win_service_documentation.txt

Name        : AJRouter
DisplayName : AllJoyn Router Service
Description : Routes AllJoyn messages for the local AllJoyn clients. If this service is stopped the AllJoyn clients that do not have their own bundled routers will be unable to run.
PathName    : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
StartMode   : Manual
Notes       : AllJoyn is an open source software framework that allows devices to communicate with other devices around them.
              IoT Guidance: OK to disable
Tags        : #iot #networking

Name        : ALG
DisplayName : Application Layer Gateway Service
Description : Provides support for 3rd party protocol plug-ins for Internet Connection Sharing
PathName    : C:\Windows\System32\alg.exe
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        : #networking

Name        : BcastDVRUserService_*
DisplayName : GameDVR and Broadcast User Service_*
Description : This user service is used for Game Recordings and Live Broadcasts
PathName    : C:\WINDOWS\system32\svchost.exe -k BcastDVRUserService
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        : #gaming

Name        : BDESVC
DisplayName : BitLocker Drive Encryption Service
Description : BDESVC hosts the BitLocker Drive Encryption service. BitLocker Drive Encryption provides secure startup for the operating system, as well as full volume encryption for OS, fixed or removable
              volumes. This service allows BitLocker to prompt users for various actions related to their volumes when mounted, and unlocks volumes automatically without user interaction. Additionally, it
              stores recovery information to Active Directory, if available, and, if necessary, ensures the most recent recovery certificates are used.  Stopping or disabling the service would prevent users
              from leveraging this functionality.
PathName    : C:\WINDOWS\System32\svchost.exe -k netsvcs -p
StartMode   : Manual
Notes       : IoT Guidance: Do not disable
Tags        : #system

Name        : BFE
DisplayName : Base Filtering Engine
Description : The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will
              significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.
PathName    : C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
StartMode   : Auto
Notes       : do not disable
Tags        : #networking

Name        : BluetoothUserService_*
DisplayName : Bluetooth User Support Service_*
Description : The Bluetooth user service supports proper functionality of Bluetooth features relevant to each user session.
PathName    : C:\Windows\system32\svchost.exe -k BthAppGroup -p
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        : #networking, #bluetooth

Name        : BthAvctpSvc
DisplayName : AVCTP service
Description : This is Audio Video Control Transport Protocol service
PathName    : C:\Windows\system32\svchost.exe -k LocalService -p
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        : #networking, #bluetooth

Name        : BTAGService
DisplayName : Bluetooth Audio Gateway Service
Description : Service supporting the audio gateway role of the Bluetooth Handsfree Profile.
PathName    : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        : #networking, #bluetooth

Name        : bthserv
DisplayName : Bluetooth Support Service
Description : The Bluetooth service supports discovery and association of remote Bluetooth devices.  Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly
              and prevent new devices from being discovered or associated.
PathName    : C:\Windows\system32\svchost.exe -k LocalService -p
StartMode   : Manual
Notes       : Server Guidance: ok to disable
              IoT Guidance: OK to disable
Tags        : #networking, #bluetooth

Name        : BrokerInfrastructure
DisplayName : Background Tasks Infrastructure Service
Description : Windows infrastructure service that controls which background tasks can run on the system.
PathName    : C:\Windows\system32\svchost.exe -k DcomLaunch -p
StartMode   : Auto
Notes       : cannot be disabled
              IoT Guidance: Do not disable
Tags        : #system

Name        : CaptureService_*
DisplayName : CaptureService_*
Description : Enables optional screen capture functionality for applications that call the Windows.Graphics.Capture API.
PathName    : C:\Windows\system32\svchost.exe -k LocalService -p
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : cbdhsvc_*
DisplayName : Clipboard User Service_*
Description : This user service is used for Clipboard scenarios
PathName    : C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p
StartMode   : Auto
Notes       : IoT Guidance: OK to disable
Issues      : Calculator App will crash when trying to copy results if this is not running
Tags        :

Name        : diagnosticshub.standardcollector.service
DisplayName : Microsoft (R) Diagnostics Hub Standard Collector Service
Description : Diagnostics Hub Standard Collector Service. When running, this service collects real time ETW events and processes them.
PathName    : C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
StartMode   : Manual
Notes       : Event Tracing for Windows (ETW)
              https://learn.microsoft.com/en-us/dotnet/framework/wcf/samples/etw-tracing
              IoT Guidance: Do not disable
Tags        : #system

Name        : DiagTrack
DisplayName : Connected User Experiences and Telemetry
Description : The Connected User Experiences and Telemetry service enables features that support in-application and connected user experiences. Additionally, this service manages the event driven collection
              and transmission of diagnostic and usage information (used to improve the experience and quality of the Windows Platform) when the diagnostics and usage privacy option settings are enabled
              under Feedback and Diagnostics.
PathName    : C:\WINDOWS\System32\svchost.exe -k utcsvc -p
StartMode   : Auto
Notes       : IoT Guidance: OK to disable
Tags        : #tracking

Name        : dmwappushservice
DisplayName : Device Management Wireless Application Protocol (WAP) Push message Routing Service
Description : Routes Wireless Application Protocol (WAP) Push messages received by the device and synchronizes Device Management sessions
PathName    : C:\Windows\system32\svchost.exe -k netsvcs -p
StartMode   : Manual
Notes       : related to SMS messages?
              Server Guidance: ok to disable
Tags        :

Name        : DPS
DisplayName : Diagnostic Policy Service
Description : The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components.  If this service is stopped, diagnostics will no longer function.
PathName    : C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p
StartMode   : Auto
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : WdiServiceHost
DisplayName : Diagnostic Service Host
Description : The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context.  If this service is stopped, any diagnostics that depend on
              it will no longer function.
PathName    : C:\WINDOWS\System32\svchost.exe -k LocalService -p
StartMode   : Manual
Notes       : related to DPS
              IoT Guidance: Do not disable
Tags        :

Name        : WdiSystemHost
DisplayName : Diagnostic System Host
Description : The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context.  If this service is stopped, any diagnostics that depend on
              it will no longer function.
PathName    : C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Manual
Notes       : related to DPS
              IoT Guidance: Do not disable
Tags        :

Name        : diagsvc
DisplayName : Diagnostic Execution Service
Description : Executes diagnostic actions for troubleshooting support
PathName    : C:\Windows\System32\svchost.exe -k diagnostics
StartMode   : Manual
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : EntAppSvc
DisplayName : Enterprise App Management Service
Description : Enables enterprise application management.
PathName    : C:\Windows\system32\svchost.exe -k appmodel -p
StartMode   : Manual
Notes       : cannot be disabled
              IoT Guidance: OK to disable
Tags        : #system

Name        : Fax
DisplayName : Fax
Description : Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network.
PathName    : C:\WINDOWS\system32\fxssvc.exe
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : fhsvc
DisplayName : File History Service
Description : Protects user files from accidental loss by copying them to a backup location
PathName    : C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Manual
Notes       : used by Windows Backup
              IoT Guidance: Do not disable
Tags        :

Name        : FontCache
DisplayName : Windows Font Cache Service
Description : Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade
              application performance.
PathName    : C:\WINDOWS\system32\svchost.exe -k LocalService -p
StartMode   : Auto
Notes       : can be disabled
Tags        :

Name        : FontCache3.0.0.0
DisplayName : Windows Presentation Foundation Font Cache 3.0.0.0
Description : Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be
              disabled, though doing so will degrade the performance of WPF applications.
PathName    : C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
StartMode   : Manual
Notes       : can be disabled
Tags        :

Name        : FrameServer
DisplayName : Windows Camera Frame Server
Description : Enables multiple clients to access video frames from camera devices.
PathName    : C:\WINDOWS\System32\svchost.exe -k Camera
StartMode   : Manual
Notes       : Server Guidance: ok to disable
              IoT Guidance: OK to disable
Tags        :

Name        : FrameServerMonitor
DisplayName : Windows Camera Frame Server Monitor
Description : Monitors the health and state for the Windows Camera Frame Server service.
PathName    : C:\Windows\System32\svchost.exe -k CameraMonitor
StartMode   : Manual
Notes       : related to FrameServer
Tags        :

Name        : iphlpsvc
DisplayName : IP Helper
Description : Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not
              have the enhanced connectivity benefits that these technologies offer.
PathName    : C:\Windows\System32\svchost.exe -k NetSvcs -p
StartMode   : Auto
Notes       : Needed for Xbox Live?
              IoT Guidance: OK to disable
Tags        : #networking

Name        : IpxlatCfgSvc
DisplayName : IP Translation Configuration Service
Description : Configures and enables translation from v4 to v6 and vice versa
PathName    : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Manual
Notes       : related to iphlpsvc?
              IoT Guidance: OK to disable
Tags        : #networking

Name        : lfsvc
DisplayName : Geolocation Service
Description : This service monitors the current location of the system and manages geofences (a geographical location with associated events).  If you turn off this service,
              applications will be unable to use or receive notifications for geolocation or geofences.
PathName    : C:\Windows\system32\svchost.exe -k netsvcs -p
StartMode   : Manual
Notes       : Server Guidance: ok to disable
              IoT Guidance: OK to disable
Tags        : #tracking

Name        : LicenseManager
DisplayName : Windows License Manager Service
Description : Provides infrastructure support for the Microsoft Store.  This service is started on demand and if disabled then content acquired through the Microsoft Store will not
              function properly.
PathName    : C:\Windows\System32\svchost.exe -k LocalService -p
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        : #msstore

Name        : ClipSVC
DisplayName : Client License Service (ClipSVC)
Description : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled applications bought using Windows Store will not behave
              correctly.
PathName    : C:\Windows\System32\svchost.exe -k wsappx -p
StartMode   : Manual
Notes       : cannot be disabled
              IoT Guidance: OK to disable
Tags        : #msstore

Name        : InstallService
DisplayName : Microsoft Store Install Service
Description : Provides infrastructure support for the Microsoft Store.  This service is started on demand and if disabled then installations will not function properly.
PathName    : C:\Windows\System32\svchost.exe -k netsvcs -p
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        : #msstore

