Running Windows With No Services

mattOzan writes "So how many of the almost 4 dozen default-enabled services does Windows XP really need in order to preserve basic functioning, like web surfing and running applications? Zero, as it turns out. Mark Russinovich at Sysinternals demonstrates that if certain steps are followed, Windows XP will still run with only two active processes: System and Csrss.exe. No Smss.exe, Winlogon.exe, Services.exe, Lsass.exe... And, contrary to the expectations of various lead engineers at Microsoft, even Internet Explorer will still work under such conditions."

No Thanks

[fembots]

From the friendly article:

The bottom line is that this stripped-down Windows configuration is not practical, but makes a cool demonstration of just how little of Windows is required for basic functionality.

• There will be a delay before Explorer redraws the desktop
• won't be able to logoff
• Networking is also crippled

I don't think this stripped-down Windows provides even the most basic functionality expected by many users nowadays.

It's like patients are treated as long as their hearts are beating, even though everything else has shut down.

Re:No Thanks

[cnettel]

It should be no surprise that networking can get quite strange without DNS Client and DHCP Client (among others)...

Nothing for you to see here. Please move along.

[suitepotato]

I hope that message wasn't indicative of what happens when you try not to run any Windows services...

Anywho, of course most of the services aren't needed at all times, but if they aren't turned on by default, a lot of extraneous apps that expect them will either not install or not work correctly. Hence, they are turned on. Are not most services blazing along on Linux by default to the glee of OpenBSD booster?

Alright then. Don't want em, kill em. It's easy, but the average user would have to read up and learn to do it. On whatever OS. Probably easier to leave them running by default so as not to fark things later. Or not because of the inherent security holes. Up to you. I'm ambivalent as long as my Windows boxes are behind a sharing router on private IPs without a lot of forwarding and firewall software.

With respect to resources, I'll check it out some time to see if there's really any improvement. Filed under "Review Later"....

For services you actually should disable...

[rdwald]

Take a look at Black Viper's list of WinXP SP2 services. [dhost.info]

Re:Feel "teh diference"

[Umbral Blot]

Do you know who Mark Russinovich is? Besides writing key books on windows published by Microsoft themselves he is also a very important member of the windows developer community. There is no way in hell Microsoft would want to make him an unsatisfied customer. If they really didn't like what he is doing I bet that they would try to bribe him with large sums of money to stop instead.

Microsoft GA

[badmammajamma]

Apparently Microsoft Genuine Advantage is one of the services you can disable.

Re:No Services on Boot?

[Idimmu Xul]

Really? Does it? Isn't this just an old joke with not much fact to back it up anymore?

You clearly haven't been using a system recently that's been riddled with spyware, I've just had a hell of a time trying to get rid of some stuff on a friends pc that constantly kept rebooting the pc, restarting explorer and crashing winlogon.

Sysinternals > Microsoft

[TopSpin]

Sysinternals is teh r0ks0rz!

No, seriously. If you don't know this, they have a utility called "Process Explorer" for Win32. It's like top on steroids. Actually, its vastly better than top, or any other process monitor I've ever seen. It will show you pretty much everything there is to know about a running Windows process; file handles, TCP connections, you name it. Its small, fast, mercifully lacking a "setup" and free.

They've got a bunch of other stuff for Windows I now consider essential. Check them out.

Re:No Services on Boot?

[Anonymous Coward]

Open up the run box and type in msconfig.

This handy utility will allow you to disable all the annoying tasks you don't need on boot-up.

Re:No Thanks

[gmack]

You will get a system with no networking or GUI and all your drives will be read only and a single root prompt (provided you told it you wanted one).

Re:No Services on Boot?

[PhoenixFlare]

Well Windows "shutsdown" on its own accord often enough, so that isn't a big problem (well it isn't a NEW problem)

Such a wonderful attempt at "humor"/trolling/zealotry.

If it actually happened, it'd be funny, but it doesn't anymore (did it ever?) - not unless you have severe hardware problems or you're so clueless that you let your machine get overrun with viruses and spyware.

Re:Reminds me of the good old days...

[makomk]

Unless of course you kill the mingetty daemons . . .

Init won't let you (it auto-respawns them), and you can't kill init for technical reasons.

Re:This is great!

[wbren]

The parent was joking.

Re:No Thanks

[Bob Uhl]

That just configures networking, though--I don't believe that it leaves many daemons running. Still, a system in runlevel 2 can be quite useful for, say, document preparation (the original use for Unix). Even runlevel 1 can be useful, albeit dangerous (useful because one has a full Unix; dangerous because one is root).

Re:No Services on Boot?

