Windows 10 - Which services and Windows features and so on are unnecesary and can be safely disabled? [closed]
I am a Windows power user, tweaker, and tinkerer. I use Windows Explorer, cmd, Control Panel, PowerShell and everything that can be accessed from the Control Panel very often.
Recently I have done a repair install/update on my computer, updated my operating system from Windows 10 2009 to Windows 10 20H2 (Windows 10 Pro N for Workstations x64), because I have run the following:
dism /online /cleanup-image /scanhealth
dism /online /cleanup-image /restorehealth
dism /online /cleanup-image /restorehealth /source:D:\sources\install.wim
sfc /scannow
Over and over again and they kept saying my "system is fine, everything is fixed..." despite the fact that my system wasn't fine and everything remained unfixed...
There existed a myriad small problems, and I have tried everything I can find online except reinstalling OS because I didn't want to reinstall Windows again. I suspect they must be related to registry, caused by my modifying of the system, because my hardware is potato (underpowered), having only 4 GB RAM with Intel HD Graphics, total usable primary memory 3798 MB, and a 2.00 GHz quad-core CPU...
So far these are what I did to my system. I disabled dozens of unnecessary services and features, because I know I don't need them.
I am not administrating a server of any kind. I don't use streaming services, I don't encrypt my hard disk, and I don't have any Bluetooth device or Xbox or any other toys.
I am not in a homegroup, I am not file sharing, I don't use NFS, I don't have any contacts, I am using wired broadband PPPoE Ethernet connection, my computer is desktop, and I don't use printers.
I don't use any human interface devices, I have no smart card, I don't sync settings, and I don't use autoplay and autorun...
File WindowsServicesToBeDisabled.txt/
AppHostSvc
BDESVC
BthAvctpSvc
CDPSvc
CertPropSvc
CscService
DPS
DeviceAssociationService
DiagTrack
DusmSvc
EFS
FDResPub
FontCache
FontCache3.0.0.0
IISADMIN
MSMQ
MSMQTriggers
NetMsmqActivator
NfsClnt
PcaSvc
PhoneSvc
PrintNotify
QWAVE
RemoteAccess
RemoteRegistry
RmSvc
SCPolicySvc
SCardSvr
SSDPSRV
ScDeviceEnum
SessionEnv
SharedAccess
ShellHWDetection
Spooler
SysMain
TabletInputService
TapiSrv
TermService
UmRdpService
WSearch
WbioSrvc
WdiServiceHost
WdiSystemHost
WerSvc
WlanSvc
WwanSvc
autotimesvc
bthserv
fdPHost
ftpsvc
hidserv
icssvc
vds
wercplsupport
File WindowsFeaturesToBeDisabled.txt
Printing-PrintToPDFServices-Features
Printing-XPSServices-Features
SearchEngine-Client-Package
MSRDC-Infrastructure
TelnetClient
TFTP
TIFFIFilter
Printing-Foundation-Features
Printing-Foundation-InternetPrinting-Client
Printing-Foundation-LPDPrintService
Printing-Foundation-LPRPortMonitor
Windows-Identity-Foundation
WCF-HTTP-Activation
WCF-NonHTTP-Activation
IIS-WebServerRole
IIS-WebServer
IIS-CommonHttpFeatures
IIS-HttpErrors
IIS-HttpRedirect
IIS-ApplicationDevelopment
IIS-Security
IIS-RequestFiltering
IIS-NetFxExtensibility
IIS-NetFxExtensibility45
IIS-HealthAndDiagnostics
IIS-HttpLogging
IIS-LoggingLibraries
IIS-RequestMonitor
IIS-HttpTracing
IIS-URLAuthorization
IIS-IPSecurity
IIS-Performance
IIS-HttpCompressionDynamic
IIS-WebServerManagementTools
IIS-ManagementScriptingTools
IIS-IIS6ManagementCompatibility
IIS-Metabase
WAS-WindowsActivationService
WAS-ProcessModel
WAS-NetFxEnvironment
WAS-ConfigurationAPI
IIS-HostableWebCore
WCF-HTTP-Activation45
WCF-TCP-Activation45
WCF-Pipe-Activation45
WCF-MSMQ-Activation45
IIS-StaticContent
IIS-DefaultDocument
IIS-DirectoryBrowsing
IIS-WebDAV
IIS-WebSockets
IIS-ApplicationInit
IIS-ASPNET
IIS-ASPNET45
IIS-ASP
IIS-CGI
IIS-ISAPIExtensions
IIS-ISAPIFilter
IIS-ServerSideIncludes
