What services should be turned off/general speed up tips.

[Bluebird]

Hello

I been trying to make my Windows Server 2008 R2 as fast as possible.

I know there are some services that may be useless but I’m not sure if they should be turned off as they may be needed.

I use my Windows with Avast and Comodo Firewall.
Windows Firewall is off expect for public firewall(network firewall yes?).
I turned this off, but one day it just came back on so I should leave it as I thought it may be needed on for security.

I use the internet by a router which is connected to other computers, so I need network services(so I can share files).

Heres my services list.
http://s1.postimage.org/4v9kp0m1l/services.jpg
See anything useless?

What other tips do you have to speed up the computer?
I keep the computer very clean and only use a standard account.

Thanks.

[halladayrules]

I strongly recommend you perform a boot optimization on your R2 machine. It has yielded me a 20 second boot time on my Intel Core 2 Quad Q6600 machine with 8GB of RAM, and a 250GB 7200RPM drive along with the services tweak I use below.

Boot Optimization + my services tweaked below = 20 second boot

Here is how to enable boot optimization on your R2 machine.

[youtube:2ofc10za]http://www.youtube.com/watch?v=LQJQT_kmbXA[/youtube:2ofc10za]

My recommended services to tweak:

Certificate Propagation – Handles certificates of Smart Card readers. If you do not have a smart card reader then this service can be safely disabled.

Credential Manager – This is a “single sign-on” feature of Windows that allows to save credentials of websites visited, computers authenticated to, etc. This service has been known to eat up some CPU. I would advise you use a 3rd party password manager like Last Pass and disable this service.

IKE and AuthIP IPsec Keying Modules – This service provides authentication and encryption services to clients running IPsec, for example someone tunneling through a VPN. If you do not tunnel through a VPN this service then disable this service.

Distributed Link Tracking Client – This service is mostly used in domains. It just ensures that the links between NTFS files on multiple computers are maintained. It is also used by AVG to perform a virus scan on networked computers. Since we have Windows Server 2008 R2 and you are not a domain you can most likely disable this service.

Distributed Transaction Coordinator – This service is used for Message Queuing. If you do not rely on message queuing then I highly recommend you disable this service for not only a performance boost but security reasons as well. This service can be exploited and used to perform a denial of service attack on the remote server.

Encrypting File System – What BitLocker uses to encrypt your drive. Also used for other basic file encryption needs. You can set this service to manual so it is only needed when demanded that way the service is starting up on boot. My recommendation would be to set this service to manual.

Extensible Authentication Protocol – If you do not have a wireless network adapter, use a VPN, or require authentication from your wired NIC you can disable this service.

IP Helper – Provides support for IPv6 over an IPv4 network using transition technologies such as 6to4, ISATAP, Teredo, etc.) If you are strictly on a IPv4 network disable this service not only for performance boost but security reasons as well.

IPsec Policy Agent – Used for remote VPN connections. If you don’t use VPN, then disable this service.

Link-Layer Topology Discovery Mapper – This service creates a topology map of all the networked devices on your local network in Network and Sharing Center. If you navigate to Network and Sharing Center at the top right you will see a link called “See full map”. If you disable this service you prevent Windows from making a topology map of your network. As if you couldn’t have simply drawn a topology drawing of your network on a piece of paper LOL! Disable this service!

Microsoft iSCSI Initiator Service – I highly doubt you facilitate data transfers over intranets or manage IP-based storage over long distances. If you don’t use a storage area network that depends on this SAN protocol then this service is useless to you. Disable it.

Netlogon – This service should only run when your computer is joined to a domain. But you can disable it if you like provided you never make computer apart of Active Directory.

Network Access Protection Agent – Allows network administrators to control access to network resources based on client’s identity and compliance with corporate governance policy. BLAH. We are not a domain nor have a corporate security policy the size of Texas. Disable this service.

Portable Device Enumerator Service – This service is used by Windows Meida Player to syncronize content to removable devices such as an MP3 player for example. If you do not care or never use this functionality then disable this service.

Problem Reports and Solutions Control Panel Support – If you never use the Problem Reports and Solutions feature nor care for Windows to collect results of problems on your computer then disable this service.

Protected Storage – Most used by Internet Explorer to save your passwords. Another common application is outlook. But to be on the safe side if any other 3rd party utillities rely on this service then my recommendation would be to set this service to manual so atleast it doesn’t start up, but the service can be used when you call upon it.

Remote Registry – Disable this service for security reasons. If you ever need to edit the registry, do it locally.

Resultant Set of Policy Provider – Useless for non-domain computers. Disable it.

Secondary Logon – If you have only one username who logs onto your conmputer then you can disable this service.

Smart Card – Disable if you don’t have a smart card

Smart Card Removal Policy – Disable if you don’t have a smart card

SNMP Trap – If you don’t rely on a SNMP management program then disable this service.

Special Administration Console Helper – Useless for non-domain computers. Disable it.

Tablet PC Input Service – Obviously if you don’t have a Tablet PC then this is meaningless. Disable this service.

