Al
The process name of the ALERTER service is Services.exe (that is, the name of the process run after the service is started, you can see the task manager, Figure 11). The function of the ALERTER service is that WinXP transmits the system-related events on the system to the computer or user specified on the network, such as the event, such as a print error or hard disk is about to write, such alert information. The ALERTER Service is collected and sent. Although the service of ALERTER is not the Messenger service, the Alerter service must rely on the latter to send information, so you must determine that Messenger service is also working after starting the Alerter service, and the received computer must also start Messenger service. Since the ALERTER service is running, the service allows the user to send pop-up information to other users, which may be used by attackers to implement attacks, such as tuned users to modify passwords, resulting in security hazards. At the same time, the service allows the user account name to leak, and it is also possible that the attacker is used to make a password guess attack. So for home stand-alone users, this feature is completely disabled even for most small LAN, not only saving system resources and speeding up speed, but also improves machine security. 2.Application Layer Gateway Service
Abbrevite "ALG" (Application Layer Gateway), its process name is ALG.EXE, WinXP Home / Pro default installation start type is manual. ALG is also known as a proxy server (Proxy Server), is a kind of network firewall from the functional surface. When the internal computer is connected to the external host, the proxy server is served as a successor for internal computers and external hosts. The benefits of using ALG are the address of the hidden internal host and prevent external abnormal connections. When the agent is not installed on the proxy server, any packet that belongs to this network service will not be completely unable to pass the firewall. Popular point, specifically to the ALG itself, it is the Internet connection shared / firewall for WinXP, if you need to enable this, this service is necessary. Of course, only one computer online family can consider disabling this service, but the author feels that WinXP's built-in firewall effect is still good. If you don't insist on using a third-party firewall, it is recommended to open it. 3.Application Management
The process name of AppMgmt (Application Management Service) is SVCHOST.EXE. WinXP Home / Pro default installation type is manual, without any dependency service relationship. From Win2000, Microsoft introduced a new, effective software management scheme based on MSI file format (application installation information package file), which is an application management component service, which not only manages software installation, deletion, And you can use this service to modify, repair the existing application, monitor file restoration, and the basic failure by recovery. Usually this service we keep your default state. 4.Automatic Updates
The process name of the WUAUSERV (Automatic Update Service) is SVCHOST.EXE. Winxp Home / Pro default installation is automatically, without any dependent service relationship. This is a systematic automatic update feature that everyone is very familiar (Figure 14), not to say. Remember to use a kitten to internet access to the Internet, remember that it is not enough in system properties, but also disabled Automatic Updates. 5. The process name of Background Intelligent Transfer ServiceBits is SVCHOST.EXE, WinXP Home / Pro default start-up type is manual, dependent on Remote Procedure Call, WorkStation service. Microsoft claims that BITS can use the remaining bandwidth to transfer files. When the network cut or computer needs to be restarted, the background intelligent transfer service will automatically maintain file transfer. When the network is reconnected, the background intelligent transport service will continue to start from the stop. Transfer files. In fact, this service is used to implement information transmission between HTTP 1.1 servers. Basically, its application is to support breakpoints when the Windows is automatically updated. If you disable Automatic Updates, there is no significance of it. 6.clipbook
CLIPSRV (Clipboard Viewer Service) process name is Clipsrv.exe, WinXP Home / Pro default start-up type is manual, depending on the Network DDE service. CLIPBOOK is available through network dynamic data exchange services provided by NetWork DDE and Network DDE DSDM. It can be found in the remote machine, which is the CLIPBOOK VIPBOOK Viewer program that allows the scrapbook to be remote. CLIPBOOK browsing. For example, there is a large document engineering, which is developed by A, B, C, a responsible for the Excel data section, B is responsible for the Visio production section, and C is responsible for integration of two partial documents. C often requires copying of the data of A and B, stupid approach is C to open A, b on the network neighbor, and copy the relevant content. Users who have a certain understanding of the Windows system should have heard of the OLE, the Excel data and the Visio mapping that said above can be considered an independent OLE object. If A, B, and COOK services are Open, you can share these OLE objects using the CLIPBOOK, c Simply establish the link to the OLE object in your own document, point to the EXCEL and VISIO, A, and B. You can automatically reflect. It can be seen that Clipbook is based on object-based sharing, not simple file sharing. So it is also very well understood, this is a double-edged sword, which brings great convenience, and it also brings illegal remote access to the security hidden dangers of the Clipbook scrapbook. This service is completely disabled for users who do not have the above similar work, but not ready to use the remote desktop, this service is completely disabled, and open again when needed. 7.com EVENT SYSTEM
The process name of EventSystem (COM Event System Services) is SVCHOST.EXE, and WinXP Home / Pro default start-up type is manual, depending on the Remote Procedure Call service. For friends who are non-software development, COM is a very difficulty in understanding. Simply mentioning COM is a standard for software components. For example, writing a software is better than covering a house. The door and window and other components will be designed according to the standard to save time and effort, the COM component is the standard components such as Windows doors and windows. COM is further expanded to COM. The specific meaning is here to introduce, the Windows system It is a typical message (event) processing system, and many features are triggered by messages, which produces COM Event System. What we have to learn is how to easily determine if there is a program in your system relying on this service. Check the "Program Files / Complus Applications" directory under your system installation. If there is no thing, you can turn this service. 8.com System ApplicationComsysApp (COM System Application Service) The process name of Dllhost.exe, WinXP Home / Pro default startup type is manual, dependent on the Remote Procedure Call service. Simply put, Com System Application is a specific executor of COM Event System If you disable Com Event System, it is naturally disabled. 9.Computer Browser