[jonbryce]

I don't think I've ever had Windows shutdown of its own accord since Windows 2000 SP1.

What you say was certainly true in the Windows 98/ME days, but NT based systems are much more stable.

Re:Automating This Procedure, and debunking miths

[Tadrith]

1. Right click on My Computer, and select Manage.
2. Under Storage, select Logical Disk Management.
3. Right click the drive you want to mount under a folder, and click "Change Drive Letters and Paths".
4. Click on Add.
5. Select the option to mount in an empty NTFS folder, and put the folder in.

If you aren't using NTFS, this may not work. I don't have a FAT32 machine handy, though!

Re:No Thanks

[Anonymous Coward]

You CAN get on the net, down to THIS set of services ONLY:

(A direct quote from an article I wrote and built up over the years, & SAME BASIC STUDY/EXPERIMENT as Dr. Mark Russinovich's now, ONLY on this YEARS ago , circa 1999-2001 @ the URL below)

http://www.avatar.demon.nl/APKTuneup.html [demon.nl]

"WoW! On a sort of "off-note", today I learned I can run Win2k & STILL GET ONLINE, DO GAMING ONLINE, WebSurf etc. & only run 4 services! At this point, I am already connected to the net on a cablemodem and hooked into the net...don't do this unless you are on cablemodem (not for dialup users)

The minimum ones are:
---------------------
DHCP Client
DNS Client
Plug & Play
Remote Procedure Call (RPC)
---------------------

If you're on a dialup modem ISP rather than cable or DSL, this is not recommended this "off-note" section (as I used to disable WINS services to stop NetBIOS attacks in NT 4.0 Devices control panel icon, which controls drivers in NT 4 (Or, you could unbind WINS from TcpIP in networking)! I also used to unbind Tcp/IP NetBIOS helper to stop those attacks, this is the more sensible route!)"

* :)

APK

Re:No Thanks

[toddbu]

I've got my own list of stuff that I turn off right after a fresh install. Everything runs just great. Remember, this is a list of stuff to turn OFF:

Alerter
Automatic Updates
COM+ Event System
Distributed Link Tracking Client
Error Reporting Service
Help and Support
IIS Admin
Infrared monitor
IPSEC Services
Logical Disk Manager
Machine Debug Manager
Messenger
Network Location Awareness (NLA)
Remote Registry
Simple Mail Transport Protocol
System Event Notification
System Restore Service
Task Scheduler
Themes
Upload Manager
WebClient
World Wide Web Publishing

Because Windows services support dependencies, some stuff will turn itself back on when needed. But at least you don't take the hit at boot time.

Shutting Down Windows...

[benjamindees]

No Start menu necessary! You just need to know the right options to rundll.

For instance, in Windows 98, it's:

C:\WINDOWS\RUNDLL32.EXE user,exitwindows

Google (along with a bit of experimentation) can help for other versions of Windows.

Re:Reminds me of the good old days...

[Anonymous Coward]

In The Olden Days, you could install a Linux disto without 10,000 daemons running... ah, those were the days... Linux was noticably faster than Windows out of the box! ;)

You still can. I've never met a Linux distribution that installs more than what you tell it to. Granted, some are leaner than others, but I hate it when people bitch about a distribution and how much "bloat" it comes with when they picked the full install option and fed it four disks.

If your Linux has 10,000 daemons running on it when you first boot it up, it's because you told it to.

Re:Shutting Down Windows...

[Anonymous Coward]

Without winlogon running, the ExitWindows and ExitWindowsEx APIs don't work.

Easy

[caveat]

At the login window, enter ">console" for the user, no password. Then use your regular l/p to get a bare Darwin shell. On my dual G4, top shows 99.8% idle when I'm on the console.

Re:There is another name for this:

[plj]

Someone mod parent AC up.

One of the the comments posted to TFA specifically states that winlogon.exe is still running in safe mode – sure it is, how would you otherwise log in? – and killing it as explained in the article enables removing of viruses that attach themselves to winlogon.exe, without a need to boot from external media.

This means that grandparent is simply wrong, safe mode won't kill winlogon.

Re:Math skills.

[Bambi Dee]

Process != service!

Re:No Thanks

[YU Nicks NE Way]

Well, what do you mean by "working"? Without LSASS, your task bar doesn't fill. Without winlogon, you can't log off without shutting the system down, and you can't log in at all. Yes, you can start Explorer, but only until the various cached user objects start to age out; at some point, that will stop working, I suspect.

In short, they're both right: for a while after you do this, the system will "mostly work" with only a few glitches. However, it won't "really work".

