Tuesday, July 6, 2010

Determining What Services are Running



How To: Determine what Services are running in Windows

When you bring up the Task Manager you'll see an entry for Services (XP/Vista) and the amount of memory consumed. However this one listing is actually all the Services combined into a single entry. As you can see I have them trimmed down to only the Services needed for this machine.

To view the complete list:

From a command prompt: Start | Run (type) cmd (click Ok)
or Start > All Programs > Accessories > Command Prompt

(type) tasklist /svc (press Enter) (XP Pro/Vista/Win7)

You will see all the Services running in process.
"services.exe" does show up in Win7 from a Command Prompt.

 
To save the Command Prompt onscreen info:
  • Right-click and select: Select All
  • Right-click again and select: Mark
  • Open Notepad and Paste the info
  • File - Save As: tasklist.txt
    or
  • (type) "tasklist /svc >tasklist.txt" (no quotes)

In the image on the right you'll see a Services tab, this only displays a limited amount of info. Once that tab is open there is a button that will take you directly to the Services Editor ... (Win7)

This is the same Editor as typing services.msc from the Run menu

As you reduce the unneeded running Services, the Physical Memory usage will drop ...

Tip: click the Memory column in the header bar, this will sort the running applications by displaying the programs that are consuming the most Memory (resources) at the top of the column ...

A good example of a resource hog is FreeCell ... (over 90,000k) this is one of the applications that requires the "Windows Experience Index" be over a certain number to run properly ...

To Remove any unneeded running Processes

Log on as Administrator
Start | Settings | Control Panel | Administrative Tools | Services

Once completed, repeat the "tasklist /svc" method and compare. 
If you use the "tasklist /svc >tasklist.txt" method, change the second output (to prevent overwriting the previous file)  to: "tasklist /svc >tasklist1.txt" (no quotes) then compare. You can also view this info in System Information, however the text output loses the formatting and is almost unreadable.

Note: to temporarily disable a Service while troubleshooting:
Start | Run (type) "msconfig" (no quotes)
Click on the Services tab, uncheck desired service. (for testing only!)

To display the Process Identifier in Task Manager

Right-click on the Taskbar, select: Task Manager
Click on the Processes tab, click View (up top)
Select: "Select Columns", and select: PID
(Process Identifier) from there you can also select any of the other options available.

You can also sort the entries by clicking on the header in each section.

Note: Each time you remove or add a Service the PID for the Services.exe entry will change.

Protecting your Security and Privacy

On a stand-alone system you should disable or at least Stop and set to "Manual" the Remote Access services, unless you really have a need for these. This would include [example] TCP/IP NetBIOS Helper, Telnet, Routing and Remote Access, Remote Access Auto Connection Manager, QoS RSVP, Remote Registry, etc. The point to all this is that the amount of unneeded services running directly affects the amount of Ports open and exposes the user to unnecessary risks. This tends to leave your Firewall full of holes!

 

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)