The process name of Browser is SVCHOST.EXE. WinXP Home / Pro default start-up type is automatic, dependent on Server and Workstation services. Browser service maintains a list of network resources, including Windows-based domains, workgroups, and computers, and other network devices that support NetBIOS protocols. We see what displayed on "Online Neighbors" is from here ( Figure 15). Obviously, the service used by the general family is not required, unless the computer is located on the LAN, for example, with a friend of the Great Wall Broadband, it is convenient to know the network environment in the community. This service is still careful, if it is not too intended or set to automatic. 10.cryptographic Services
The process name of the CryptsVC (Authentication Service) is SVCHOST.EXE. WinXP Home / Pro default start type is automatically, depending on the Remote Procedure Call service. CryptsVC is the core component of the entire Microsoft Public Key System (PKI, Public Key Infrastructure). The so-called PK is a non-macking encrypting method. It guarantees the security and transmission of data by encryption. It is different from the traditional secret (symmetric) key cryptography. The basic characteristics of the PK cryptography are different and decrypted, each One user two keys, a public key, a private spoon. Open these difficulties, specific to the Cryptsvc itself, if we use Automatic Updates to automatically update in WinXP, or use certificates on the Internet and properly manage these certificates (Figure 16), then this service Do not turn off. This function is most useful that when you install a driver, it is determined that it is certified by Microsoft. Because the driver can get high run permissions in the operating system, drivers containing malicious code will make you finished, and thus develop drivers manufacturers generally do Microsoft certification. After verification, Microsoft will add it in it. The authentication data can be upgraded via the CRYPTSVC when installing on your machine (Figure 17). 11.DHCP ClientDHCP (DHCP Client Service) Process Name is SVCHOST.EXE, WinXP Home / Pro default installation start type is automatic, dependent on AFD Networking Support Environment, NetBIOS over TCP / IP, and TCP / IP Protocol Driver. Simplely said that the DHCP process is a host (DHCP Server) to automatically assign all network parameters to any computer in the network, while the DHCP Client is an object computer assigned network parameters in the network (Figure 18) . If you can automatically assign network parameters such as IP addresses in the network, then this DHCP Client service is essential. For home stand-alone users, as long as you use DSL / Cable Internet, open ICS and IPSec services, you need this to specify static IP, so this service is not closed unless your machine is a complete single-alone application environment. 12.Distributed Link TRACKING Client
The process name of TRKWKS (Distributed Connection Client Services) is SVCHOST.EXE, WinXP Home / Pro default installation start-up type is automatic, dependent on Remote Procedure Call service. Those who have a certain understanding of the computer is not strange to "distributed" words, which is not explained here. TRKWKS service is simply that the entire network is scattered on each computer, which is connected to each other as a whole, equivalent to a file system on a machine, so when there is a file movement within the system, this information will be recorded. . It is a "distributed connection" for "NTFS file" of "domain users". These three conditions are missing. You cannot use it. For single-machine users who are not in the LAN, it is of course disabled. 13.Distributed Transaction Coordinator
The process name of the MSDTC (Distributed Transaction Coordinator) is MSDTC.exe, WinXP Home / Pro default start type is manual, dependent on Remote Procedure Call and Security Accounts Manager service. MSDTC is mainly used to handle distributed transactions, so-called distributed transactions are transactions within a single SQL Server across two or more databases. Transactions between different datasters in the same database, it is not possible to refer to distributed transactions. Obviously, this service is significant for users who need to handle multiple databases or file systems, but it is also a service that is usually unused in general users, usually by default, it is easy to start, in fact, this service is easy It is not a problem with remote denial of service attacks, and there is no problem with it, and safer. 14.DNS ClientDnscache (DNS Client Service) The process name is SVCHOST.EXE, WinXP Home / Pro default installation start type is automatic, dependent on TCP / IP Protocol Driver service. DNS (Domain Name System) is also a common noun. Simple explanation is to type the website of the website when using a web browser to go online, and these URL names are in the Internet is through the domain name server (DNS server). The completion name is converted to an interpretation of the IP address. In fact, some websites are not only one server work, but there are multiple servers work at the same time, that is, the same website name address can correspond to different IP addresses (this inquiry in Win2000 operating system, Figure 19). However, if you change the operating system to Win2000 or XP, the same website will always find the same IP address. Why is this so? This is the role of the DNS Client service. In order to achieve the fastest and most efficient way, let the client quickly find the authentication service of the domain, in the Win2000 / XP system, add DNS and cache, when the first is found After the IP address of the destination host, the operating system will record the names and IP addresses in this unit in the DNS cache buffer of this unit. When the next client needs to query, you will need to query the DNS server. And directly using the data in this machine DNS Cache, so the result of your query is always the same IP address. This service is closed or not, the impact is not big, and it is only possible to leak your cache content, and determine the website you have visited. 15. Error Reporting Service
ERSVC (Error Reporting Service) The process name of SVCHOST.exe, WinXP Home / Pro default start type is automatic, dependent on the Remote Procedure Call service. This service we often touched. When using the program error, you will jump out of the dialog and ask if you need to send a report to Microsoft, which is the function of this service. This service can be fully set to manually or disabled. If you want to make a more detailed settings for the error report, right-click My Computer icon, select "Properties", click the "Error Report" button under Advanced Tab, where you can decide whether to send an error Report and how to send what error report (Figure 20). For users without Internet access, they can directly disable this service. If the Internet users are worried about reporting to Microsoft, you can leakely your private information (of course Microsoft does not happen this), and it can be disabled.