Name        : PushToInstall
DisplayName : Windows PushToInstall Service
Description : Provides infrastructure support for the Microsoft Store.  This service is started automatically and if disabled then remote installations will not function properly.
PathName    : C:\Windows\System32\svchost.exe -k netsvcs -p
StartMode   : Manual
Notes       : "Push to Install" is a feature that allows you to remotely install an app on Windows 10 devices where you have an account
              IoT Guidance: OK to disable
Tags        : #msstore

Name        : lmhosts
DisplayName : TCP/IP NetBIOS Helper
Description : Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and
              log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail
              to start.
PathName    : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        : #networking

Name        : MapsBroker
DisplayName : Downloaded Maps Manager
Description : Windows service for application access to downloaded maps. This service is started on-demand by application accessing downloaded maps. Disabling this service will prevent
              apps from accessing maps.
PathName    : C:\Windows\System32\svchost.exe -k NetworkService -p
StartMode   : Auto
Notes       : Server Guidance: ok to disable
              IoT Guidance: OK to disable
Tags        :

Name        : MSDTC
DisplayName : Distributed Transaction Coordinator
Description : Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will
              fail. If this service is disabled, any services that explicitly depend on it will fail to start.
PathName    : C:\Windows\System32\msdtc.exe
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : KtmRm
DisplayName : KtmRm for Distributed Transaction Coordinator
Description : Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this
              service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a
              Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start.
PathName    : C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation -p
StartMode   : Manual
Notes       : related to MSDTC
              IoT Guidance: Do not disable
Tags        :

Name        : NetTcpPortSharing
DisplayName : Net.Tcp Port Sharing Service
Description : Provides ability to share TCP ports over the net.tcp protocol.
PathName    : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
StartMode   : Disabled
Notes       :
Tags        : #networking

Name        : PcaSvc
DisplayName : Program Compatibility Assistant Service
Description : This service provides support for the Program Compatibility Assistant (PCA).  PCA monitors programs installed and run by the user and detects known compatibility problems.
              If this service is stopped, PCA will not function properly.
PathName    : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Auto
Notes       : Server Guidance: ok to disable
              IoT Guidance: OK to disable
Tags        :

Name        : PerfHost
DisplayName : Performance Counter DLL Host
Description : Enables remote users and 64-bit processes to query performance counters provided by 32-bit DLLs. If this service is stopped, only local users and 32-bit processes will be
              able to query performance counters provided by 32-bit DLLs.
PathName    : C:\Windows\SysWow64\perfhost.exe
StartMode   : Manual
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : PhoneSvc
DisplayName : Phone Service
Description : Manages the telephony state on the device
PathName    : C:\Windows\system32\svchost.exe -k LocalService -p
StartMode   : Manual
Notes       : Used by modern VoIP apps
              Server Guidance: ok to disable
              IoT Guidance: OK to disable
Tags        :

Name        : TapiSrv
DisplayName : Telephony
Description : Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service.
PathName    : C:\Windows\System32\svchost.exe -k NetworkService -p
StartMode   : Manual
Notes       : Disabling breaks RRAS
              Server Guidance: Do not disable
              IoT Guidance: OK to disable
Tags        :

Name        : PNRPsvc
DisplayName : Peer Name Resolution Protocol
Description : Enables serverless peer name resolution over the Internet using the Peer Name Resolution Protocol (PNRP). If disabled, some peer-to-peer and collaborative applications,
              such as Remote Assistance, may not function.
PathName    : C:\Windows\System32\svchost.exe -k LocalServicePeerNet
StartMode   : Manual
Notes       : Configuration via 'netsh p2p pnrp'
              IoT Guidance: OK to disable
Tags        : #networking

Name        : p2pimsvc
DisplayName : Peer Networking Identity Manager
Description : Provides identity services for the Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Grouping services.  If disabled, the Peer Name Resolution Protocol (PNRP) and
              Peer-to-Peer Grouping services may not function, and some applications, such as HomeGroup and Remote Assistance, may not function correctly.
PathName    : C:\Windows\System32\svchost.exe -k LocalServicePeerNet
StartMode   : Manual
Notes       : related to PNRPsvc
              IoT Guidance: OK to disable
Tags        :

Name        : PNRPAutoReg
DisplayName : PNRP Machine Name Publication Service
Description : This service publishes a machine name using the Peer Name Resolution Protocol.  Configuration is managed via the netsh context 'p2p pnrp peer'
PathName    : C:\Windows\System32\svchost.exe -k LocalServicePeerNet
StartMode   : Manual
Notes       : related to PNRPsvc
              IoT Guidance: OK to disable
Tags        :

Name        : p2psvc
DisplayName : Peer Networking Grouping
Description : Enables multi-party communication using Peer-to-Peer Grouping.  If disabled, some applications, such as HomeGroup, may not function.
PathName    : C:\Windows\System32\svchost.exe -k LocalServicePeerNet
StartMode   : Manual
Notes       : related to PNRPsvc?
              IoT Guidance: OK to disable
Tags        :

Name        : PrintNotify
DisplayName : Printer Extensions and Notifications
Description : This service opens custom printer dialog boxes and handles notifications from a remote print server or a printer. If you turn off this service, you won’t be able to see
              printer extensions or notifications.
PathName    : C:\Windows\system32\svchost.exe -k print
StartMode   : Manual
Notes       : Server Guidance: ok to disable
              IoT Guidance: OK to disable
Tags        : #printing

Name        : PrintWorkflowUserSvc_*
DisplayName : PrintWorkflow_*
Description : Provides support for Print Workflow applications. If you turn off this service, you may not be able to print successfully.
PathName    : C:\Windows\system32\svchost.exe -k PrintWorkflow
StartMode   : Manual
Notes       :
Tags        : #printing

Name        : Spooler
DisplayName : Print Spooler
Description : This service spools print jobs and handles interaction with the printer.  If you turn off this service, you won’t be able to print or see your printers.
PathName    : C:\Windows\System32\spoolsv.exe
StartMode   : Auto
Notes       : Server Guidance: ok to disable
              IoT Guidance: OK to disable
Tags        : #printing

Name        : QWAVE
DisplayName : Quality Windows Audio Video Experience
Description : Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming
              performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and
              enforcement, application feedback, and traffic prioritization.
PathName    : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
StartMode   : Manual
Notes       : Client-side QoS service
              Server Guidance: ok to disable
              IoT Guidance: OK to disable
Tags        : #networking

Name        : RemoteAccess
DisplayName : Routing and Remote Access
Description : Offers routing services to businesses in local area and wide area network environments.
PathName    : C:\Windows\System32\svchost.exe -k netsvcs
StartMode   : Disabled
Notes       :
Tags        : #networking

Name        : RemoteRegistry
DisplayName : Remote Registry
Description : Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service
              is disabled, any services that explicitly depend on it will fail to start.
PathName    : C:\Windows\system32\svchost.exe -k localService -p
StartMode   : Disabled
Notes       : Server Guidance: Do not disable
              IoT Guidance: Do not disable
Tags        : #networking

Name        : RetailDemo
DisplayName : Retail Demo Service
Description : The Retail Demo service controls device activity while the device is in retail demo mode.
PathName    : C:\Windows\System32\svchost.exe -k rdxgroup
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : SCardSvr
DisplayName : Smart Card
Description : Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any
              services that explicitly depend on it will fail to start.
PathName    : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
StartMode   : Manual
Notes       : https://learn.microsoft.com/en-us/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference
              this is also used with YubiKey OpenPGP/PIV interfaces
              IoT Guidance: OK to disable
Tags        : #smartcards

Name        : ScDeviceEnum
DisplayName : Smart Card Device Enumeration Service
Description : Creates software device nodes for all smart card readers accessible to a given session. If this service is disabled, WinRT APIs will not be able to enumerate smart card
              readers.
PathName    : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
StartMode   : Manual
Notes       : related to SCardSvr
              Server Guidance: ok to disable
              IoT Guidance: OK to disable
Tags        : #smartcards

Name        : SCPolicySvc
DisplayName : Smart Card Removal Policy
Description : Allows the system to be configured to lock the user desktop upon smart card removal.
PathName    : C:\Windows\system32\svchost.exe -k netsvcs
StartMode   : Manual
Notes       : related to SCardSvr
              IoT Guidance: OK to disable
Tags        : #smartcards

Name        : CertPropSvc
DisplayName : Certificate Propagation
Description : Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader,
              and, if needed, installs the smart card Plug and Play minidriver.
PathName    : C:\Windows\system32\svchost.exe -k netsvcs
StartMode   : Manual
Notes       : related to SCardSvr
Tags        : #smartcards

Name        : NgcCtnrSvc
DisplayName : Microsoft Passport Container
Description : Manages local user identity keys used to authenticate user to identity providers as well as TPM virtual smart cards. If this service is disabled, local user identity keys
              and TPM virtual smart cards will not be accessible. It is recommended that you do not reconfigure this service.
PathName    : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
StartMode   : Manual
Notes       : related to SCardSvr, NgcSvc
              cannot be disabled
Tags        : #smartcards

Name        : NgcSvc
DisplayName : Microsoft Passport
Description : Provides process isolation for cryptographic keys used to authenticate to a user’s associated identity providers. If this service is disabled, all uses and management of
              these keys will not be available, which includes machine logon and single-sign on for apps and websites. This service starts and stops automatically. It is recommended
              that you do not reconfigure this service.
PathName    : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Manual
Notes       : Needed for PIN/Hello logons
              cannot be disabled
              Server Guidance: ok to disable
Tags        :

Name        : seclogon
DisplayName : Secondary Logon
Description : Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any
              services that explicitly depend on it will fail to start.
PathName    : C:\Windows\system32\svchost.exe -k netsvcs -p
StartMode   : Manual
Notes       : Disables other credentials only password will work?
              IoT Guidance: Do not disable
Tags        :

Name        : SEMgrSvc
DisplayName : Payments and NFC/SE Manager
Description : Manages payments and Near Field Communication (NFC) based secure elements.
PathName    : C:\Windows\system32\svchost.exe -k LocalService -p
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        : #networking

