when service is started):
[HKEY_LOCAL_MACHINE
\Software \Microsoft \Windows \CurrentVersion
\WindowsUpdate \Auto Update]
AUOptions = 2 (Degree of user
interaction)
1 = Disables AU (Same
as disabling it through the standard
controls)
2 = Notify Download and Install
(Requires Administrator Privileges)
3 = Notify Install (Requires
Administrator Privileges)
4 = Automaticly, no notification (Uses
ScheduledInstallTime and
ScheduledInstallDay)
DetectionStartTime
= "2003.09.10 12:38:10" (Local Time, when
the detection process began)
LastWaitTimeout = "2003.09.10
11:43:10" (GMT Time, next time it should
check for updates)
ScheduledInstallTime = 0 (0-23 hour
of the day it should automaticly install the
downloaded updates)
ScheduledInstallDay = 0 (1-7 day of
the week it should automaticly install
downloaded updates, 0 = Every day)
AUState = 2 (The state of AU for
diagnostic)
0 = Initial 24 hour
timeout after detecting Internet
Connection
1 = Waiting for user to run AU wizard
2 = Detect pending (Looking for new
patches)
3 = Download pending (waiting for user
to accept pre-download prompt)
4 = Download in progress
5 = Install pending (Waiting for install
of downloaded patches)
6 = Install complete
7 = Disabled (AUOptions will also be set
to a value of 0x1)
8 = Reboot pending (Waiting for reboot
required by installed patches)
One can configure AU through
policies (Applied when service is started):
[HKEY_LOCAL_MACHINE
\Software \Policies \Microsoft \Windows \WindowsUpdate
\AU]
NoAutoUpdate = 0 (1 = Disables AU and
any controls to configure it)
AUOptions = 2 (Degree of user
interaction)
2 = Notify Download
and Install (Requires Administrator
Privileges)
3 = Notify Install (Requires
Administrator Privileges)
4 = Automaticly, no notification (Uses
ScheduledInstallTime and
ScheduledInstallDay)
NoAutoRebootWithLoggedOnUsers = 1 (0 =
allows the system to reboot the computer
while users are logged on)
ScheduledInstallDay = 0 (1-7 day of
the week it should automaticly install
downloaded updates, 0 = Every day)
ScheduledInstallTime = 0 (0-23 hour
of the day it should automaticly install the
downloaded updates)
RescheduleWaitTime = 1 (1-60 minutes
after it has downloaded an update then it
starts installing it)
UseWUServer = 0 (1 = Use Windows
Update server specified in WUServer)
DetectionFrequency = 22 (1-22 Hours
between detection)
One can configure an internal
Software Update Service (SUS) if UseWUServer=1
(To save bandwidth):
[HKEY_LOCAL_MACHINE
\Software \Policies \Microsoft \Windows \WindowsUpdate]
WUServer = "http://intranetsus"
WUStatusServer = "http://intranetsus"
Note to avoid nagging about
installing service pack 2 until April 12 2005,
then apply this registry tweak:
[HKEY_LOCAL_MACHINE
\Software \Policies \Microsoft \Windows \WindowsUpdate]
DoNotAllowXPSP2 = 1
|
|
|
|
| Background
Intelligent Transfer Service (BITS) |
Transfers files in the background using idle
network bandwidth, uses the HTTP protocol and supports resuming of
broken downloads.
The BITS can be ordered to a download file, but suspends the file
transfer if the user logs off but resumes at logging on again.
The BITS starts when a file is added to its download queue, when the
queue is empty the service stops again. |
| |
| Clipbook Service |
Is used to access the machine's clipboard remotely using the
NetDDE service.
It is an old service from the NT 3.X days.
Note Acrobat Reader has a menu option Window -> "Show
Clipboard", which starts the Clipboard Viewer in Windows (Can be
installed through Add/Remove Programs in Control Panel). Windows
Clipboard Viewer uses this service and will fail to operate if
it is disabled. |
|
| Computer Browser |
Enables the computer to participate in the
election for maintaining the browser list
The browser list contains all computers, that
have announced themselves on the network through
the Server service
- Home Network: This service only need to
be activated on a single computer
- Corporate Network: The Active Directory
should be used instead
Note even if no computer is maintaining the
browser list, then it is still possible to
access remote shares by creating direct
shortcuts or mapping network shares (\\computername\sharename). |
|
|
|
| COM+ Event System |
Provides automatic distribution of events to COM+ components.
Note if disabling this service then at every boot there will be
generated a warning in the Event Log about this service not running.
Note in WinXP the prefetching and bootvis are dependent on this service. |
| |
| COM+ System
Application Service |
Manage configuration and tracking of COM+
based components.
Effects caused by disabling this service:
- COM+ applications will fail to run
- Note COM+ applications uses the Distributed Transaction Coordinator
to maintain transaction state, so if it
is disabled then COM+ applications will
also fail to run.
- COM+/OLE registration will not work
- At every boot a warning will be in the
Event Log
|
|
|
|
| Cryptographic
Services |
Provides 3 types of
services:
- Catalog Database
Service, which confirms the signatures of
Windows files (Windows File Protection) and
whether drivers are signed correctly (WHQL)
- Protected Root
Service, which adds and removes Trusted Root
Certification Authority certificates from
this computer
- Key Service, which
helps enroll this computer for certificates
Note that Windows Update and
Windows File Protection will not work if this
service is not set to Automatic, and will
complain when manually installing drivers and
updates/servicepacks for Windows with the error:
Setup could not verify
the integrity of the file Update.inf. Make
sure the Cryptographic service is running on
this computer
Note the database, that
contains information of what updates have been
applied, can become corrupted and will cause
this service to fail. To clear the database
execute the following commands (If getting
access denied when renaming the directory, then
boot in safemode and try again):
- net stop cryptsvc
- ren %systemroot%\system32\catroot2
oldcatroot2
- net start cryptsvc
Note if this service haven't
been start for some reason, then when trying to
disable a network connection like Local Area
Connection, one will get the following error:
Error Disabling
Connection
It is not possible to disable the connection
at this time. This connection may be using
one or more protocols that do not support
Plug-and-Play, or it may have been initiated
by another user or the system account.
|
|
|
|