16.Event log
EventLog's process names are Services.exe, WinXP Home / Pro default installation start-up types are automatic, without service dependencies. EVENT LOG services are responsible for logging management event messages from systems and running programs, providing a standard and concentrated approach to Windows and applications to record important software and hardware events. Opening the event viewer is to open the Start → Control Panel, then select Open Administrative Tools → Event Viewer (Figure 21). This service is the basic service and cannot be adjusted. 17.Fast User Switch CompatibilityFast User Switch Compatibility process name is SVCHOST.EXE, WinXP Home / Pro default start-up type is manual, depending on the Terminal Services service. This service is WinXP's new technology, that is, a fast multi-user switching environment. Solved the previous multi-user environment although security but the user environment needs to be restarted and the problem of the previous user work environment is lost. It is very simple to use, as long as the "start → logout → switch user" operation can easily switch the user environment (Figure 22), it is a very good multi-user technology. If you don't have multiple user environments, you don't have to open it (the default after joining the domain) Fast switching is not available, of course, can be disabled). 18.FAX Service
Fax (Fax Service) process name is FXSSVC.EXE, default is un installed in WinXP Home / Pro, depending on Plug and Play, Print Spooler, Remote Procedure Call, Telephony service. FAX services are not installed by default, but if you install it, you can do "Start → All Programs → Accessories → Communication → Fax", using WinXP built-in fax service to send and receive faxes (Figure 23), of course You have to ensure that your machine keeps a kitten. Unwanted people are disabled. 19.help and support
The process name of the Helpsvc (Help Service) is SVCHOST.EXE. The launch type of default installation in Winxp Home / Pro is automatic, dependent Remote Procedure Call service. This service is used to support the WinXP help and support center (Figure 24), if you start using WinXP, this help center can solve a lot of problems, if you don't need it, then disable it. 20.Human Interface Device Access
The process name of HidServ (User-friendly Interface Device Services) is SVCHOST.EXE. The launch type of default installation in WinXP Home / Pro is disabled and relies on the Remote Procedure Call service. This service is simple to support those so-called multimedia smart keyboards, such as volume adjustment. Of course, you have equipment that meet ergonomic standards (mainly referring to keyboards and mice), then this service is set to automatic, otherwise some of these devices will not be used normally. And if you don't have such a device or your device has your own driver, you can disable this service. 21. IMAPI CD-Burning COM Service
The process name of the IMAPIService is imapi.exe. The launch type of default installation in WinXP Home / Pro is manual, without any service dependencies. This is the built-in CD burning service built in WinXP (Figure 25), and the magazine 2003 has been introduced more detailed introduction. In general, the service and performance of the service are very limited, and friends with recorders are still installing mature third-party burning software, shutting down this service. 22. The process name of 22.indexing ServiceCISVC (Index Service) is CISVC.EXE. The launch type of default installation in WinXP Home / Pro is manual, dependent on the Remote Procedure Call service. This service can be indexed for files on the local and remote computers, which means like the query index prepared for books like the library, so that the speed of finding files (Fig. 26). Opening this service is a big help for personal users, that is, file browsing speed (ie, the waiting time after dual-click the folder) will increase significantly, because the system has read the directory structure into memory, it will be directly transfer. But after this service is enabled, this situation will cause the system to extremely busy, through the task manager, you can see that Cidaemon.exe occupies most of the CPU resources. Therefore, treat this immature service Please set it to "Auto" or "Disable" according to the situation of your machine. 23. Internet Connection FireWall / Internet Connection Sharing
The process name of SharedAccess (Internet Connection Sharing and Firewall Services) is SVCHOST.EXE. The default installation of default installation in WinXP Home / Pro is manual and automatic, dependent on Application Layer Gateway Service, Network Connections, Network Location Awareness, Remote Access Connection Manager service. This service provides a WinXP built-in Internet connection sharing and firewall function (Figure 27). The author likes these two functions, the performance is good and convenient, the specific closure does not look at personal preferences, you can close it without use. 24.ipsec Services
The process name of PolicyAgent is LSAss.exe, the default installation of default installation in WinXP Home / Pro is automatic, dependent on IPsec Driver, Remote Procedure Call, TCP / IP Protocol Driver. IPsec is an important defense method for protecting internal network, private network, and external network (Internet, EXTRAN) from attacking, mainly in that it can encrypt and authenticate all IP levels, is this IPsec ensures a safe of a variety of applications including remote login, client / servers, email, file transfer, and web access. This service is very important because companies and government users pay attention to deployment of security IPs. It can also be seen that for most users, this is something that doesn't have to care. So disable it. 25.Logical Disk Manager
The process name of the DMServer service is svchost.exe. The default installation of default installation in WinXP Home / Pro is manual and automatically, depending on the PLUG AND PLAY, Remote Procedure Call service. DMServer is used to dynamically manage disks, such as disks disk accessibility, using the disk management function in the Microsoft Management Console (MMC) host. This service is essential for friends who often use mobile hard drives, USB flash drives, and no words can be disabled. 26.Logical Disk Manager Administrative Service DiskMADMIN process name is SVCHOST.EXE, the default installation of default installation in WinXP Home / Pro is manual and automatic, dependent on Logical Disk Manager, Plug and Play, Remote Procedure Call service. Dmadmin is mainly used to configure hard disk information, and it is basically useless. When you open "Computer Management" (Microsoft Management Console, you can see "Disk Management", then use it (Figure 28), can be manually. 27.Messenger