Name        : SharedAccess
DisplayName : Internet Connection Sharing (ICS)
Description : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
PathName    : C:\Windows\System32\svchost.exe -k netsvcs -p
StartMode   : Manual
Notes       : Required for clients used as WiFi hotspots, and also on both ends of Miracast projection.
              Server Guidance: ok to disable
              IoT Guidance: OK to disable
Tags        : #networking

Name        : StiSvc
DisplayName : Windows Image Acquisition (WIA)
Description : Provides image acquisition services for scanners and cameras
PathName    : C:\Windows\system32\svchost.exe -k imgsvc
StartMode   : Manual
Notes       : needed for scanners and cameras
              Server Guidance: ok to disable
              IoT Guidance: OK to disable
Tags        :

Name        : WiaRpc
DisplayName : Still Image Acquisition Events
Description : Launches applications associated with still image acquisition events.
PathName    : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Manual
Notes       : related to StiSvc
              needed for scanners and cameras
              Server Guidance: ok to disable
              IoT Guidance: OK to disable
Tags        :

Name        : StorSvc
DisplayName : Storage Service
Description : Provides enabling services for storage settings and external storage expansion
PathName    : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Auto
Notes       : Adds 'System Volume Information' folder to external USB memory devices. Required for Microsoft Store.
              external USB HDD will not work if disabled
Issues      : Microsoft Store might return error 0x800706D9 when trying to install new apps.
Tags        : #msstore

Name        : SysMain
DisplayName : SysMain
Description : Maintains and improves system performance over time.
PathName    : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Auto
Notes       : IoT Guidance: Do not disable
              SuperFetch
Tags        :

Name        : TrkWks
DisplayName : Distributed Link Tracking Client
Description : Maintains links between NTFS files within a computer or across computers in a network.
PathName    : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Auto
Notes       : tracks the creation and movement of linked files across NTFS-formatted volumes and servers
              Distributed Link Tracking tracks links in scenarios where the link is made to a file on an NTFS volume, such as shell shortcuts and OLE links.
              https://learn.microsoft.com/en-us/troubleshoot/windows-server/backup-and-storage/distributed-link-tracking-on-domain-controller
              IoT Guidance: OK to disable
Tags        : #networking

Name        : WbioSrvc
DisplayName : Windows Biometric Service
Description : The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any
              biometric hardware or samples. The service is hosted in a privileged SVCHOST process.
PathName    : C:\Windows\system32\svchost.exe -k WbioSvcGroup
StartMode   : Manual/Auto
Notes       : Windwos Hello fingerprint reader and facial recognition
              IoT Guidance: OK to disable
Tags        :

Name        : WerSvc
DisplayName : Windows Error Reporting Service
Description : Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and
              repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed.
PathName    : C:\Windows\System32\svchost.exe -k WerSvcGroup
StartMode   : Manual
Notes       : Collects and sends crash/hang data used by both MS and third party ISVs/IHVs. The data is used to diagnose crash-inducing bugs, which may include security bugs. Also needed for Corporate Error Reporting
              Server Guidance: Do not disable
Tags        : #tracking

Name        : wisvc
DisplayName : Windows Insider Service
Description : Provides infrastructure support for the Windows Insider Program. This service must remain enabled for the Windows Insider Program to work.
PathName    : C:\Windows\system32\svchost.exe -k netsvcs -p
StartMode   : Manual
Notes       : required for windows insider program to work
              Server Guidance: ok to disable
              IoT Guidance: OK to disable
Tags        :

Name        : WlanSvc
DisplayName : WLAN AutoConfig
Description : The WLANSVC service provides the logic required to configure, discover, connect to, and disconnect from a wireless local area network (WLAN) as defined by IEEE 802.11
              standards. It also contains the logic to turn your computer into a software access point so that other devices or computers can connect to your computer wirelessly using a
              WLAN adapter that can support this. Stopping or disabling the WLANSVC service will make all WLAN adapters on your computer inaccessible from the Windows networking UI. It
              is strongly recommended that you have the WLANSVC service running if your computer has a WLAN adapter.
PathName    : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Manual
Notes       : required for Wifi to work
Tags        : #networking

Name        : WMPNetworkSvc
DisplayName : Windows Media Player Network Sharing Service
Description : Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play
PathName    : "C:\Program Files\Windows Media Player\wmpnetwk.exe"
StartMode   : Manual
Notes       :
Tags        : #networking

Name        : WpcMonSvc
DisplayName : Parental Controls
Description : Enforces parental controls for child accounts in Windows. If this service is stopped or disabled, parental controls may not be enforced.
PathName    : C:\Windows\system32\svchost.exe -k LocalService
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : WPDBusEnum
DisplayName : Portable Device Enumerator Service
Description : Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content
              using removable mass-storage devices.
PathName    : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : WpnService
DisplayName : Windows Push Notifications System Service
Description : This service runs in session 0 and hosts the notification platform and connection provider which handles the connection between the device and WNS server.
PathName    : C:\Windows\system32\svchost.exe -k netsvcs -p
StartMode   : Auto
Notes       : Windows Push Notification Services (WNS) enable third-party developers to send toast, tile, badge, and raw updates from their own cloud service.
              https://learn.microsoft.com/en-us/windows/apps/design/shell/tiles-and-notifications/windows-push-notification-services--wns--overview
              Server Guidance: ok to disable
Issues      : 
Tags        :

Name        : WpnUserService_*
DisplayName : Windows Push Notifications User Service_*
Description : This service hosts Windows notification platform which provides support for local and push notifications. Supported notifications are tile, toast and raw.
PathName    : C:\Windows\system32\svchost.exe -k UnistackSvcGroup
StartMode   : Auto
Notes       : related to WpnService
              Server Guidance: ok to disable
Issues      : Notification panel will not function; navigating to Settings App -> Network & Internet will results in a crash; Clock app will not function properly if this is not running
Tags        :

Name        : wscsvc
DisplayName : Security Center
Description : The WSCSVC (Windows Security Center) service monitors and reports security health settings on the computer.  The health settings include firewall (on/off), antivirus
              (on/off/out of date), antispyware (on/off/out of date), Windows Update (automatically/manually download and install updates), User Account Control (on/off), and Internet
              settings (recommended/not recommended). The service provides COM APIs for independent software vendors to register and record the state of their products to the Security
              Center service.  The Security and Maintenance UI uses the service to provide systray alerts and a graphical view of the security health states in the Security and
              Maintenance control panel.  Network Access Protection (NAP) uses the service to report the security health states of clients to the NAP Network Policy Server to make
              network quarantine decisions.  The service also has a public API that allows external consumers to programmatically retrieve the aggregated security health state of the
              system.
PathName    : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
StartMode   : Auto
Notes       : IoT Guidance: Do not disable
Tags        : #system #security

Name        : EventLog
DisplayName : Windows Event Log
Description : This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can
              display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system.
PathName    : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
StartMode   : Auto
Notes       :
Tags        : #system #security

Name        : WSearch
DisplayName : Windows Search
Description : Provides content indexing, property caching, and search results for files, e-mail, and other content.
PathName    : C:\Windows\system32\SearchIndexer.exe /Embedding
StartMode   : Auto
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : XblAuthManager
DisplayName : Xbox Live Auth Manager
Description : Provides authentication and authorization services for interacting with Xbox Live. If this service is stopped, some applications may not operate correctly.
PathName    : C:\Windows\system32\svchost.exe -k netsvcs -p
StartMode   : Manual
Notes       :
Tags        : #xbox

Name        : XblGameSave
DisplayName : Xbox Live Game Save
Description : This service syncs save data for Xbox Live save enabled games.  If this service is stopped, game save data will not upload to or download from Xbox Live.
PathName    : C:\Windows\system32\svchost.exe -k netsvcs -p
StartMode   : Manual
Notes       :
Tags        : #xbox

Name        : XboxGipSvc
DisplayName : Xbox Accessory Management Service
Description : This service manages connected Xbox Accessories.
PathName    : C:\Windows\system32\svchost.exe -k netsvcs -p
StartMode   : Manual
Notes       :
Tags        : #xbox

Name        : XboxNetApiSvc
DisplayName : Xbox Live Networking Service
Description : This service supports the Windows.Networking.XboxLive application programming interface.
PathName    : C:\Windows\system32\svchost.exe -k netsvcs -p
StartMode   : Manual
Notes       :
Tags        : #xbox

Name        : HvHost
DisplayName : HV Host Service
Description : Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system.
PathName    : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Manual
Notes       : Performance enhancers for guest VMs. Not used today except for explicitly populated VMs, but will be used in Application Guard
              Server Guidance: Do not disable
              IoT Guidance: OK to disable
Tags        : #hyperv

Name        : vmicguestinterface
DisplayName : Hyper-V Guest Service Interface
Description : Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine.
PathName    : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Manual
Notes       : Server Guidance: Do not disable
              IoT Guidance: OK to disable
Tags        : #hyperv

Name        : vmicheartbeat
DisplayName : Hyper-V Heartbeat Service
Description : Monitors the state of this virtual machine by reporting a heartbeat at regular intervals. This service helps you identify running virtual machines that have stopped
              responding.
PathName    : C:\Windows\system32\svchost.exe -k ICService -p
StartMode   : Manual
Notes       : Server Guidance: Do not disable
              IoT Guidance: OK to disable
Tags        : #hyperv

Name        : vmickvpexchange
DisplayName : Hyper-V Data Exchange Service
Description : Provides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer.
PathName    : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Manual
Notes       : Server Guidance: Do not disable
              IoT Guidance: OK to disable
Tags        : #hyperv

Name        : vmicrdv
DisplayName : Hyper-V Remote Desktop Virtualization Service
Description : Provides a platform for communication between the virtual machine and the operating system running on the physical computer.
PathName    : C:\Windows\system32\svchost.exe -k ICService -p
StartMode   : Manual
Notes       : Server Guidance: Do not disable
              IoT Guidance: OK to disable
Tags        : #hyperv

