Processes and Services

From Schmid.wiki
Jump to: navigation, search

Contents

AutoPlay

How to disable autoplay:

  • run 'regedit'
  • browse to 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\'
  • set 'AutoRun' to '0'

Processes

Bare-bones Windows XP

The following is a minimal list of processes for running a bare-bones Windows XP - you can use Process Explorer to kill processes: 

System Idle Process   - what the machine does when it's bored
System                - ?
  smss.exe            - Windows NT Session Manager
    csrss.exe         - Client Server Runtime Process (instant shutdown if killed!)
    winlogon.exe      - Windows NT Logon Application
      services.exe    - Services and Controller App
        svchost.exe   - Remote Procedure Call         (starts shutdown timer if killed)
        svchost.exe   - Audio, Exploring, DHCP, Hardware detection, etc.
                        (can be killed but respawns in minimal version)
        svchost.exe   - Remote Registry, etc.
                        (can be killed but respawns with only Remote Registry)
        svchost.exe   - DNS Client (can be killed but Active Directory networking doesn't work)
      lsass.exe       - LSA Shell (?) - could be some security stuff (instant shutdown if killed!)

A timed shutdown may be aborted using the command 

C:\>shutdown /a

Beyond Bare-bones

If you want to file the bones down, you can actually kill everything but the idle process and csrss.exe. You just have to do it in this order:

  1. Kill smss.exe, abort shutdown
  2. Kill winlogon.exe and all its children
  3. Remember not to kill Process Explorer, as you won't be able to start it again. :)

Services

You disable services for startup by using msconfig.

The following is a list of services needed to run a bare-bones Windows XP: 

DCOM Server Process                  - essential
DHCP Client                          - TCP/IP: if you use DHCP to get an IP
DNS Client                           - TCP/IP: name resolution
Event Log                            - needed by 'Windows Management Instrumentation'
Net Logon                            - network: needed for SMB/CIFS
Network Connections                  - network: needed to manage network connections
Plug and Play                        - needed for connecting hardware
Print Spooler                        - for printing
Remote Procedure Call (RPC)          - essential
Remote Procedure Call (RPC) Locator  - essential
Windows Audio                        - needed for sound
Windows Management Instrumentation   - hardware management
Wireless Zero Configuration          - network: needed for wireless networking
Workstation                          - network: needed for SMB/CIFS

If you accidentally stop some needed services, just start Computer Management (run 'mmc') and enable them: 

1. Run 'mmc'

2. Computer Management (local)
   |_ Services and Applications
      |_ Services

3. Double-click on service name and press 'start'

References

Retrieved from "http://www.schmid.dk/wiki/index.php/Processes_and_Services"
Personal tools