Messenger's process name is Services.exe, the default installation of default installation in WinXP Home / Pro Relying on NetBIOS Interface, Plug and Play, Remote Procedure Call, WorkStation service. Messenger's personnel should be more familiar. Original Microsoft Development "Message Service" is to facilitate information exchange in the same domain, and later some people have developed a metrical transmission tool for breakthrough domain restrictions, so everyone hangs Online, a dialog named "Imparts" is often popped up, these do not request "letter" basically some garbage letter make information, boring advertisements, illegal information, etc. Usually this information is published in some software named "Murder Baby Letter", "Hair", but in fact, if it is in the same domain, you only need to use the NET Send command to easily send messages (Figure 29). Suddenly "letter" not only interferes with work, affects the mood, but also it is easy to attack "social engineering", so disabled it. 28.ms Software Shadow Copy Provider
The process name of the SWPRV (Managing Disk Area Volume Shadow Copy Service) is DLLHOST.EXE. The launch type of default installation in WinXP Home / Pro is manual, dependent on the Remote Procedure Call service. This service is supported for the MS Backup backup program in WinXP (Figure 30), strange that even if it turns off its backup work, it can be done smoothly. If you don't want it, you can disable it. 29.Net Logon
The process name of Netlogon (domain login service) is LSAss.exe, and the default installation of default installation in WinXP Home / Pro is manual and automatic, depending on the WorkStation service. This service is used to do domain review. When your computer is in a domain network, if you want to log in to the domain network using the domain server in the network, you will log in. General users can not be used, disabled. 30.NetMeeting Remote Desktop Sharing
The process name of MnMsrvc (Netmeeting Remote Desktop Sharing Service) is MnMsrvc.exe. The launch type of default installation in WinXP Home / Pro is manual, dependent on the Remote Procedure Call service. With NetMeeting, you can share your computer's internal network to other users on the LAN or in the Internet (Figure 31), and many people turn off it because of security issues. But if you want to do some non-text communication, it is more fun. Note that the remote desktop sharing feature will not be able to use the 31.Network ConnectionsNetman (Network Connection Service) process name is SVCHOST.EXE, WinXP Home / Pro default installation start-up type is manual, depending on the Remote Procedure Call service. Netman is also a very important basic service, which manages all objects in the Network and Dial-up Connections folders, any connection with the network (local area network, Internet) requires this service (Figure 32). If you are disabled, you will not see anything in the Network and Dial Connections folder, you don't have to say new connection and dial-up. Therefore, unless your machine is an absolute stand-alone environment, it can be closed.
32.Network DDE
The process name of the NetDDE (Network Dynamic Data Exchange Service) is NetDe.exe. Winxp Home / Pro default start-up type is manual, depending on the Network DDE DSDM service. NetDDE (NetWork Dynamic Data Exchange) is a method of Microsoft's early design that exchanges dynamic data between Windows on different PCs and is now rarely used. In actually in WinXP, only the CLIPBook service that is really used, reviewing the three people mentioned in the previous phase jointly develop documentation, and the example of exchanging dynamic data through clipbook can be well understood. Data sharing services are typically a trusted communication channel. It is responsible for managing this service. Network DDE Agent, actually network DD. Rations to make the machine very easily attacked and lost this organizer control . So if you don't need CLIPBOOK to share this special service, disable it.
33.Network DDE DSDM
The process name of NetDDE DSDM (Network Data Exchange Network Sharing) is NetDe.exe, WinXP Home / Pro default installation start type is manual, it does not rely on other services. If this service is terminated, the Network DDE service will not be available. If you don't have to use NetWork DDE, then Network DDE DSDM is also disabled.
34.Network location awareness
The process name of the NLA (Network Location Identification Service) is SVCHOST.EXE. The startup type for Winxp Home / Pro default is manual, depending on the AFD network support environment and TCP / IP Protocol Driver service, and ICF / ICS service depends on it. NLA can detect information about the network system and notify the related application when this information changes. Basically, this service is mainly targeted by a laptop. Because in actual work and life, people's laptops are often used in more than one network environment. It is often possible to experience the use of dynamic IP addresses in a network, and the problem of using a static IP address is required in another network. For example, if you use dynamic IP in the office, but use static IP at home to connect broadband, then NLA can automatically identify different network environments when switching between home and unit network (wired), so that automatically Select the appropriate configuration without re-adjusting the network parameters (Figure 33). This is really a good feature for people who often move their office. 35.NT LM Security Support Provider
The process name of NTLMSSP (NT LM Security Support Provider Services) is LSAss.exe, WinXP Home / Pro default start-up type is manual, it does not rely on other services. NT LM means NT LANMANGER, is one of the authentication methods provided under NT, using 64-bit encryption methods. NTLMSSP This service is mainly for RPC (remote procedure call), usually RPC can choose from-to-communication mode, one is a transmission protocol, such as TCP / IP, UDP, IPX, etc., the other is a nomenclature. Typically, Windows default selection is a transport protocol, and because RPC is non-encrypted transmission, communication data security cannot be guaranteed, while NTLMSSP can provide security services to this class RPC. Such RPC applications known in WinXP are Telnet services (Telnet also depends on NTLMSSP), so there is no need for a single-machine user who requires Telnet services to close NTLMSSP. 36.Performance Logs and Alerts
The process name of SysmonLog (Efficacy Record Log and Warning Services) is SMLogsvc.exe, WinXP Home / Pro default installation start type is manual, it does not have any service dependencies. If you open the management tool for the control panel, you can see the tool with "Performance", which reflects the system's performance in detail, but it is quite complicated, it is not good to do, and most people will think that this performance tool does not make sense. (Fig. 34).
SysmonLog is a service that provides logging for it. If you are more concerned about your own machine, this is definitely a tool worth studying because it can strictly monitor hard drives, memory, CPUs, even the software running in the system, and analyzes machine hardware and software by log data The specific situation of resources. More useful, if you compare the settings of this parameter, you can set the appropriate counter value for each resource. Once the service monitoring of the resource exceeds or below this value, warning will be issued through the Messenger service. It is easy to understand that some of the resources of the machine (if you upgrade your computer, you can take it away from here) or have a malfunction. Of course, users who don't care about the specific work of their machines can also close it.