Name        : vmicshutdown
DisplayName : Hyper-V Guest Shutdown Service
Description : Provides a mechanism to shut down the operating system of this virtual machine from the management interfaces on the physical computer.
PathName    : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Manual
Notes       : Server Guidance: Do not disable
              IoT Guidance: OK to disable
Tags        : #hyperv

Name        : vmictimesync
DisplayName : Hyper-V Time Synchronization Service
Description : Synchronizes the system time of this virtual machine with the system time of the physical computer.
PathName    : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
StartMode   : Manual
Notes       : Server Guidance: Do not disable
              IoT Guidance: OK to disable
Tags        : #hyperv

Name        : vmicvmsession
DisplayName : Hyper-V PowerShell Direct Service
Description : Provides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network.
PathName    : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Manual
Notes       : Server Guidance: Do not disable
              IoT Guidance: OK to disable
Tags        : #hyperv

Name        : vmicvss
DisplayName : Hyper-V Volume Shadow Copy Requestor
Description : Coordinates the communications that are required to use Volume Shadow Copy Service to back up applications and data on this virtual machine from the operating system on
              the physical computer.
PathName    : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Manual
Notes       : Server Guidance: Do not disable
              IoT Guidance: OK to disable
Tags        : #hyperv

Name        : vmcompute
DisplayName : Hyper-V Host Compute Service
Description : Provides support for running Windows Containers and Virtual Machines.
PathName    : C:\WINDOWS\system32\vmcompute.exe
Notes       :
Tags        : #hyperv

Name        : gcs
DisplayName : Hyper-V Guest Compute Service
Description : Guest Compute Service for Hyper-V Virtual Machines. This services manages containers in a utility VM.
PathName    : C:\WINDOWS\system32\vmcomputeagent.exe
Notes       :
Tags        : #hyperv

Name        : SstpSvc
DisplayName : Secure Socket Tunneling Protocol Service
Description : Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP
              to access remote servers.
PathName    : C:\Windows\system32\svchost.exe -k LocalService -p
StartMode   : Manual
Notes       : SSTP VPN
              Disabling breaks RRAS
              https://www.proofpoint.com/us/threat-reference/sstp
              Server Guidance: Do not disable
              IoT Guidance: Do not disable
Tags        : #networking

Name        : wuauserv
DisplayName : Windows Update
Description : Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use
              Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API.
PathName    : C:\Windows\system32\svchost.exe -k netsvcs -p
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        : #winupdate

Name        : TrustedInstaller
DisplayName : Windows Modules Installer
Description : Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail
              for this computer.
PathName    : C:\Windows\servicing\TrustedInstaller.exe
StartMode   : Auto
Notes       :
Tags        : #winupdate

Name        : BITS
DisplayName : Background Intelligent Transfer Service
Description : Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN
              Explorer, will be unable to automatically download programs and other information.
PathName    : C:\Windows\System32\svchost.exe -k netsvcs -p
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        : #winupdate

Name        : UsoSvc
DisplayName : Update Orchestrator Service
Description : Manages Windows Updates. If stopped, your devices will not be able to download and install the latest updates.
PathName    : C:\Windows\system32\svchost.exe -k netsvcs -p
StartMode   : Auto
Notes       : Windows Update (incl. WSUS) depends on this service.
              Server Guidance: Do not disable
Tags        : #winupdate

Name        : RpcSs
DisplayName : Remote Procedure Call (RPC)
Description : The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage
              collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you
              have the RPCSS service running.
PathName    : C:\Windows\system32\svchost.exe -k rpcss -p
StartMode   : Auto
Notes       : cannot be disabled
              IoT Guidance: Do not disable
Tags        : #system

Name        : RpcEptMapper
DisplayName : RPC Endpoint Mapper
Description : Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function
              properly.
PathName    : C:\Windows\system32\svchost.exe -k RPCSS -p
StartMode   : Auto
Notes       : related to RpcSs; cannot be disabled
              IoT Guidance: Do not disable
Tags        : #system

Name        : WdNisSvc
DisplayName : Microsoft Defender Antivirus Network Inspection Service
Description : Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols
PathName    : "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\NisSrv.exe"
StartMode   : Manual
Notes       : cannot be disabled
              IoT Guidance: Do not disable
Tags        : #security

Name        : mpssvc
DisplayName : Windows Defender Firewall
Description : Windows Defender Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network.
PathName    : C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
StartMode   : Auto
Notes       : cannot be disabled
Tags        : #security

Name        : WinDefend
DisplayName : Microsoft Defender Antivirus Service
Description : Helps protect users from malware and other potentially unwanted software
PathName    : "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe"
StartMode   : Auto
Notes       : cannot be disabled
              IoT Guidance: Do not disable
Tags        : #security

Name        : Sense
DisplayName : Windows Defender Advanced Threat Protection Service
Description : Windows Defender Advanced Threat Protection service helps protect against advanced threats by monitoring and reporting security events that happen on the computer.
PathName    : "C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe"
StartMode   : Manual
Notes       : enterprise level paid feature; part of Microsoft 365 Defender
Tags        : #security

Name        : webthreatdefsvc
DisplayName : Web Threat Defense Service
Description : Web Threat Defense Endpoint Service helps protect your computer by identifying unauthorized entities attempting to gain access to user credentials
PathName    : C:\Windows\system32\svchost.exe -k WebThreatDefense -p
StartMode   : Manual
Notes       : part of Microsoft Defender
Tags        : #security

Name        : webthreatdefusersvc_*
DisplayName : Web Threat Defense User Service_*
Description : Web Threat Defense User Service helps protect your computer by warning the user when unauthorized entities attempt to gain access to their credentials
PathName    : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Auto
Notes       : part of Microsoft Defender
Tags        : #security

Name        : SensorDataService
DisplayName : Sensor Data Service
Description : Delivers data from a variety of sensors
PathName    : C:\Windows\System32\SensorDataService.exe
StartMode   : Manual
Notes       : A component of the Media Feature Pack supporting data acquisition from various sensors. Supports Windows Hello.
              https://learn.microsoft.com/en-us/windows/iot/iot-enterprise/optimize-your-device/removable-packages-details/microsoft-windows-sensordataservice
              Server Guidance: ok to disable
              IoT Guidance: OK to disable
Tags        :

Name        : SensorService
DisplayName : Sensor Service
Description : A service for sensors that manages different sensors' functionality. Manages Simple Device Orientation (SDO) and History for sensors. Loads the SDO sensor that reports
              device orientation changes.  If this service is stopped or disabled, the SDO sensor will not be loaded and so auto-rotation will not occur. History collection from Sensors
              will also be stopped.
PathName    : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Manual
Notes       : Server Guidance: ok to disable
              IoT Guidance: OK to disable
Tags        :

Name        : SensrSvc
DisplayName : Sensor Monitoring Service
Description : Monitors various sensors in order to expose data and adapt to system and user state.  If this service is stopped or disabled, the display brightness will not adapt to
              lighting conditions. Stopping this service may affect other system functionality and features as well.
PathName    : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
StartMode   : Manual
Notes       : Server Guidance: ok to disable
              IoT Guidance: OK to disable
Tags        :

Name        : DsSvc
DisplayName : Data Sharing Service
Description : Provides data brokering between applications.
PathName    : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Manual
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : OneSyncSvc_*
DisplayName : Sync Host_*
Description : This service synchronizes mail, contacts, calendar and various other user data. Mail and other applications dependent on this functionality will not work properly when
              this service is not running.
PathName    : C:\Windows\system32\svchost.exe -k UnistackSvcGroup
StartMode   : Auto
Notes       : Server Guidance: ok to disable
              IoT Guidance: OK to disable
Tags        :

Name        : upnphost
DisplayName : UPnP Device Host
Description : Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added.
              If this service is disabled, any services that explicitly depend on it will fail to start.
PathName    : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
StartMode   : Manual
Notes       : Server Guidance: ok to disable
              IoT Guidance: OK to disable
Tags        :

Name        : SSDPSRV
DisplayName : SSDP Discovery
Description : Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local
              computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start.
PathName    : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
StartMode   : Manual
Notes       : Simple Service Discovery Protocol (SSDP)
              https://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol
              Server Guidance: ok to disable
              IoT Guidance: OK to disable
Tags        :

Name        : CDPSvc
DisplayName : Connected Devices Platform Service
Description : This service is used for Connected Devices Platform scenarios
PathName    : C:\Windows\system32\svchost.exe -k LocalService -p
StartMode   : Auto
Depends On  : NcbService
              RpcSs
Notes       : This service is used for Connected Devices and Universal Glass scenarios
              Might be related to Xbox and/or Bluetooth devices
              https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-cdp/
              The Connected Devices Platform Service Protocol provides a way for devices such as PC's and smartphones to discover and send messages between each other. It provides a
              transport-agnostic means of building connections among all of a user's devices and allows them to communicate over a secure protocol.
              IoT Guidance: OK to disable
Issues      : Causes issues with "/Microsoft/Windows/International/Synchronize Language Settings Task" scheduled task hanging during logout; see: https://github.com/The-Virtual-Desktop-Team/Virtual-Desktop-Optimization-Tool/issues/46
Tags        : #xbox, #bluetooth

Name        : CDPUserSvc_*
DisplayName : Connected Devices Platform User Service_*
Description : This user service is used for Connected Devices Platform scenarios
PathName    : C:\Windows\system32\svchost.exe -k UnistackSvcGroup
StartMode   : Auto
Notes       : Server Guidance: ok to disable
              IoT Guidance: OK to disable
Issues      : see: CDPSvc
Tags        : #xbox, #bluetooth

Name        : WinHttpAutoProxySvc
DisplayName : WinHTTP Web Proxy Auto-Discovery Service
Description : WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In
              addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol.
PathName    : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
StartMode   : Manual
Notes       :
Tags        : #networking

Name        : AxInstSV
DisplayName : ActiveX Installer (AxInstSV)
Description : Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group
              Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings.
PathName    : C:\Windows\system32\svchost.exe -k AxInstSVGroup
StartMode   : Manual
Notes       : Server Guidance: ok to disable
              IoT Guidance: OK to disable
Tags        :