Windows CardSpace – This service is required to run Windows CardSpace. If you never use this program, disable this service.

Windows Color System – Set to manual.

Windows Defender – Disable this service if you use a 3rd party antimalware solution such as Malwarebytes.

Windows Font Cache Service – Disable this service.

Windows Remote Management – Disable this service.

WinHTTP Web Proxy Auto-Discovery Service – Mostly used by your Internet browser to detect a proxy for Internet browsing. This service can cause a surge of CPU usage from time to time. If you do not use a proxy for internet browsing then disable this service.

World Wide Web Publishing Service – This service is used mostly for IIS Web Services but this service is installed when you install the .NET Framework 3.5 feature regardless of whether the fact you use IIS or not. If you do not use IIS for web services then disable this service.

If you do not care for any diagnostic services such as if a problem with your network adapter happens (you cannot connect to internet), or a problem with an application and you want to “troubleshoot it” then you can disable the following services as well:

Diagnostic Policy Service
Diagnostic Service Host
Diagnostic System Host

[Bluebird]

I would use boot optimization, but I only like to use things designed for the system.
I done the days of enabling tweaks and stuff made by people, I like to use things that have been designed for the OS so that I get the most stable system.

Nice list of services. Thanks for that.

IPsec Policy Agent is in manuel mode, but its started every time I start the computer.
Is this needed by the system? It must be starting it for a reason.

And these:
IKE and AuthIP IPsec Keying Modules
Distributed Link Tracking Client
Link-Layer Topology Discovery Mapper

Because I use a basic network(computers connected to a router), turning these off wouldn’t cause problems/security problems?

Are these services needed?

COM+ Event System
Task Scheduler
Print spooler
TCP/IP NetBIOS Helper
Windows firewall ( I use Comodo firewall)

Thanks for the help so far.

[halladayrules]

@Bluebird wrote:

I would use boot optimization, but I only like to use things designed for the system. I done the days of enabling tweaks and stuff made by people, I like to use things that have been designed for the OS so that I get the most stable system.

If you want to convert Windows Server into a workstation, then I would say this is a must! Server 2008 R2 has the capability to do so, it just requires Superfetch and a few registry tweaks. Well worth the effort as you should see tangible gains in performance.

@Bluebird wrote:

IPsec Policy Agent is in manuel mode, but its started every time I start the computer.
Is this needed by the system? It must be starting it for a reason.

Your Comodo Firewall could have triggered an event to start it or a service dependency could have triggered it to start. If you don’t use a VPN, disable it.

@Bluebird wrote:

And these:
IKE and AuthIP IPsec Keying Modules
Distributed Link Tracking Client
Link-Layer Topology Discovery Mapper

Disable them.

@Bluebird wrote:

Because I use a basic network(computers connected to a router), turning these off wouldn’t cause problems/security problems?

Turning off the above services would have absolutely no effect on your machine as you are not apart of a domain infrastructure or use a VPN solution. You can safely disable them.

@Bluebird wrote:

Are these services needed?

COM+ Event System —
Task Scheduler
Print spooler
TCP/IP NetBIOS Helper
Windows firewall ( I use Comodo firewall)

COM+ Event System —DO NOT DISABLE. Windows Update depends on this service when it downloads and installs your updates in the background.
Task Scheduler — DO NOT DISABLE. There is so many 3rd party software that use this service to maintenance your software, notify you of updates, perform regularly scheduled scans, etc.
Print spooler — If you do not have a printer installed or use a network attached printer (such as a wireless printer) then disable this service.
TCP/IP NetBIOS Helper — This service queries all computers on your network with an IP address and resolves them to their NetBIOS name. The NetBIOS name is simply the computer name of the device. This service is required for you to share files, folders, and network devices such as printers, etc. When you click on start and choose Network a list of computers on your local network will populate. All the computers you see in this window is using NetBIOS. Disable this service and you cannot share anything on your Server using this method.

Windows firewall – Comodo Firewall should have disabled your firewall already. Disable it.

@Bluebird wrote:

Thanks for the help so far.

No prob.

[rent-a-hero]

Well, i’m using 2k8r2 64 for almost a year, and it works wonderfully. i just had installed the boot optimizer yet, because i’m just a little afraid for its degradation upon time, as vista did.

i’m actually experiencing a boot time with a little more than 1 minute. After bios and o.s. choice (dual boot with xp) i see only two “charges” of the loading bar, then a black screen for some seconds. after that i enter my logon and some other seconds.

my pc concludes entirely the boot up sequence in 4 minutes, including all services and 3rd party apps, and it’s useful far before that. but i think it could get better than this.

i was looking inside task scheduler, and it has a lot of calls, most part of then are unactive, like the gadget related itens.

my question: is safe delete those entries that would never be used, like we can do with services? well, we dont delete services, but i think this would be the most accurate analogy to task scheduler entries.

sorry for my awful englsh speech, and thanks for the forum and the site!

[Author]

Posts