37.plug and play
The process name of PLUGPLAY is Services.exe, WinXP Home / Pro default installation start type is automatic, it does not rely on any service. This service must be quite familiar with it, starting from Win98, this technology is always part of the Microsoft operating system. Plug and play is a set of specification for Intel development, which gives the computer to automatically detect and configure the power of the device and install the corresponding driver. When the device is changed, it can automatically notify the current device's condition and use the device. . PlugPlay is one of the few basic services of WinXP, which cannot be adjusted in the service management tool, and if this service fails, only the restart machine is restarted (Figure 35). 38.Portable Media Serial Number Service
The process name of WMDMPMSP (portable media serial number service) is SVCHOST.EXE. Winxp Home / Pro default installation is automatically, it does not have any service dependencies. This service is actually very simple, it is one of the tools for Microsoft to prevent theft version, but it is basically only for music. Microsoft uses it to get the serial number of the media player in your system, what to do? In fact, it is attempting to control your pirated music file to a portable player similar to MP3, MD. Although Microsoft claims that this service will affect the download of genuine music to the portable player, but the author is turned off this service, one is not much affected, at least the genuine CD copy to MP3 is no problem, the second is Microsoft It's too much to sprout, what do we use to report it?
39.Print Spooler
The process name of Spooler is Spoolsv.exe, and WinXP Home / Pro default installation is automatically, dependent on Remote Procedure Call. Spooler is to improve file printing efficiency, save and manage multiple requests printing documents, first copy files to be printed to memory, and then send data to printer processing after the printer is idle. This is faster than the speed. It is recommended to set it to manually, and open it when there is a print job. If no printer is naturally disabled.
40.Protaced Storage
The process name of ProtectedStorage (protected storage area service) is LSAss.exe, WinXP Home / Pro default installation start-up type is automatic, dependent on Remote Procedure Call. This service provides features such as sensitive data protection, such as passwords, certificates, etc., but usually it only protects Windows own sensitive data, which can be used to store passwords on your computer. Usually the Internet users prefer to open this service, after all, like automatic filiving these features give people a lot of convenience. But if your computer is a multi-user environment, or uses a laptop, often mobile office, then this service should be cautious. Many password crack software is for this protectedStorage, more famous with protected storage passview (Figure 36), using it to easily get the account password, dial password, etc. you have been stored in protectedStorage. Therefore, it is better to be closed for this service to use the environment, and in an unsafe environment is also closed. 41.QoS RSVP
The process name of RSVP (QoS License Control Service) is RSVP.exe, WinXP Home / Pro default start-up type is manual, dependent on AFD Networking Support Environment, Remote Procedure Call, TCP / IP Protocol Driver service. This is Microsoft's service that is controversial to occupy 20% network bandwidth. For most friends, turn off it is simple and correct. But to understand what this service is dry, it is not so simple. QoS means that Quality of Service, and RSVP's meaning is the resource reservation protocol ("RSERVATION Protocol). With the development of IP technology and network, operators from all over the world have developed a variety of new business based on IP networks. Since the Internet (IPv4 standard) currently based on the storage forwarding mechanism is only available to the user, "Best-Effort" is available only, the real-time, integrity, and the sequentiality, integrity, and arrival of the data package transmission cannot be guaranteed. Real-time multimedia service quality (QoS), so primarily in file transfer and email services. With the rapid development of the Internet, people are getting bigger and bigger to transmit multimedia information on the Internet, which requires the network to distribute and scheduling resources according to the user's requirements, and the traditional "trust" forwarding mechanism is no longer satisfied. User requirements. In order to solve this problem, the United States has begun to improve Internet service quality and NGI (next-generation internet) research projects at the end of 1996. The relevant authoritative organization IETF (Internet Engineering Task Force) also established a special working group to study the definition and related standards of multimedia service quality. IETF proposes a variety of service models and mechanisms in QoS in IP network, where the integrated business model (Int-serv) introduces an important network control protocol RSVP (resource reservation agreement), this model is "in order Provide special QoS to specific customer packages, requiring the router to be able to reserve resources. In turn, it requires status information with specific streams in the router. " It can be seen that this model can provide absolutely guaranteed QoS, which is actually higher for resources as the resource, and the requirements for resources are actually higher. Therefore, there is not enough network bandwidth for the QoS RSVP service in WinXP, which is not surprising, because the personal application is almost meaningless, disabled it is not bilateral choice.
42.Remote Access Auto Connection Manager
The process name of Rasauto (Remote Access Auto Online Administrator Service) is SVCHOST.EXE. WinXP Home / Pro default start-up type is manual, dependent on Remote Access Connection Manager, Telephony service. Rasauto is mainly for broadband use when there is a network connection request, which will automatically open the network connection. We often pop up an automatic dial window when using WinXP, which is working. If your machine provides a network sharing service, it will drive it to avoid the network to connect, otherwise it will be closed.
43.Remote Access Connection Manager
The process name of the Rasman (Remote Access Online Administrator Service) is SVCHOST.EXE, WinXP Home / Pro default installation start type is manual, dependent on the Telephony service, is a simple description is "Create Network Connection", this explanation is simple, so Use this service according to your own system. 44. Remote Desktop Help Session Manager
The process name of RDSSSMGR (Remote Desktop Assistance) is sessmgr.exe, WinXP Home / Pro default start-up type is manual, depending on the Remote Procedure Call service. This is a service similar to Netmeeting Remote Desktop Sharing. Mouse click "Start → All Programs → Accessories → Communication → Remote Desktop Connections" (Figure 37) can open a remote desktop function, while RDSESSMGR is supported for it. Microsoft's original intention is to make remote help, the cost is sacrificing safety and 4MB of memory, and it must be closed when it is not required.