Name        : AppMgmt
DisplayName : Application Management
Description : Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove,
              or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start.
PathName    : C:\Windows\system32\svchost.exe -k netsvcs -p
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : AppXSvc
DisplayName : AppX Deployment Service (AppXSVC)
Description : Provides infrastructure support for deploying Store applications. This service is started on demand and if disabled Store applications will not be deployed to the system,
              and may not function properly.
PathName    : C:\Windows\system32\svchost.exe -k wsappx -p
StartMode   : Manual
Notes       :
Tags        : #msstore

Name        : PimIndexMaintenanceSvc_*
DisplayName : Contact Data_*
Description : Indexes contact data for fast contact searching. If you stop or disable this service, contacts might be missing from your search results.
PathName    : C:\Windows\system32\svchost.exe -k UnistackSvcGroup
StartMode   : Manual
Notes       : Server Guidance: ok to disable
              IoT Guidance: OK to disable
Tags        :

Name        : lltdsvc
DisplayName : Link-Layer Topology Discovery Mapper
Description : Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device.  If this service is disabled, the
              Network Map will not function properly.
PathName    : C:\Windows\System32\svchost.exe -k LocalService -p
StartMode   : Manual
Notes       : Server Guidance: ok to disable
              IoT Guidance: OK to disable
Tags        :

Name        : wlidsvc
DisplayName : Microsoft Account Sign-in Assistant
Description : Enables user sign-in through Microsoft account identity services. If this service is stopped, users will not be able to logon to the computer with their Microsoft account.
PathName    : C:\Windows\system32\svchost.exe -k netsvcs -p
StartMode   : Manual
Notes       : Server Guidance: ok to disable
              IoT Guidance: OK to disable
Tags        :

Name        : NcbService
DisplayName : Network Connection Broker
Description : Brokers connections that allow Windows Store Apps to receive notifications from the internet.
PathName    : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Manual
Notes       : Server Guidance: ok to disable
              IoT Guidance: OK to disable
Tags        :

Name        : RmSvc
DisplayName : Radio Management Service
Description : Radio Management and Airplane Mode Service
PathName    : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
StartMode   : Manual
Notes       : Server Guidance: ok to disable
              IoT Guidance: OK to disable
Tags        :

Name        : ShellHWDetection
DisplayName : Shell Hardware Detection
Description : Provides notifications for AutoPlay hardware events.
PathName    : C:\Windows\System32\svchost.exe -k netsvcs -p
StartMode   : Auto
Notes       : Server Guidance: ok to disable
              IoT Guidance: OK to disable
Tags        :

Name        : TabletInputService
DisplayName : Touch Keyboard and Handwriting Panel Service
Description : Enables Touch Keyboard and Handwriting Panel pen and ink functionality
PathName    : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Manual
Notes       : Windows Terminal app will not receive keyboard input if this is not running
              Server Guidance: ok to disable
              IoT Guidance: OK to disable
Tags        :

Name        : UserDataSvc_*
DisplayName : User Data Access_*
Description : Provides apps access to structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data
              might not work correctly.
PathName    : C:\Windows\system32\svchost.exe -k UnistackSvcGroup
StartMode   : Manual
Notes       : Server Guidance: ok to disable
              IoT Guidance: OK to disable
Tags        :

Name        : UnistoreSvc_*
DisplayName : User Data Storage_*
Description : Handles storage of structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might
              not work correctly.
PathName    : C:\Windows\System32\svchost.exe -k UnistackSvcGroup
StartMode   : Manual
Notes       : Server Guidance: ok to disable
              IoT Guidance: OK to disable
              related to UserDataSvc_*
Tags        :

Name        : WalletService
DisplayName : WalletService
Description : Hosts objects used by clients of the wallet
PathName    : C:\Windows\System32\svchost.exe -k appmodel -p
StartMode   : Manual
Notes       : Server Guidance: ok to disable
              IoT Guidance: OK to disable
Tags        :

Name        : Audiosrv
DisplayName : Windows Audio
Description : Manages audio for Windows-based programs.  If this service is stopped, audio devices and effects will not function properly.  If this service is disabled, any services
              that explicitly depend on it will fail to start
PathName    : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
StartMode   : Auto
Notes       : Server Guidance: ok to disable
              IoT Guidance: OK to disable
Tags        :

Name        : AudioEndpointBuilder
DisplayName : Windows Audio Endpoint Builder
Description : Manages audio devices for the Windows Audio service.  If this service is stopped, audio devices and effects will not function properly.  If this service is disabled, any
              services that explicitly depend on it will fail to start
PathName    : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Auto
Notes       : Server Guidance: ok to disable
              IoT Guidance: OK to disable
Tags        :

Name        : icssvc
DisplayName : Windows Mobile Hotspot Service
Description : Provides the ability to share a cellular data connection with another device.
PathName    : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
StartMode   : Manual
Notes       : Server Guidance: ok to disable
              IoT Guidance: OK to disable
Tags        :

Name        : AppReadiness
DisplayName : App Readiness
Description : Gets apps ready for use the first time a user signs in to this PC and when adding new apps.
PathName    : C:\Windows\System32\svchost.exe -k AppReadiness -p
StartMode   : Manual
Notes       : Server Guidance: Do not disable
              IoT Guidance: Do not disable
Tags        :

Name        : MSiSCSI
DisplayName : Microsoft iSCSI Initiator Service
Description : Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access
              iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start.
PathName    : C:\Windows\system32\svchost.exe -k netsvcs -p
StartMode   : Manual
Notes       : Server Guidance: Do not disable
              IoT Guidance: OK to disable
Tags        :

Name        : smphost
DisplayName : Microsoft Storage Spaces SMP
Description : Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed.
PathName    : C:\Windows\System32\svchost.exe -k smphost
StartMode   : Manual
Notes       : Storage management APIs fail without this service. Example: "Get-WmiObject -class MSFT_Disk -Namespace Root\Microsoft\Windows\Storage"
              Server Guidance: Do not disable
              IoT Guidance: OK to disable
Tags        :

Name        : SamSs
DisplayName : Security Accounts Manager
Description : The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests.  Disabling this service will prevent other
              services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled.
PathName    : C:\Windows\system32\lsass.exe
StartMode   : Auto
Notes       : Server Guidance: Do not disable
              IoT Guidance: Do not disable
Tags        :

Name        : LanmanServer
DisplayName : Server
Description : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is
              disabled, any services that explicitly depend on it will fail to start.
PathName    : C:\Windows\system32\svchost.exe -k netsvcs -p
StartMode   : Auto
Notes       : Needed for remote management, IPC$, SMB file sharing; Docker Desktop Service
              Server Guidance: Do not disable
              IoT Guidance: OK to disable
Tags        :

Name        : LanmanWorkstation
DisplayName : Workstation
Description : Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this
              service is disabled, any services that explicitly depend on it will fail to start.
PathName    : C:\Windows\System32\svchost.exe -k NetworkService -p
StartMode   : Auto
Notes       :
Tags        :

Name        : SystemEventsBroker
DisplayName : System Events Broker
Description : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered.
PathName    : C:\Windows\system32\svchost.exe -k DcomLaunch -p
StartMode   : Auto
Notes       : In spite of the fact that its description implies it is only for WinRT apps, it's needed for task scheduler, broker infrastructure service, and other internal components.
              Server Guidance: Do not disable
              IoT Guidance: Do not disable
Tags        :

Name        : TimeBrokerSvc
DisplayName : Time Broker
Description : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered.
PathName    : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
StartMode   : Manual
Notes       : In spite of the fact that its description implies it is only for WinRT apps, it's needed for task scheduler, broker infrastructure service, and other internal components.
              Server Guidance: Do not disable
Tags        :

Name        : Themes
DisplayName : Themes
Description : Provides user experience theme management.
PathName    : C:\Windows\System32\svchost.exe -k netsvcs -p
StartMode   : Auto
Notes       : Can't set accessibility themes when this service is disabled
              Server Guidance: Do not disable
              IoT Guidance: OK to disable
Tags        :

Name        : Wecsvc
DisplayName : Windows Event Collector
Description : This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and
              IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and
              forwarded events cannot be accepted.
PathName    : C:\Windows\system32\svchost.exe -k NetworkService -p
StartMode   : Manual
Notes       : Collects ETW events (including security events) for manageability, diagnostics. Lots of features and third-party tools rely on it, including security audit tools
              Server Guidance: Do not disable
Tags        :

Name        : WinRM
DisplayName : Windows Remote Management (WS-Management)
Description : Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote
              software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a
              listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables
              event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does
              not depend on IIS but is preconfigured to share a port with IIS on the same machine.  The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS,
              administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix.
PathName    : C:\Windows\System32\svchost.exe -k NetworkService -p
StartMode   : Manual
Notes       : Needed for remote management
              Server Guidance: Do not disable
Tags        :

Name        : CryptSvc
DisplayName : Cryptographic Services
Description : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root
              Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Automatic Root Certificate Update Service, which retrieves root
              certificates from Windows Update and enable scenarios such as SSL. If this service is stopped, these management services will not function properly. If this service is
              disabled, any services that explicitly depend on it will fail to start.
PathName    : C:\Windows\system32\svchost.exe -k NetworkService -p
StartMode   : Auto
Notes       : IoT Guidance: Do not disable
Tags        : #winupdate

Name        : WaaSMedicSvc
DisplayName : Windows Update Medic Service
Description : Enables remediation and protection of Windows Update components.
PathName    : C:\Windows\system32\svchost.exe -k wusvcs -p
StartMode   : Manual
Notes       :
Tags        : #winupate

Name        : SessionEnv
DisplayName : Remote Desktop Configuration
Description : Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that
              require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates.
PathName    : C:\Windows\System32\svchost.exe -k netsvcs -p
StartMode   : Manual
Notes       : Server Guidance: Do not disable
              IoT Guidance: Do not disable
Tags        :