IIS-CustomLogging
IIS-BasicAuthentication
IIS-HttpCompressionStatic
IIS-ManagementConsole
IIS-ManagementService
IIS-WMICompatibility
IIS-LegacyScripts
IIS-LegacySnapIn
IIS-FTPServer
IIS-FTPSvc
IIS-FTPExtensibility
MSMQ-Container
MSMQ-DCOMProxy
MSMQ-Server
MSMQ-ADIntegration
MSMQ-HTTP
MSMQ-Multicast
MSMQ-Triggers
IIS-CertProvider
IIS-WindowsAuthentication
IIS-DigestAuthentication
IIS-ClientCertificateMappingAuthentication
IIS-IISCertificateMappingAuthentication
IIS-ODBCLogging
DataCenterBridging
SmbDirect
HostGuardian
MultiPoint-Connector
MultiPoint-Connector-Services
MultiPoint-Tools
Windows-Defender-Default-Definitions
WorkFolders-Client
HypervisorPlatform
VirtualMachinePlatform
Client-ProjFS
Containers-DisposableClientVM
Microsoft-Hyper-V-All
Microsoft-Hyper-V
Microsoft-Hyper-V-Tools-All
Microsoft-Hyper-V-Management-PowerShell
Microsoft-Hyper-V-Hypervisor
Microsoft-Hyper-V-Services
Microsoft-Hyper-V-Management-Clients
Client-DeviceLockdown
Client-EmbeddedShellLauncher
Client-EmbeddedBootExp
Client-EmbeddedLogon
Client-KeyboardFilter
Client-UnifiedWriteFilter
DirectoryServices-ADAM-Client
Windows-Defender-ApplicationGuard
ServicesForNFS-ClientOnly
ClientForNFS-Infrastructure
NFS-Administration
Containers
SMB1Protocol
SMB1Protocol-Client
SMB1Protocol-Server
SMB1Protocol-Deprecation
Command Prompt (I can use PowerShell, but cmd is simpler and I can just double click a .bat file to run them...):
for /f "delims=" %%i in (%CD%\WindowsFeaturesToBeDisabled.txt) do (
echo %%i
dism /online /disable-feature /featurename:%%i
)
for /f "delims=" %%i in (%CD%\WindowsServicesToBeDisabled.txt) do (
echo %%i
sc config %%i start=disabled
)
reg add HKLM\SYSTEM\CurrentControlSet\Services\BluetoothUserService_1bb7a33 /v Start /t REG_dword /d 4 /f
reg add HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_1bb7a33 /v Start /t REG_dword /d 4 /f
reg add HKLM\SYSTEM\CurrentControlSet\Services\ConsentUxUserSvc_1bb7a33 /v Start /t REG_dword /d 4 /f
reg add HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_1bb7a33 /v Start /t REG_dword /d 4 /f
reg add HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_1bb7a33 /v Start /t REG_dword /d 4 /f
reg add HKLM\SYSTEM\CurrentControlSet\Services\wscsvc /v Start /t REG_dword /d 3 /f
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments /v SaveZoneInformation /t REG_dword /d 00000001 /f
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations /v LowRiskFileTypes /t REG_SZ /d ".avi;.bat;.com;.cmd;.exe;.htm;.html;.lnk;.mpg;.mpeg;.mov;.mp3;.msi;.m3u;.rar;.reg;.txt;.vbs;.wav;.zip;" /f
REG delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations /v ModRiskFileTypes /f
REG ADD "HKCU\Environment" /V SEE_MASK_NOZONECHECKS /T REG_SZ /D 1 /F
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /V SEE_MASK_NOZONECHECKS /T REG_SZ /D 1 /F
To date I haven't found a way to directly modify group policy settings and modifying the registry does not change what is set in gpedit.msc, so I will just list the I changes made:
\Windows Components\Autoplay Policies disabled
\Windows Components\Biometrics disabled
*SmartScreen all Turned off
\Windows Components\OneDrive disabled
\Windows Components\Search all disabled
\Windows Components\Sync your settings all "Do not sync" enabled
\Windows Components\Windows Mobility Center turned off
Now did I disable anything that is absolutely necessary to Windows. Without it, will Windows become unstable, behave erratically and even shut down instantly, or will it cause Windows to freeze randomly and become completely unresponsive every 6 hours or so or cause Windows Settings to detect a stack-based buffer overrun and crash or be unable to run all UWP appx'es? What have I done wrong...