45.Remote Procedure Call
The process name of the RPCSS (Remote Process Call Service) is SVCHOST.EXE. Winxp Home / Pro default installation is automatic. Too many services rely on this service, recently "shock wave" is rampant, I am afraid everyone has this impression on RPC. It is the original version of the remote process call. It is a function-level communication protocol defined by companies such as IBM, Sun and other companies. Subsequently by Microsoft Adopt, but made changes, called MRPC. In general, RPC is a message delivery function. The last phase said that the Windows system is a typical message (event) processing system, so RPC is self-evident for the importance of the system. Since the internal structure of the Windows is quite complicated, it is difficult to figure out which modules are using RPC which is not used. In fact, you can get rid of it, the system may crash. So this service is also unable to disable. 46.Remote Procedure Call (RPC) Locator
The process name of RPCLocator (Remote Process Call Location Service) is LOCATOR.exe, WinXP Home / Pro default start-up type is manual, depending on the Workstation service. This service and the above RPC service have not much relationships, which is used to naming the RPC. Its use is a simple explanation that the caller can find the location of the caller by its naming management of the RPC. However, due to the existence of Microsoft System registry, these naming services are meaningless on the calls on this machine. Therefore, it is completely shut down for the general user.
47.Remote Registry
The process name of the RemoteRegistry is SVCHOST.EXE, which is not available under WinXP HOME. The default installation of the default installation under WinXP Pro is automatically dependent on the Remote Procedure Call service. This service opens your registry to other connectable machines, Microsoft always makes this obvious service automatic startup service automatic start. However, if you have this special needs, you can try it. Open the registry editor regedit, find the "Connect Network Registration" in the File menu bar, let you open the registry on other machines (Figure 38). Of course, the RemoteRegistry on the machine must also be open, and some of the corresponding permissions for your computer must also be open.
48. Removable Storage
The process name of NTMSSVC (Removal Storage Device Services) is svchost.exe, where default installations under WinXP Home / Pro are manual, depending on the Remote Procedure Call service. The name of this service is too easy to misunderstand. In fact it is just the management of special removable memory, such as zip floppy drives and tape drives, don't worry about your CD and DVD. Users engaged in image design often exchange files with Apple machines. The average person may rarely use these special devices, so it can be closed. 49.ROUTING AND Remote Access
The process name of the RemoteAccess (Route and Remote Access Service) is SVCHOST.EXE, default installation in WinXP Home / Pro is disabled and manual, depending on NetBiosGroup, Remote Procedure Call service. Routing and Remote Access is a soft route, that is, by running routing software on a computer connected to a plurality of networks to achieve a method of network routing, it is very convenient for the hardware route. WinXP also integrates this feature to the system, but maybe less people know where to configure routing, the main reason is that this service defaults to shut down. First, start this service, a "incoming connection" in the network connection folder (Figure 39), it is worth noting that attribute "Internet Protocol (TCP / IP) at the VPN connection (incoming connection) The TCP / IP address is usually specified (generally must be a legal address). Interested friends can continue to study themselves, and most friends who don't need it directly disabled.
50. Secondary Logon
The process name of Seclogon is SVCHOST.exe, default installation of the default installation under WinXP Home / Pro is automatic, without any service dependency. This service corresponds to the user's temporary permission allocation function, and some users can not be executed because of the non-administrator privileges in a computer used by the multi-user. In order to let the logged in user without administrator privileges can use these programs, WinXP design this feature to assign temporary administrator privileges. After opening this service, right-click the mouse to select "Run Way" will appear the dialog box, let you select the user identity of this program (Figure 40). For administrators in multi-user environments, this is indeed convenient, but it is still useful as a price as a price, is particularly useless and dangerous for laptop users of single environment! So you have to use it with caution. 51. Structure Accounts Manager
The process name of the SAMSS (Safe Account Management Service) is LSAss.exe, default installation in WinXP Home / Pro is automatic, depending on the Remote Procedure Call service. Users familiar with the WinXP startup process know the importance of the SAM file, SAMSS is a service responsible for the control and maintenance of the SAM database. The SAM database is located under the registry "HKLM / SAM / SAM", and the registry editor can be opened using regedit32.exe and set the appropriate permissions to view the contents in the SAM (Fig. 41). In the SAM file in the "System Duty / Windows / System32 / Config" directory on the disk, the SAM file is also included in this directory, which includes a security file, which is the content of the secure database, and there are many relationships. The SAM database contains information about all groups and accounts in the system. When WinXP starts, you need to read such a username, a full name, a group, a description, a description, and whether you can change your password, password setting time. This is also one of several basic services in the system. If the service starts failed, the system is only restarted. 52. Server
The process name of LanmanServer is SVCHOST.EXE, where default installations under WinXP Home / Pro are automatic. The Server service corresponds to the file / print machine sharing on the network, and the network mapping sharing function of the network (Figure 42). You can turn off it without these aspects.
53.Shell Hardware Detection
The process name of the shellhwdetection is svchost.exe, default installation in WinXP Home / Pro is automatic, dependent on the Remote Procedure Call service. It is unknown for this service Microsoft, and has not given a detailed hardware description or list, but according to the test of many people on the network, this service is mainly related to the hardware with automatic run (play) function, such as digital cameras, CD -ROM, etc. Through this service, when these hardware is connected to the system or placed in the corresponding medium, WinXP can automatically detect and make corresponding actions. More and more peripherals are now, don't grasp it or easily close it.
54.SMART Card
The process name of ScardsVR (Smart Card Services) is scardsvr.exe, default installation in WinXP Home / Pro is manual, depending on the PLUG AND PLAY service. Smart Card is the same as the general credit card size, but after a nail size IC chip, the original common card becomes the ability to have information control and logical operations. Smart cards include financial cards, GSM cards, etc., compared to our generally used telephone IC card, the internal IC line design is different. Since the card itself has a CPU function, ROM, EEPROM, RAM and other components, the smart card is like a portable ultra-microcomputer, which can be used to store and process important information. In terms of security, the smart card has a self-destruction system, and it is very difficult to steal the information on your card. If you have a smart card and related card reader, you will be disabled.