Name        : TermService
DisplayName : Remote Desktop Services
Description : Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service.  To prevent remote use of this
              computer, clear the checkboxes on the Remote tab of the System properties control panel item.
PathName    : C:\Windows\System32\svchost.exe -k NetworkService
StartMode   : Manual
Notes       : Server Guidance: Do not disable
              IoT Guidance: Do not disable
Tags        :

Name        : UmRdpService
DisplayName : Remote Desktop Services UserMode Port Redirector
Description : Allows the redirection of Printers/Drives/Ports for RDP connections
PathName    : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Manual
Notes       : Server Guidance: Do not disable
              IoT Guidance: Do not disable
Tags        :

Name        : WwanSvc
DisplayName : WWAN AutoConfig
Description : This service manages mobile broadband (GSM & CDMA) data card/embedded module adapters and connections by auto-configuring the networks. It is strongly recommended that
              this service be kept running for best user experience of mobile broadband devices.
PathName    : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : workfolderssvc
DisplayName : Work Folders
Description : This service syncs files with the Work Folders server, enabling you to use the files on any of the PCs and devices on which you've set up Work Folders.
PathName    : C:\Windows\System32\svchost.exe -k LocalService -p
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : dot3svc
DisplayName : Wired AutoConfig
Description : The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces
              802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks
              that do not enforce 802.1X authentication are unaffected by the DOT3SVC service.
PathName    : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : perceptionsimulation
DisplayName : Windows Perception Simulation Service
Description : Enables spatial perception simulation, virtual camera management and spatial input simulation.
PathName    : C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
              related to spectrum
Tags        :

Name        : spectrum
DisplayName : Windows Perception Service
Description : Enables spatial perception, spatial input, and holographic rendering.
PathName    : C:\Windows\system32\spectrum.exe
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : VacSvc
DisplayName : Volumetric Audio Compositor Service
Description : Hosts spatial analysis for Mixed Reality audio simulation.
PathName    : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : SharedRealitySvc
DisplayName : Spatial Data Service
Description : This service is used for Spatial Perception scenarios
PathName    : C:\Windows\system32\svchost.exe -k LocalService -p
StartMode   : Manual
Notes       : Virtual Reality data manager.
              IoT Guidance: Do not disable
Tags        :

Name        : WEPHOSTSVC
DisplayName : Windows Encryption Provider Host Service
Description : Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS
              policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts
PathName    : C:\Windows\system32\svchost.exe -k WepHostSvcGroup
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : Wcmsvc
DisplayName : Windows Connection Manager
Description : Makes automatic connect/disconnect decisions based on the network connectivity options currently available to the PC and enables management of network connectivity based
              on Group Policy settings.
PathName    : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
StartMode   : Auto
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : wcncsvc
DisplayName : Windows Connect Now - Config Registrar
Description : WCNCSVC hosts the Windows Connect Now Configuration which is Microsoft's Implementation of Wireless Protected Setup (WPS) protocol. This is used to configure Wireless LAN
              settings for an Access Point (AP) or a Wireless Device. The service is started programmatically as needed.
PathName    : C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation -p
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : SDRSVC
DisplayName : Windows Backup
Description : Provides Windows Backup and Restore capabilities.
PathName    : C:\Windows\system32\svchost.exe -k SDRSVC
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : WFDSConMgrSvc
DisplayName : Wi-Fi Direct Services Connection Manager Service
Description : Manages connections to wireless services, including wireless display and docking.
PathName    : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : WebClient
DisplayName : WebClient
Description : Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is
              disabled, any services that explicitly depend on it will fail to start.
PathName    : C:\Windows\system32\svchost.exe -k LocalService -p
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : TokenBroker
DisplayName : Web Account Manager
Description : This service is used by Web Account Manager to provide single-sign-on to apps and services.
PathName    : C:\Windows\system32\svchost.exe -k netsvcs -p
StartMode   : Manual
Notes       : Won't be able to set account picture if this is not running
              Connect UWP app to external identity provider, such as Microsoft, Facebook
              https://learn.microsoft.com/en-us/windows/uwp/security/web-account-manager
              IoT Guidance: OK to disable
Tags        :

Name        : WarpJITSvc
DisplayName : Warp JIT Service
Description : Enables JIT compilation support in d3d10warp.dll for processes in which code generation is disabled.
PathName    : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
StartMode   : Manual
Notes       : JIT out of process service for Windows Advanced Rasterization Platform (WARP) when running with Arbitrary Code Guard (ACG) enabled.
              IoT Guidance: OK to disable
Tags        :

Name        : VSS
DisplayName : Volume Shadow Copy
Description : Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may
              fail. If this service is disabled, any services that explicitly depend on it will fail to start.
PathName    : C:\Windows\system32\vssvc.exe
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : vds
DisplayName : Virtual Disk
Description : Provides management services for disks, volumes, file systems, and storage arrays.
PathName    : C:\Windows\System32\vds.exe
StartMode   : Manual
Notes       :
Tags        :

Name        : ProfSvc
DisplayName : User Profile Service
Description : This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully sign in or sign
              out, apps might have problems getting to users' data, and components registered to receive profile event notifications won't receive them.
PathName    : C:\Windows\system32\svchost.exe -k netsvcs -p
StartMode   : Auto
Notes       :
Tags        :

Name        : UserManager
DisplayName : User Manager
Description : User Manager provides the runtime components required for multi-user interaction.  If this service is stopped, some applications may not operate correctly.
PathName    : C:\Windows\system32\svchost.exe -k netsvcs -p
StartMode   : Auto
Notes       :
Tags        :

Name        : UevAgentService
DisplayName : User Experience Virtualization Service
Description : Provides support for application and OS settings roaming
PathName    : C:\Windows\system32\AgentService.exe
StartMode   : Disabled
Notes       :
Tags        :

Name        : UdkUserSvc_*
DisplayName : Udk User Service_*
Description : Shell components service
PathName    : C:\Windows\system32\svchost.exe -k UdkSvcGroup
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : Schedule
DisplayName : Task Scheduler
Description : Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or
              disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
PathName    : C:\Windows\system32\svchost.exe -k netsvcs -p
StartMode   : Auto
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : SgrmBroker
DisplayName : System Guard Runtime Monitor Broker
Description : Monitors and attests to the integrity of the Windows platform.
PathName    : C:\Windows\system32\SgrmBroker.exe
StartMode   : Auto
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : SENS
DisplayName : System Event Notification Service
Description : Monitors system events and notifies subscribers to COM+ Event System of these events.
PathName    : C:\Windows\system32\svchost.exe -k netsvcs -p
StartMode   : Auto
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : TieringEngineService
DisplayName : Storage Tiers Management
Description : Optimizes the placement of data in storage tiers on all tiered storage spaces in the system.
PathName    : C:\Windows\system32\TieringEngineService.exe
StartMode   : Manual
Notes       :
Tags        :

Name        : StateRepository
DisplayName : State Repository Service
Description : Provides required infrastructure support for the application model.
PathName    : C:\Windows\system32\svchost.exe -k appmodel -p
StartMode   : Auto
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : CoreMessagingRegistrar
DisplayName : CoreMessaging
Description : Manages communication between system components.
PathName    : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p
StartMode   : Auto
Notes       : cannot be disabled
Tags        :

Name        : gpsvc
DisplayName : Group Policy Client
Description : The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is disabled,
              the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group
              Policy component might not be functional if the service is disabled.
PathName    : C:\Windows\system32\svchost.exe -k netsvcs -p
StartMode   : Auto
Notes       : cannot be disabled
Tags        :

Name        : LSM
DisplayName : Local Session Manager
Description : Core Windows Service that manages local user sessions. Stopping or disabling this service will result in system instability.
PathName    : C:\Windows\system32\svchost.exe -k DcomLaunch -p
StartMode   : Auto
Notes       : cannot be disabled
              IoT Guidance: Do not disable
Tags        :

Name        : sppsvc
DisplayName : Software Protection
Description : Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed
              applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service.
PathName    : C:\Windows\system32\sppsvc.exe
StartMode   : Auto
Notes       : cannot be disabled
Tags        :

Name        : msiserver
DisplayName : Windows Installer
Description : Adds, modifies, and removes applications provided as a Windows Installer (*.msi, *.msp) package. If this service is disabled, any services that explicitly depend on it
              will fail to start.
PathName    : C:\Windows\system32\msiexec.exe /V
StartMode   : Manual
Notes       : cannot be disabled
Tags        :

Name        : svsvc
DisplayName : Spot Verifier
Description : Verifies potential file system corruptions.
PathName    : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Manual
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : SNMPTrap
DisplayName : SNMP Trap
Description : Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this
              computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly
              depend on it will fail to start.
PathName    : C:\Windows\System32\snmptrap.exe
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : shpamsvc
DisplayName : Shared PC Account Manager
Description : Manages profiles and accounts on a SharedPC configured device
PathName    : C:\Windows\System32\svchost.exe -k netsvcs -p
StartMode   : Disabled
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : RpcLocator
DisplayName : Remote Procedure Call (RPC) Locator
Description : In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions
              of Windows, this service does not provide any functionality and is present for application compatibility.
PathName    : C:\Windows\system32\locator.exe
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : RasMan
DisplayName : Remote Access Connection Manager
Description : Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that
              explicitly depend on it will fail to start.
PathName    : C:\Windows\System32\svchost.exe -k netsvcs
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : RasAuto
DisplayName : Remote Access Auto Connection Manager
Description : Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
PathName    : C:\Windows\System32\svchost.exe -k netsvcs -p
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : TroubleshootingSvc
DisplayName : Recommended Troubleshooting Service
Description : Enables automatic mitigation for known problems by applying recommended troubleshooting. If stopped, your device will not get recommended troubleshooting for problems on
              your device.
PathName    : C:\Windows\system32\svchost.exe -k netsvcs -p
StartMode   : Manual
Notes       :
Tags        :