Re:No Thanks

[jericho4.0]

Most systems run dhcp as a service, because an ISP only gives them with a time limited lease. My ISP (Telus, whom I hate due to a recent /. story and crap service) only gives them for and hour and cancels it. That's assuming the dhcp servers are up, of course.

Re:Automating This Procedure, and debunking miths

[value_added]

What you wrote is s essentially correct, but is a feature of NTFS, so FAT32 is out of the question.

The 'subst' command also works, as does the ResKit's 'linkd' and Sysinternals 'junction'. All of these, however, have limitations that aren't readily apparent, so none is a substitute for the 'Map Drive to Folder' approach (as though that isn't limited as well).

The feature is a welcome addition, though lame compared to what's possible in *nix. I won't hold my breath waiting for DOS remnants like drive letters will go away any time soon.

Re:Optimization

[mixmasterjake]

You could create a batch file to turn off/on services to a level that suited your particular needs at that moment. just create a batch file like so:

echo Closing Down...
net stop "Help and Support"
net stop "IIS Admin"
net stop "Messenger"

when you're done playing your game or whatever, you can start 'em back up with another batch file:

echo Starting Up...
net start "Help and Support"
net start "IIS Admin"
net start "Messenger"

(new-school guys could probably do this easily with a neato vbs script.)

I have a couple of batch files that I use for just this purpose. I work with a few different server setups like, Apache + MySQL, IIS + SQL Server, etc. When I'm working on one, I can turn off all the other stuff I don't need.

Re:No Thanks

[asretfroodle]

That's probably because he was talking about Linux - Debian without the init scripts.

If you're browsing with a high comment threshold, checking the parent link is necessary for some posts.

Re:No Thanks

[dAzED1]

sad that you got modded "informative..." (not being insulting, just saying).

your dhcp client only runs once. That's it. It's not a service. Tell me what port it's polling on? What would the dhcp "service" be doing, anyway?

If your provider only grants a 1 hour lease, then the provider, within the hour, is checking to see if your mac still has that IP. That's it - your "service" is doing nothing.

Do a scan on your box and tell me what port you think is open that is constantly sending arp traffic. What OS, even? Windows? Turn off your dhcp "service," and statically set your ip to what your dhcp client had gotten. You'll find you're still perfectly fine.

Just what is it you think this "service" is doing to maintain the lease?

You CAN Kill System Processes From Task Manager

[Master of Transhuman]

Supposedly - IF you run Task Manager from PowerPrompt which starts up a shell with System privilege.

Hard to find a downloadable copy of PowerPrompt though, you really have to search Google for it.

Great tool for trashing spyware that's protected by Windows itself.

Re:For services you actually should disable...

[rdwald]

From the same site:
Windows 2000 services [dhost.info]

He doesn't have a list for Windows 2003, however.

Re:Lots of work

[Anonymous Coward]

NT (including 2000 and XP) has a completely different architecture. I figure, you'd want to replace something like WINLOGON.EXE, or whatever the closest equivalent of init there is on Windows. I'm sure there are people here who are a lot more knowledgable about how WinNT starts.

No, you can't. I tried that and it bluescreened. As far as I can figure, WINLOGON.EXE creates the windowstation, and that is not a documented API call (contrary to what you might thing, CreateWindowStation doesn't do it).

Re:So how about Mac OS-10.4?

[Listen Up]

The parent post is not entirely true. Either that or he/she is running Mac OS X 10.4 on a G3 300Mhz beige desktop system with a multiple year old video card. Even on moderate hardware (G3/G4 1Ghz+) with a moderate video card (Radeon/GeForce) OS X 10.4 has been nothing but exceptional for me. It is ridiculous how many non-OS X using Mods moderate posts.

If you are really having trouble with OS X 10.4, you can do a couple of things:


1) Upgrade from 5-10+ year-old Apple hardware (most complaints about OS X are from extremely underpowered hardware...Even new Linux distributions choke on underpowered hardware)

2) Start from a clean 10.4 installation. Most upgrades from 10.3.x tend to have a problem or two associated with the upgrade. And upgrading to a clean install is incredibly easy with OS X. Just use the option to do so from the Installer.

3) Turn off all Dashboard Widgets (with no Widgets active, Dashboard takes essentially 0 RAM or CPU)

4) You can even turn off Dashboard (you can find the utilities on VersionTracker)

5) Although I have never yet had a problem with it, and I absolutely love its search capabilties, you can turn off SpotLight (Change SPOTLIGHT=-YES- to SPOTLIGHT=-NO- in /etc/hostconfig) As an added note, you can control almost all of your services from the hostconfig file.

