Understanding Windows Services in Windows 7

Your computer does lots of things in the background. You probably know a bit about programs running on your machine. And you might even know a bit about active processes that run as the behind-the-scenes component of an open application. But behind even those processes is another layer of functionality – services.

What Are Services?
At the very simplest level, a service is a small, helper program that runs in the background of your computer. When you turn on the computer, the services are one of the first things to get fired up and start working. They make sure that everything starts up properly, has the right permissions, connects properly and – as you continue to use your computer – they help ensure that programs work correctly as well.

Unlike a process, an active service runs regardless of whether a given application is open. This ensures that resources are always available for the components that need them.

How to Access Them
To see the services that are running on your computer right now, you simply need to pull up the Task Manager. Do this by clicking on Ctrl + Shift + Esc. And then clicking on the tab labeled “Services.”

In Windows XP, the task manager doesn’t list services, but you can still access them via the Services Manager. Go to Control Panel ( » Performance and Maintenance) » Administrative Tools » Services. This will pull up the Service Manager.

At first glance you can get a sense of how services are managed and distributed.

If you look closely you’ll notice that not all of them are actually running in the background. In fact, many of the services installed on your computer aren’t running at all, they’re Stopped. You can see this in the “Status” Column.

Head’s up | Whether or not a service is running depends on the particular settings of your system. While it’s good to understand services and know how to monitor them. It’s generally not a good idea to arbitrarily stop and start them without knowing exactly what functions this will affect. That being said, you always have the power to control a service by right-clicking it. The context menu that appears lets you start/stop the service and also provides you with access to options, letting you find out more or adjust the way in which Windows activates it.

Types of Services (Groups)
The list of services is long, and each has a special job. To make it a bit easier to organize, Windows 7 incorporated a set of group names to categorize services according to the types of jobs they actually perform. The most common groups of services you’ll find on a PC are…


DcomLaunch handles some of the nuts and bolts of your computer. Inside the DcomLaunch group you’ll find services that make your computer power up, that make plug-and-play applications work and one that makes everything go from off to on.


LocalService includes the various services associated with the actions required by a local account, like your personal user-account. The LocalService programs work in isolation from other services for security reasons and ensure that when you log into your computer, the settings associated with your specific user-account load up correctly.


Services that fall into the LocalServiceNoNetwork include things like your Internet firewall and some security programs. In this group you’ll find any number of Internet activity logs, filtering software and IP settings.

It’s called “NoNetwork” because these items are able to be run without a connection to the local network, like a home or office network. An example service you might find here is the Windows Firewall. If activated, it will run independent of local network access so that another user (one who’s also on the network) can’t turn your firewall on or off. This is part of the integrated security framework that Windows Vista and 7 had built into their operations.


The large number of services that fall under LocalServiceAndNoImpersonation are entertainment related. This group of services all relate back to Windows 7 Media Center and other media files and programs including things like fonts, display brightness and Media Center extenders and networking.


The LocalServiceNetworkRestricted files are those you’re already familiar with. Windows Audio is contained in this group along with Parental Controls and the Windows Security Center.

These aren’t as vital as some items in LocasServiceNoNetwork but they’re still relatively important. So they have only a restricted access to a local network.


Networking tools and services are contained in the LocalServicePeerNet group. These services make it possible to identify your machine and for you to find it when you’re trying to connect multiple machines together in a network.


These services allow you to communicate with your computer easily. It includes usually the Human Interface Device Access service, which makes sure your keyboard buttons work correctly, and also the Superfetch service which makes sure that files are obtained quickly when you request them.


This group relates to intranets and Internet use. These services include those things that enable communication with a Browser, with servers and routers as well as remote access with other PCs. They ensure that you’re able to use the Internet correctly and – since logons and certificate management falls into this group as well – use it safely.


If netsvcs services concern the Internet, NetworkService deals with the closed network loop that you may be a part of at home or at the office. In NetworkService, you’ll see services designed to work with client machines, workstations, and remote desktops.


Services located in the NetworkServiceAndNoImpersonation group are simply another step up the security ladder. Communication between machines and programs falls into this category of services.


The highest level of security for NetworkService, those listed as NetworkServiceNetworkRestricted are closely guarded elements like the IP policy for your local network.


The group of services called regsvc is likely small on your machine and includes services for remote registries. These can be necessary for programs if you’re part of a network, but regsvc can also house a virus or other malware that allows remote access to your machine. The safe regsvc files that these services are attached to should be contained in the c:windowsSystem32 folder

Heads Up | Even if you suspect a service running in the regsvc Group to be malicious, don’t mess with it. Stopping or deleting a service can change the behavior of a PC in unforeseeable ways. Instead, utilize a security program to try and detect problems. Security and anti-Virus programs have built-in safeties that allow them to stop, isolate and remove harmful services without triggering consequences.


rpcss services are those necessary for a client and server program to communicate properly. The services you’re likely to see inside the rpcss collection include client and server processes as well as endpoints to show where the network connection stops.


The WbioSvcGroup is a very small group of services – perhaps only one – whose job is to collect biometric data from your machine. The services may also manipulate and store its collected data in the background as you work.


A full range of color is what you’ll see inside the wcssvc services. The primary service in this category is for the Windows Color System that extends the factory color settings to be “vendor-specific”, or better than the basics. If you disable this particular service, you won’t be able to see colors correctly.


It’s not that the Window’s people ran out of clever names for service groups toward the end and starting tossing everything that was left into N/A. It’s just that these services aren’t vital to the system’s normal behavior. Most will be from third parties, so while N/A isn’t a catchy label, in this group you’ll find everything from your instant messaging software to antimalware protection.

Some native Windows entities exist in this group as well, constituting those Windows utilities that are run on an as-needed basis, including the disk defragmenter and Windows Update. Other odds and ends fall into this catch-all as you add programs or peripheries to your machine, for example, your print spooler is here just like your fax machine and iPod service.

Head’s up | The N/A group actually isn’t as big a target for malware as you’d think. Most malicious code is designed to stay hidden. Hence, it’s more likely for a harmful service to appear in something like the regsvc group. Even so, malware can and does appear in the N/A group, especially services belonging to malicious third-party apps that claim to be legitimate, like rogue security scanners. Here too, it’s important to let validated security software stop the service for you, but sometimes you can cut a program off by stopping its service. Stopping it is certainly an option, but it should be considered a last resort.

Leave a Reply

Your email address will not be published. Required fields are marked *