Name        : wercplsupport
DisplayName : Problem Reports Control Panel Support
Description : This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports control panel.
PathName    : C:\Windows\System32\svchost.exe -k netsvcs -p
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : Power
DisplayName : Power
Description : Manages power policy and power policy notification delivery.
PathName    : C:\Windows\system32\svchost.exe -k DcomLaunch -p
StartMode   : Auto
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : PlugPlay
DisplayName : Plug and Play
Description : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
PathName    : C:\Windows\system32\svchost.exe -k DcomLaunch -p
StartMode   : Manual
Notes       :
Tags        :

Name        : pla
DisplayName : Performance Logs & Alerts
Description : Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers
              an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to
              start.
PathName    : C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p
StartMode   : Manual
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : defragsvc
DisplayName : Optimize drives
Description : Helps the computer run more efficiently by optimizing files on storage drives.
PathName    : C:\Windows\system32\svchost.exe -k defragsvc
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : ssh-agent
DisplayName : OpenSSH Authentication Agent
Description : Agent to hold private keys used for public key authentication.
PathName    : C:\Windows\System32\OpenSSH\ssh-agent.exe
StartMode   : Disabled
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : CscService
DisplayName : Offline Files
Description : The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API,
              and dispatches interesting events to those interested in Offline Files activities and changes in cache state.
PathName    : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : nsi
DisplayName : Network Store Interface Service
Description : This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If
              this service is disabled, any other services that explicitly depend on this service will fail to start.
PathName    : C:\Windows\system32\svchost.exe -k LocalService -p
StartMode   : Auto
Notes       :
Tags        :

Name        : NetSetupSvc
DisplayName : Network Setup Service
Description : The Network Setup Service manages the installation of network drivers and permits the configuration of low-level network settings.  If this service is stopped, any driver
              installations that are in-progress may be cancelled.
PathName    : C:\Windows\System32\svchost.exe -k netsvcs -p
StartMode   : Manual
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : NlaSvc
DisplayName : Network Location Awareness
Description : Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration
              information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
PathName    : C:\Windows\System32\svchost.exe -k netprofm -p
StartMode   : Manual
Notes       : enables Windows Sockets 2 applications to identify the logical network to which a Windows computer is attached
              https://learn.microsoft.com/en-us/windows/win32/winsock/network-location-awareness-service-provider-nla--2
              IoT Guidance: OK to disable
Tags        :

Name        : netprofm
DisplayName : Network List Service
Description : Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change.
PathName    : C:\Windows\System32\svchost.exe -k netprofm -p
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : Netman
DisplayName : Network Connections
Description : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
PathName    : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Manual
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : NcdAutoSetup
DisplayName : Network Connected Devices Auto-Setup
Description : Network Connected Devices Auto-Setup service monitors and installs qualified devices that connect to a qualified network. Stopping or disabling this service will prevent
              Windows from discovering and installing qualified network connected devices automatically. Users can still manually add network connected devices to a PC through the user
              interface.
PathName    : C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : Netlogon
DisplayName : Netlogon
Description : Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not
              authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to
              start.
PathName    : C:\Windows\system32\lsass.exe
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : NaturalAuthentication
DisplayName : Natural Authentication
Description : Signal aggregator service, that evaluates signals based on time, network, geolocation, bluetooth and cdf factors. Supported features are Device Unlock, Dynamic Lock and
              Dynamo MDM policies
PathName    : C:\Windows\system32\svchost.exe -k netsvcs -p
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : SmsRouter
DisplayName : Microsoft Windows SMS Router Service.
Description : Routes messages based on rules to appropriate clients.
PathName    : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : swprv
DisplayName : Microsoft Software Shadow Copy Provider
Description : Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If
              this service is disabled, any services that explicitly depend on it will fail to start.
PathName    : C:\Windows\System32\svchost.exe -k swprv
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : MsKeyboardFilter
DisplayName : Microsoft Keyboard Filter
Description : Controls keystroke filtering and mapping
PathName    : C:\Windows\system32\svchost.exe -k netsvcs -p
StartMode   : Disabled
Notes       : disabled by default
Tags        :

Name        : AppVClient
DisplayName : Microsoft App-V Client
Description : Manages App-V users and virtual applications
PathName    : C:\Windows\system32\AppVClient.exe
StartMode   : Disabled
Notes       : disabled by default
Tags        :

Name        : MessagingService_*
DisplayName : MessagingService_*
Description : Service supporting text messaging and related functionality.
PathName    : C:\Windows\system32\svchost.exe -k UnistackSvcGroup
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : wlpasvc
DisplayName : Local Profile Assistant Service
Description : This service provides profile management for subscriber identity modules
PathName    : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : LxpSvc
DisplayName : Language Experience Service
Description : Provides infrastructure support for deploying and configuring localized Windows resources. This service is started on demand and, if disabled, additional Windows languages
              will not be deployed to the system, and Windows may not function properly.
PathName    : C:\Windows\system32\svchost.exe -k netsvcs
StartMode   : Manual
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : PolicyAgent
DisplayName : IPsec Policy Agent
Description : Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay
              protection.  This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool "netsh ipsec".  If you stop this service, you
              may experience network connectivity issues if your policy requires that connections use IPsec.  Also,remote management of Windows Defender Firewall is not available when
              this service is stopped.
PathName    : C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p
StartMode   : Manual
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : IKEEXT
DisplayName : IKE and AuthIP IPsec Keying Modules
Description : The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and
              key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is
              typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the
              system. It is strongly recommended that you have the IKEEXT service running.
PathName    : C:\Windows\system32\svchost.exe -k netsvcs -p
StartMode   : Manual
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : hidserv
DisplayName : Human Interface Device Service
Description : Activates and maintains the use of hot buttons on keyboards, remote controls, and other multimedia devices. It is recommended that you keep this service running.
PathName    : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Manual
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : GraphicsPerfSvc
DisplayName : GraphicsPerfSvc
Description : Graphics performance monitor service
PathName    : C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup
StartMode   : Manual
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : FDResPub
DisplayName : Function Discovery Resource Publication
Description : Publishes this computer and resources attached to this computer so they can be discovered over the network.  If this service is stopped, network resources will no longer
              be published and they will not be discovered by other computers on the network.
PathName    : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : fdPHost
DisplayName : Function Discovery Provider Host
Description : The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery
              Protocol (SSDP) and Web Services – Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD.
              When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources.
PathName    : C:\Windows\system32\svchost.exe -k LocalService -p
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : EapHost
DisplayName : Extensible Authentication Protocol
Description : The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection
              (NAP).  EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication
              process.  If you disable this service, this computer is prevented from accessing networks that require EAP authentication.
PathName    : C:\Windows\System32\svchost.exe -k netsvcs -p
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : EFS
DisplayName : Encrypting File System (EFS)
Description : Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable
              to access encrypted files.
PathName    : C:\Windows\System32\lsass.exe
StartMode   : Manual
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : embeddedmode
DisplayName : Embedded Mode
Description : The Embedded Mode service enables scenarios related to Background Applications.  Disabling this service will prevent Background Applications from being activated.
PathName    : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Manual
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : Dnscache
DisplayName : DNS Client
Description : The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will
              continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any
              services that explicitly depend on it will fail to start.
PathName    : C:\Windows\system32\svchost.exe -k NetworkService -p
StartMode   : Auto
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : DispBrokerDesktopSvc
DisplayName : Display Policy Service
Description : Manages the connection and configuration of local and remote displays
PathName    : C:\Windows\system32\svchost.exe -k LocalService -p
StartMode   : Auto
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : DisplayEnhancementService
DisplayName : Display Enhancement Service
Description : A service for managing display enhancement such as brightness control.
PathName    : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Manual
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : DialogBlockingService
DisplayName : DialogBlockingService
Description : Dialog Blocking Service
PathName    : C:\Windows\system32\svchost.exe -k DialogBlockingService
StartMode   : Disabled
Notes       : disabled by default
Tags        :

Name        : Dhcp
DisplayName : DHCP Client
Description : Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If
              this service is disabled, any services that explicitly depend on it will fail to start.
PathName    : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
StartMode   : Auto
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : DevQueryBroker
DisplayName : DevQuery Background Discovery Broker
Description : Enables apps to discover devices with a backgroud task
PathName    : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Manual
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : ConsentUxUserSvc_*
DisplayName : ConsentUX User Service_*
Description : Allows the system to request user consent to allow apps to access sensitive resources and information such as the device's location
PathName    : C:\Windows\system32\svchost.exe -k DevicesFlow
StartMode   : Manual
Notes       : Allows ConnectUX and PC Settings to Connect and Pair with WiFi displays and Bluetooth devices.
              IoT Guidance: OK to disable
Tags        :

Name        : DevicesFlowUserSvc_*
DisplayName : DevicesFlow_*
Description : Allows ConnectUX and PC Settings to Connect and Pair with WiFi displays and Bluetooth devices.
PathName    : C:\Windows\system32\svchost.exe -k DevicesFlow
StartMode   : Manual
Notes       : Connect and pair WiFi and Bluetooth devices, ConnectUX/PC settings
              IoT Guidance: OK to disable
Tags        :

Name        : DevicePickerUserSvc_*
DisplayName : DevicePicker_*
Description : This user service is used for managing the Miracast, DLNA, and DIAL UI
PathName    : C:\Windows\system32\svchost.exe -k DevicesFlow
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : DeviceAssociationService
DisplayName : Device Association Service
Description : Enables pairing between the system and wired or wireless devices.
PathName    : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : DeviceAssociationBrokerSvc_40028
DisplayName : DeviceAssociationBroker_40028
Description : Enables apps to pair devices
PathName    : C:\Windows\system32\svchost.exe -k DevicesFlow -p
StartMode   : Manual
Notes       :
Tags        :

Name        : DsmSvc
DisplayName : Device Setup Manager
Description : Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not
              work correctly.
PathName    : C:\Windows\system32\svchost.exe -k netsvcs -p
StartMode   : Manual
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : DmEnrollmentSvc
DisplayName : Device Management Enrollment Service
Description : Performs Device Enrollment Activities for Device Management
PathName    : C:\Windows\system32\svchost.exe -k netsvcs -p
StartMode   : Manual
Notes       :
Tags        :