55.Smart Card Helper
The process name of ScardDRV (Smart Card Assistance Services) is scardsvr.exe, where default installed in WinXP Home / Pro is manual, it does not have any service dependencies. As long as there is no related device, it is disabled. 56.SSDP Discovery Service
The process name of the SSDPSRV (Discovery Service of the Easy Service Discovery Agreement) is SVCHOST.EXE, where default installations in WinXP HOME / Pro are manual. SSDPSRV is mainly used for search for LAN UPNP (Universal Plug and Play, Unified Plug and Play) devices. UPnP is different from our usual familiar PNP, UPNP technology PNP is expanded, simplifies the networking process of smart devices in the family or enterprise. The UPnP specification is based on TCP / IP protocols and other Internet protocols developed by communication between the devices. This is why it is called "universal" --- UPNP technology does not depend on a specific device driver, but Use standard protocols. Compared with Plug and Play, this technique is to easily enable family-like non-professional users to enjoy the more comfortable and perfect life brought by intelligent technology, for example, is UPnP to make it possible to surf online. The refrigerator is possible. UPNP is a newer protocol, nor is it very mature, and the corresponding device is very rare in the market. The popular Linksys Befsr41W wireless router popular in the market is an example of this. For most friends who have now used such devices, shut down this service. 57.System Event Notification
The process name of the SENS (System Event Notification Service) is SVCHOST.EXE, default the launch type of default installation under WinXP Home / Pro, depending on the COM Event System service. Its brief description is "Tracking system events, such as logging in to Windows, network, and power events. These events notified these events" Subscriber '"". This has been clearly explained in the content of the service. Although some people think that this service is irrelevant, it is in fact whether the system needs it depends on what you have installed in the system, and many applications are running through SENS, so it is recommended to turn it automatically.
58.System Restore Service
The process name of SRSERVICE (System Restore Service) is SVCHOST.EXE, default installation in WinXP Home / Pro is automatic, depending on Remote Procedure Call service. This is a very familiar system restore function (Figure 43), if not, first restore the tab in the "My Computer" property, and then disable the service here.
59.Task Scheduler
The process name of the Schedule is SVCHOST.EXE, default installation of default installation under WinXP Home / Pro, depends on the Remote Procedure Call service. This service supports WinXP's planned task, which allows the program to automatically run at a predetermined time, such as regular disk defragmentation, virus scan, update, etc., can choose whether to open according to your needs.
60.TCP / IP NetBIOS Helper
The process name of LMHOSTS (TCP / IP NetBIOS Assistant) is SVCHOST.EXE. The default installation of default installation under WinXP HOME / Pro is automatically, depending on the AFD network support environment, NetBIOS over TCP / IP service. This service can provide NetBIOS support on TCP / IP. Everyone should be more familiar with TCP / IP. Relatively NetBIOS Network Agreement may be more unfamiliar to readers, it is an old agreement developed by IBM, which is dominated on the LAN. Since NetBIOS does not have routing function, it is said that its packet cannot be transmitted across network segments, so in a wide area network, the metropolitan network has a road today, it can only retreat. In fact, NetBIOS still retained in the WIN95 / 9 network agreement, but it has changed its name to NetBeui (NetBIOS extended user interface), which is a Microsoft Improvement version of Netbios. Since NetBIOS is completely LAN, the general user as an access Internet resource can disable it unless your system is in a small LAN, and it is also the NetBIOS protocol. 61.TELEPHONYTAPISRV (telephone service) process name is SVCHOST.EXE, default installation in WinXP Home / Pro is manual, dependent on Plug and Play, Remote Procedure Call service. Simply said that this service can provide telephone dialing for computers. If you use any form of dial, no matter whether you connect to the Internet with a dial-up modem or DSL / Cable, or connect other computers through the telephone line, or call your computer IP phone, send a fax, etc., you need to keep this service, reverse You can turn off it.
62.Telnet
TapsRV (Remote Logging Service) The process name is TLNTSVR.EXE, not available under WinXP HOME, default installation in WinXP Pro is manual, dependent on NT LM Security Support Provider, Remote Procedure Call, TCP / IP Protocol Driver service. This is a service name that is easy to be misunderstood. The average person will mistakenly think that this is the Telnet under DOS. After it is closed, BBS cannot be used. In fact, it has nothing to do with BBS, which is completely Microsoft's own Telnet system. Although the principle of the two is not large, let the user log in to the way to the Internet, and the personal computer is as if it is successful. It is a terminal of the remote computer, which can enter a command like the use of its own computer, run the program in the remote computer. Based on security reasons, this service must turn off the disable if there is no special demand.
63.Terminal Services
The process name of Termservice is SVCHOST.EXE, default the startup type installed under WinXP Home / Pro is manual, depending on the Remote Procedure Call service. Its brief description is "Allow multiple users to connect and control a machine, and display desktops and applications on remote computers. This is a remote desktop (including administrator remote desktop), fast user conversion, remote assistance and terminal server The infrastructure. This description has explained the use of the service very clear, it is necessary to emphasize that these convenience is at the expense of security, if it is not necessary to turn off.