6) Look in /Library/StartupItems/ and /System/Library/StartupItems/ for other startup services

7) Wait for future updates to 10.4 as Quartz 2D Extreme and other video enhancements/improvements are disabled right now for more testing and will be re-enabled in the future.


Simply bad-mouthing OS X 10.4 is wrong. It works perfectly on my iBook and PowerMac and works for millions of other people as well. On a brand-new, default installation of 10.4.2 on my iBook I am averaging 42.91MB of RAM usage. Not exactly RAM intensive. The CPU is never peaked out except under extremely heavy usage (you can use the Activity Monitor application to permanently place a CPU meter on your desktop or in your Dock). While there are reports on the internet that some people are saying they had better video performance under 10.3.9, it would be a better comparison between the two when 10.4.9 comes out, because 10.3.9 is highly optimized at this point. Also, try searching Google for some optimization tips, there are a ton of Mac-centric website full of little performance tips for OS X.

Re:Reminds me of the good old days...

[typical]

The daemons are not what is slowing you down, unless they're polling.

Most of what the perceptual slowness is in Linux comes from a couple things.

* Inefficient GUI software. GNOME 2 software simply starts up and runs more slowly than GNOME 1 software.

* Heavyweight desktop managers and similar programs. I use sawfish, have a copy of gkrellm running, and use xbindkeys to launch all my programs Most of what I have open at any one time are Firefox windows, xterms (not the far slower gnome-terminals), and xemacs windows. These are all interactive programs, but things are much snappier when running these than when running the GNOME or KDE suites.

* Use accelerated drivers. There aren't that many that have RENDER acceleration, for example, and without that, all the antialised character blits to the screen are unaccelerated -- one reason why the antialiasing in GTK/GNOME 2 "felt" so slow. I use a Radeon 9250/128 bit data path and have no problems.

For all that, there's still a few things I'd like to point out.

* As a kernel, Linux *is* generally faster than Windows. You might be using slower userspace software, though.

* In The Olden Days, Linux distros tended to have an awful lot more daemons running out of box -- my Red Hat 5.2 box, IIRC, ran fingerd, ftp, ssh, telnet, and I think even a web server by default. There might be more -- talk might have been in there as well.

* Linux does a pretty good job of paging. If a daemon isn't doing anything, it isn't going to be consuming your resources.

Worked on one today with 122 Days

[b00m3rang]

2k3 Server. Then again, I built it from scrach and installed the OS, so it had half a chance :).

(FreeBSD admin by choice, Windows admin by necessity)

Exactly

[Moraelin]

Yep, I wholeheartedly aggree with your whole message.

Once Linux started shipping on CD's, as opposed to the early stack-o-floppies installs, the first reaction was to install and activate everything they could possibly download and pack on that CD.

(And I suppose the fact that at the time the flamewar was "but my Linux system gives me more free stuff than your Windows comes with", also didn't help the cause. Everyone just _had_ to pack 5 web servers and 20 IRC clients on a CD, and offer to install them by default, just to brag about how much more stuff they include than MS does.)

I didn't use RH at the time, but I do still remember installing SuSE in 1999. (Although I did briefly have Linux installed too, the stack-o-floppies way, prior to 1999 I was by and large an OS/2 fanboy.)

Ooer. Now that offered to install everything and the kitchen sink by default, and pretty much everything depended on everything else. I _know_ at least Apache was installed and started by default, because some documentation module depended on it. But it's more like it offered to install and start by default some 2-3 web servers, _and_ MySQL and god knows what else.

By comparison, nowadays most distros got a bit more clue. And then there's Gentoo. I'm not the biggest fan of Gentoo generally, but there you only have the stuff you've emerged, and the stuff it had a dependency on. If you haven't explicitly emerged Apache or PHP or such, there's just no way you'll have a web server on that machine.

And, yeah, you're right about the heavyweight GUIs and desktop managers. Looking back in retrospect at the times when we used to brag "my Linux starts faster and uses less memory" with a straight face, I have to wonder where and what went wrong.

I still remember compiling and starting KDE 2.0 on my old 128 MB K6-III. I mean, gah, all my memory was used up with just that and X before I even started any programs. And it just went downhill from there. Nowadays Windows XP actually loads faster, used up less RAM and is more responsive than a KDE 3.x desktop, and that's just bloody sad.

Mind you, I too use a more lightweight desktop, which keeps things a lot snappier. I'm on XFCE at the moment, and for a long time I was a IceWM+DFM proponent. Gave me something pretty close to a Windows desktop (DFM managed the desktop nicely, IceWM took care of the task bar and menu) on a couple of megs RAM.

But still, as soon as I load a couple of programs, I get all the GNOME2 and KDE libraries in RAM anyway.