Name        : DeviceInstall
DisplayName : Device Install Service
Description : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
PathName    : C:\Windows\system32\svchost.exe -k DcomLaunch -p
StartMode   : Manual
Notes       :  IoT Guidance: Do not disable
Tags        :

Name        : DoSvc
DisplayName : Delivery Optimization
Description : Performs content delivery optimization tasks
PathName    : C:\Windows\System32\svchost.exe -k NetworkService -p
StartMode   : Auto
Notes       : Windows Update Delivery Optimization works by letting you get Windows updates and Microsoft Store apps from sources in addition to Microsoft, like other PCs on your local
              network, or PCs on the internet that are downloading the same files. Delivery Optimization also sends updates and apps from your PC to other PCs on your local network or
              PCs on the internet, based on your settings.
              IoT Guidance: Do not disable
Tags        :

Name        : DcomLaunch
DisplayName : DCOM Server Process Launcher
Description : The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not
              function properly. It is strongly recommended that you have the DCOMLAUNCH service running.
PathName    : C:\Windows\system32\svchost.exe -k DcomLaunch -p
StartMode   : Auto
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : COMSysApp
DisplayName : COM+ System Application
Description : Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly.
              If this service is disabled, any services that explicitly depend on it will fail to start.
PathName    : C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
StartMode   : Manual
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : EventSystem
DisplayName : COM+ Event System
Description : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service
              is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will
              fail to start.
PathName    : C:\Windows\system32\svchost.exe -k LocalService -p
StartMode   : Auto
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : DusmSvc
DisplayName : Data Usage
Description : Network data usage, data limit, restrict background data, metered networks.
PathName    : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
StartMode   : Auto
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : CredentialEnrollmentManagerUserSvc_*
DisplayName : CredentialEnrollmentManagerUserSvc_*
Description : Credential Enrollment Manager
PathName    : C:\Windows\system32\CredentialEnrollmentManager.exe
StartMode   : Manual
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : VaultSvc
DisplayName : Credential Manager
Description : Provides secure storage and retrieval of credentials to users, applications and security service packages.
PathName    : C:\Windows\system32\lsass.exe
StartMode   : Manual
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : KeyIso
DisplayName : CNG Key Isolation
Description : The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required
              by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements.
PathName    : C:\Windows\system32\lsass.exe
StartMode   : Manual
Notes       : Secure long lived keys for cryptographic operations.
              IoT Guidance: Do not disable
Tags        :

Name        : autotimesvc
DisplayName : Cellular Time
Description : This service sets time based on NITZ messages from a Mobile Network
PathName    : C:\Windows\system32\svchost.exe -k autoTimeSvc
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : camsvc
DisplayName : Capability Access Manager Service
Description : Provides facilities for managing UWP apps access to app capabilities as well as checking an app's access to specific app capabilities
PathName    : C:\Windows\system32\svchost.exe -k osprivacy -p
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : PeerDistSvc
DisplayName : BranchCache
Description : This service caches network content from peers on the local subnet.
PathName    : C:\Windows\System32\svchost.exe -k PeerDist
StartMode   : Manual
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : wbengine
DisplayName : Block Level Backup Engine Service
Description : The WBENGINE service is used by Windows Backup to perform backup and recovery operations. If this service is stopped by a user, it may cause the currently running backup
              or recovery operation to fail. Disabling this service may disable backup and recovery operations using Windows Backup on this computer.
PathName    : "C:\Windows\system32\wbengine.exe"
StartMode   : Manual
Notes       :
Tags        :

Name        : tzautoupdate
DisplayName : Auto Time Zone Updater
Description : Automatically sets the system time zone.
PathName    : C:\Windows\system32\svchost.exe -k LocalService -p
StartMode   : Disabled
Notes       : disabled by default
Tags        :

Name        : AssignedAccessManagerSvc
DisplayName : AssignedAccessManager Service
Description : AssignedAccessManager Service supports kiosk experience in Windows.
PathName    : C:\Windows\system32\svchost.exe -k AssignedAccessManagerSvc
StartMode   : Manual
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : Appinfo
DisplayName : Application Information
Description : Facilitates the running of interactive applications with additional administrative privileges.  If this service is stopped, users will be unable to launch applications
              with the additional administrative privileges they may require to perform desired user tasks.
PathName    : C:\Windows\system32\svchost.exe -k netsvcs -p
StartMode   : Manual
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : AppIDSvc
DisplayName : Application Identity
Description : Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced.
PathName    : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
StartMode   : Manual
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : AarSvc_*
DisplayName : Agent Activation Runtime_*
Description : Runtime for activating conversational agent applications
PathName    : C:\Windows\system32\svchost.exe -k AarSvcGroup -p
StartMode   : Manual
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : wmiApSrv
DisplayName : WMI Performance Adapter
Description : Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data
              Helper is activated.
PathName    : C:\Windows\system32\wbem\WmiApSrv.exe
StartMode   : Manual
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : Winmgmt
DisplayName : Windows Management Instrumentation
Description : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most
              Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
PathName    : C:\Windows\system32\svchost.exe -k netsvcs -p
StartMode   : Auto
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : WManSvc
DisplayName : Windows Management Service
Description : Performs management including Provisioning and Enrollment activities
PathName    : C:\Windows\system32\svchost.exe -k netsvcs -p
StartMode   : Manual
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : W32Time
DisplayName : Windows Time
Description : Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this
              service is disabled, any services that explicitly depend on it will fail to start.
PathName    : C:\Windows\system32\svchost.exe -k LocalService
StartMode   : Auto
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : SecurityHealthService
DisplayName : Windows Security Service
Description : Windows Security Service handles unified device protection and health information
PathName    : C:\Windows\system32\SecurityHealthService.exe
StartMode   : Manual
Notes       : IoT Guidance: Do not disable
Tags        :

Name        : NcaSvc
DisplayName : Network Connectivity Assistant
Description : Provides DirectAccess status notification for UI components
PathName    : C:\Windows\System32\svchost.exe -k NetSvcs -p
StartMode   : Manual
Depends On  : BFE
              Dnscache
              iphlpsvc
              nsi
Notes       : IoT Guidance: OK to disable
Tags        :

Name        : cloudidsvc
DisplayName : Microsoft Cloud Identity Service
Description : Supports integrations with Microsoft cloud identity services.  If disabled, tenant restrictions will not be enforced properly.
PathName    : C:\Windows\system32\svchost.exe -k CloudIdServiceGroup -p
StartMode   : Manual
Notes       :
Tags        :

Name        : InventorySvc
DisplayName : Inventory and Compatibility Appraisal service
Description : This service performs background system inventory, compatibility appraisal, and maintenance used by numerous system components.
PathName    : C:\Windows\system32\svchost.exe -k InvSvcGroup -p
StartMode   : Manual
Notes       :
Tags        :

Name        : McpManagementService
DisplayName : McpManagementService
Description :
PathName    : C:\Windows\system32\svchost.exe -k McpManagementServiceGroup
StartMode   : Manual
Notes       :
Tags        :

Name        : MixedRealityOpenXRSvc
DisplayName : Windows Mixed Reality OpenXR Service
Description : Enables Mixed Reality OpenXR runtime functionality
PathName    : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Manual
Notes       :
Tags        :

Name        : uhssvc
DisplayName : Microsoft Update Health Service
Description : Maintains Update Health
PathName    : "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe"
StartMode   : Disabled
Notes       : disabled by default
Tags        :

Name        : NPSMSvc_*
DisplayName : NPSMSvc_*
Description :
PathName    : C:\Windows\system32\svchost.exe -k LocalService -p
StartMode   : Manual
Notes       : NPSMSvc (Network Policy Server Management Service) is associated with the Network Policy Server (NPS) role in Windows Server.
              https://learn.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-top
              NPS allows you to create and enforce organization-wide network access policies for connection request authentication and authorization.
Tags        :

Name        : P9RdrService_*
DisplayName : P9RdrService_*
Description : Enables trigger-starting plan9 file servers.
PathName    : C:\Windows\system32\svchost.exe -k P9RdrService -p
StartMode   : Manual
Notes       : Enables trigger-starting Plan9 file servers
Tags        : #wsl

Name        : PenService_*
DisplayName : PenService_*
Description : Pen Service
PathName    : C:\Windows\system32\svchost.exe -k PenService
StartMode   : Manual
Notes       : associated with the Windows Pen and Touch input functionality
Tags        :

Name        : TextInputManagementService
DisplayName : Text Input Management Service
Description : Enables text input, expressive input, touch keyboard, handwriting, and IMEs.
PathName    : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
StartMode   : Auto
Notes       : associated with on-screen keyboard and handwriting recognition
Tags        :

Name        : dcsvc
DisplayName : dcsvc
Description : Declared Configuration(DC) service
PathName    : C:\Windows\system32\svchost.exe -k netsvcs -p
StartMode   : Manual
Notes       : used by the Windows Defender Application Control (WDAC)
Tags        :

Name        : edgeupdate
DisplayName : Microsoft Edge Update Service (edgeupdate)
Description : Keeps your Microsoft software up to date. If this service is disabled or stopped, your Microsoft software will not be kept up to date, meaning security vulnerabilities
              that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Microsoft software using it.
PathName    : "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
StartMode   : Auto
Notes       :
Tags        :

Name        : edgeupdatem
DisplayName : Microsoft Edge Update Service (edgeupdatem)
Description : Keeps your Microsoft software up to date. If this service is disabled or stopped, your Microsoft software will not be kept up to date, meaning security vulnerabilities
              that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Microsoft software using it.
PathName    : "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc
StartMode   : Manual
Notes       :
Tags        :

Name        : MicrosoftEdgeElevationService
DisplayName : Microsoft Edge Elevation Service (MicrosoftEdgeElevationService)
Description : Keeps Microsoft Edge up to update. If this service is disabled, the application will not be kept up to date.
PathName    : "C:\Program Files (x86)\Microsoft\Edge\Application\111.0.1661.51\elevation_service.exe"
StartMode   : Manual
Notes       :
Tags        :