Update: Now I have finally remembered! The memory just suddenly struck after evading me for so long... Now I can confirm none of the problems stemmed from my modifying of the system. I googled every one of them and made sure I don't need them, and my system was fine without them...
No, all of these came shortly after I interrupted running Windows Update, because it auto-updated without my consent or even knowledge, and Windows Module Installer Worker used 50% of the HDD (I have an external 2 TB HDD), hundreds of mebibytes RAM, 33% CPU and slows down my PC horribly, and it just kept running...
So I killed it; I stopped WMIW (TiWorker.exe)... I said to myself it was fine, everything is going to be OK... But it's then when the system went south... Now I don't understand. Why can't DISM and SFC fix the failed Windows Update?
Update: Someone wanted to know the exact make of my computer, though I would like to value my privacy and I personally think it's irrelevant. I will post my computer's system specification below (in pictures, because pictures say more than words):
And about storage:
Don't waste your time disabling services. It will only make it crawl a tiny bit faster at the cost of reliability, security and ease of use. Default configuration is fine.
You need more RAM. 4 GB is just not enough these days and you're sharing it with iGPU. With less than 4 GB of RAM the system will heavily rely on paging which is will slow everything down.
Your motherboard is using DDR3 memory in laptop form factor (SODIMM). Add extra 4 GB to get dual channel working for extra performance.
Your current memory module is DDR3 (not DDR3L) and so should be the other one. The current one is capable of working at 1600 MHz, but the motherboard limits it to 1333 MHz, so no need to pay extra for more than that (it won't hurt to have a faster one though, you just won't benefit from it but resell value may be higher). Price of such module is about $12 where I live if you're fine with buying used parts.
Regarding Defender, it gets auto-disabled when another AV is installed, so it's either already disabled or you don't have better software that does the same thing.
I really am an expert so I wouldn't let virus and malware go through me
Experts know they can't trust themselves 100%. They use real-time AV scanners, unless they're considered a risk in their model. For most of them they're not. You're not a security professional, so you definitely should be using an AV.
If you have access to the licensing for it, I would suggest trying out the LTSC releases of Windows 10. It ships without a lot of the extra cruft that Windows 10 base and Pro come with.
You will lose access to the Store, and any Store apps; Cortana; the new Edge; and modern apps. It will be stripped down, similar to how Windows 7 acted.
You are severely short on RAM, and no amount of disabling things is going to fix that. 64-bit Windows needs (since at least Windows 7) a minimum of 8 GB to run smoothly, but better yet 16GB. The fact that you have an iGPU is compounding this, because that’s eating a chunk of your RAM as well. The only way to make this system run more reliably is to give it more RAM.
That aside, as far as disabling services, unless:
- You are 100% certain what a service does.
- You are 100% certain that you know you do not need it.
- You are 100% certain that nothing you do need needs it.
Simply don’t disable it. There are too many interdependencies to keep track of, and you will generally not get good support if you’re using a significantly different configuration for enabled services than the default.
As far as features, most can safely be turned off on most systems, but you should do them one at a time and test that nothing breaks. Some software enables certain features on install because it actually needs them, and that may break if you go around disabling them.
As far as the registry and/or GPO, you should not go mucking about there unless you know exactly what you are doing. It’s way too easy to break your system completely, and it’s actually pretty rare that ‘registry issues’ are in fact causing problems (easy test, back up all your user data, wipe the system, and do a clean install, if that runs no better than it wasn’t registry issues, and if it does then you just fixed all your registry issues).
As an aside, this comment:
I don't use any human interface devices
Is false if you are using any USB-connected keyboard, mouse, gamepad, or other input devices, and may be false depending on what other USB devices you use (a lot of things use the HID protocol, even if they aren’t input devices).