64.Themes
The process name of Themes is SVCHOST.EXE. The default installation of default installation under WinXP Home / Pro is automatic and there is no service dependency. Many people like to use XP's set topics (Figure 44), but if the user is not used, it is closed. 65.unInterruptible Power Supply
The process name of the UPS (UPS Power Management Service) is UPS.exe, default the start-up type of default installation under WinXP Home / Pro is manual, no service dependence. Its brief description is "Managing Uninterruptible Power Supply (UPS) connected to the computer, which is also very well understood, UPS (uninterruptible power supply) general users are very useful, unless your power supply has this function, otherwise shut down. 66.Universal Plug and Play Device Host
The process name of the UPNPHOST (Uniform Plug-Play Drive Host Service) is SVCHOST.EXE, default the startup type installed under WinXP Home / Pro is manual, depending on the SSDP Discovery Service service. It is inheritance relationship with SSDP Discovery Service, the latter search discovers the UPNP device, and UPNPHOST provides driver support for UPnP devices. Of course, it is usually closed.
67.upload manager
UploadMgr's process name is SVCHOST.EXE, default installation of default installation under WinXP Home / Pro, is automatically, depending on the Remote Procedure Call service. The specific effect of this service is unknown. If it is closed, the online upload download in the actual use is not affected, maybe it is related to Microsoft's servers and related services? Please close as needed.
68.Volume Shadow Copy
The process name of the VSS (Upload Management Service) is Vssvc.exe, where default installation in WinXP Home / Pro is manual, dependent on the Remote Procedure Call service. Its brief description is "Managing and executes volume copy replication for backup and other purposes", which is still related to WinXP backup, which is closed by default, and does not affect the backup on the author's machine, The specific application is the mysterious mystery.
69.WebClient
The process name of the WebClient (web client service) is SVCHOST.EXE, default installation in WinXP Home / Pro is auto-dependent, depending on the WebDAV Client Redirector system component. Using WebDAV to upload files or data clips to a web service, this service is greater for future .NET meaning. Based on security, now you can try to close it.
70.Windows Audio
The process name of AUDIOSRV (Windows Audio Services) is svchost.exe, where default installations under WinXP Home / Pro are automatic, dependent on Plug and Play, Remote Procedure Call service. Understanding this service is simple, if your machine has no sound card, you can close it. 71.Windows Image Acquisition (WIA)
The process name of STISVC (Windows Image Acquisition Service) is SVCHOST.EXE, default, where default installed under WinXP Home / Pro is manual, depending on the Remote Procedure Call service. This service is supported for the "Scanner and Camera" function in the control panel (Figure 45). With this feature, the user can easily operate the scanner and digital camera easily after installing the relevant management software after installing the device driver. Users who don't need to turn off it. 72.Windows Installer
The process name of MSIServer (Windows Installation Services) is MSIExec.exe, default, where default installation under WinXP Home / Pro is manual, depending on the Remote Procedure Call service. This service is basically the same as Application Management services. From the explanation of Microsoft, the Windows Installer service should be the most direct executor of the .msi file. It is also surprising that this service is closed by the default, it can be. MSI file installation, fix, or delete is normal, like the backup tool, what role is played in the system, how to work, only Microsoft engineers I only know.
73.Windows Time
The process name of W32Time (Windows Time Service) is SVCHOST.exe, default the start type of default installation under WinXP Home / Pro is automatic, it has no service dependency. This service corresponds to WinXP's Internet pair service (Figure 46), if you don't need to be closed.
74.Windows Management Instrumentation (WMI)
The process name of Winmgmt (Windows Management Specification Service) is SVCHOST.exe, default installation in WinXP Home / Pro is automatic, dependent on Event Log, Remote Procedure Call service. WMI is the basic management structure in Windows, which controls and monitors the system through a set of common interfaces (such as views and changes to the system properties, setting user permissions, etc.). WMI provides a unified mechanism for accessing a large number of Windows management data. WMI provides access to information via script, C program interface, .NET class (system management), and command line tool (WMIC). WMI features include events, remote, query, viewing, planning, and implementation of user extensions and more. All in all, although it can be turned off in service management tools, it is best not to move it, otherwise there will be many inexplicable problems.
75.Windows Management Instrument DRIVER EXTENSIONS
The process name of WMI (Windows Management Specification Drive Extension) is svchost.exe, not available under WinXP HOME, the default installation of default installation under WinXP Pro is manual, there is no service dependency. Microsoft's white paper introduces that the service is an extension as a WMI service in the driver. It is simply that mainly is to make the system easily know the OEMS (Original Equipment Manufacturers) and IHVS (Independent Hardware Vendors) and other hardware vendors. hardware information. But people are strange, why is it not available under WinXP HOME? 76.Wireless Zero Configuration
The process name of WZCSVC (Wireless Configuration Service) is SVCHOST.exe, default installation of default installation under WinXP Home / Pro, depending on NDIS UserMode I / O Protocol Components, Remote Procedure Call service. Its brief description is "Automatic configuration for your 802.11 adapter." 802.11 is a well-known wireless local area network protocol standard, which has accounted for an advantage in the market. Of course, 802.11 protocols, Bluetooth standards and Homerf industry standards are the main competitors in all standards of WLAN, and they also have advantages and disadvantages. However, 802.11b wireless local area network technology has been widely used in the United States, so Microsoft's WinXP built-in service support is not surprising. If you don't use a wireless network adapter card device, you can turn off the service. 77.WMI Performance Adapter
The process name of the WMIAPSRV (WMI Performance Adapter Service) is WMIAPSRV.EXE. The launch type of default installation under WinXP Home / Pro is manual, depending on the Remote Procedure Call service. This service provides performance library information obtained from the WMI HiPerf provider, which needs to be manually configured and does not implement in the default. This service is too professional, it is impossible to explain, it is best to maintain its default state for ordinary users.
78.WorkStation
The process name of LANMANWORKSTATION is SVCHOST.exe, where default installation in WinXP Home / Pro is automatic, it does not rely on other services, but there are many services depend on it (Figure 47). This service is also based on the basic service, please keep its default state not to close.