Which Windows Services Do We Need?


When you look at Microsoft Windows services, it can be confusing to sort through them and understand which ones you need. In this blog entry I'm going to take a more detailed look at Windows services and see if we can identify any services that might not be needed, or determine whether any are suspicious.


I think that services can be categorized into two different types: server services and client services. Server services are a bit easier to deal with because they typically do not directly interface with local users and should not be installed on a client computer.


Services that probably should not run on a client computer (laptop or desktop):







World Wide Web (www)




SQL Express


SQL Server


Web service



Services that run on server computers as client services can be a bit harder to identify, because several services might be called by a server service that would be viable on a server. The list in the following table does not list services that could be determined to be viable on a typical server.


Services that you would not expect on a server:



Peer Networking Grouping


Computer Browser services


Routing and Remote Access


Windows Audio




MultiMedia Class scheduler


Peer Networking Identity Manager


Windows Themes



Now that we have a list of services that can be considered for evaluation, it would be nice to somehow automate the process of obtaining service information.


I started to dabble in PowerShell a while ago, and the following example is a perfect illustration of a simple but quick way to obtain service information without having to manually look at services on a device.


Looking for services using PowerShell


If you're not familiar with PowerShell, I recommend you take a look at it. In my book it's the best thing for an administrator since the advent of the automobile! http://www.microsoft.com/windowsserver2003/technologies/management/powershell/default.mspx


Step 1. Create a check file of service that you want to flag


Create a text file that identifies the services you want to flag. For instance I have a file called c:\temp\base.txt, and its contents are as follows:


Ftp service

telnet service

www service

SMTP service

sql express

sql server

web service


You can use your favorite editing tool such as Notepad.exe to create the file.


Step 2. Use Compare-Object to find the service


From a PowerShell command prompt, run the following command:


Compare-Object $(get-service | foreach { $_.Name } ) $(get-content c:\temp\base.txt) -includeequal  -excludeDifferent


Simple, right?


Other Services


When you run the script it provides you with all kinds of great information. But maybe it's not enough information.


If you run this script I'd be interested in your results. Did  you see something you did not expect? What was it? Have you identified any services that did not make my list? Are you aware of services (third-party, maybe malware) that should be watched for?


And what about services like BITS (Background Intelligent Transfer Service) and RPC? Because there's a need to allow Windows Update to run as expected, these services would need to run most of the time.


Finally, do scripts like this one provide value to you? What would you recommend to improve on it?