(I have some more settings for Group Policy (GPO) to make Windows safer and nicer and more private. Yes, I turned off Windows Defender and smartscreen as well. I'm not fully done with them yet but I will post them here as soon as I'm finished with them.)
I have found that turning off these services is totally safe and Windows Server 2019 will continue to operation without any issues. This is my own version of "light / lite edition". Please bear in mind that before doing all this, update Windows fully and install IIS or whatever else you need to install on the server. Run Windows update again to be on the safe side, reboot and then turn off the junk.
Turning junk services off:
The ones which I marked "registry" can't be turned off from the command line. You can put the script into a .bat file but remember that the ones who have "registry" in the "REM" line, will give you "Access is denied.". You must go into registry (regedit) and find them under "Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services". Edit "Start" value and set to "4" to make them "Disabled".
Code: Select all
REM original state: (manual trigger start)
sc config "AJRouter" start=disabled
REM original state: (manual)
sc config "AppReadiness" start=disabled
REM original state: (manual trigger start) - registry 3->4
sc config "AppIDSvc" start=disabled
REM original state: (manual)
sc config "ALG" start=disabled
REM original state: (manual) - registry 3->4
sc config "AppXSvc" start=disabled
REM original state: (manual)
sc config "BthAvctpSvc" start=disabled
REM original state: (manual)
sc config "BITS" start=disabled
REM original state: (manual)
sc config "BTAGService" start=disabled
REM original state: (manual)
sc config "bthserv" start=disabled
REM original state: (manual)
sc config "camsvc" start=disabled
REM original state: (manual) - registry 3->4
sc config "CaptureService" start=disabled
REM original state: (manual trigger start)
sc config "CertPropSvc" start=disabled
REM original state: (manual trigger start) - registry 3->4
sc config "ClipSVC" start=disabled
REM original state: (manual) - registry 3->4
sc config "cbdhsvc" start=disabled
REM original state: (manual)
sc config "COMSysApp" start=disabled
REM original state: (automatic delayed start)
sc config "CDPSvc" start=disabled
REM original state: (automatic) - registry 2->4
sc config "CDPUserSvc" start=disabled
REM original state: (automatic)
sc config "DiagTrack" start=disabled
REM original state: (manual) - registry 3->4
sc config "ConsentUxUserSvc" start=disabled
REM original state: (manual) - registry 3->4
sc config "PimIndexMaintenanceSvc" start=disabled
REM original state: (manual trigger start)
sc config "DsSvc" start=disabled
REM original state: (manual trigger start) - registry 3->4
sc config "DoSvc" start=disabled
REM original state: (manual) - registry 3->4
sc config "DeviceAssociationService" start=disabled
REM original state: (manual) - registry 3->4
sc config "DevicePickerUserSvc" start=disabled
REM original state: (manual) - registry 3->4
sc config "DevicesFlowUserSvc" start=disabled
REM original state: (manual trigger start)
sc config "DevQueryBroker" start=disabled
REM original state: (automatic delayed start)
sc config "DPS" start=disabled
REM original state: (manual)
sc config "WdiServiceHost" start=disabled
REM original state: (manual)
sc config "WdiSystemHost" start=disabled
REM original state: (automatic delayed start)
sc config "MSDTC" start=disabled
REM original state: (manual) - registry 3->4
sc config "EntAppSvc" start=disabled
REM original state: (manual)
sc config "fdPHost" start=disabled
REM original state: (manual trigger start)
sc config "FDResPub" start=disabled
REM original state: (manual trigger start)
sc config "hidserv" start=disabled
REM original state: (manual trigger start)
sc config "HvHost" start=disabled
sc config "vmickvpexchange" start=disabled
sc config "vmicguestinterface" start=disabled
sc config "vmicshutdown" start=disabled
sc config "vmicheartbeat" start=disabled
sc config "vmicvmsession" start=disabled
sc config "vmicrdv" start=disabled
sc config "vmictimesync" start=disabled
sc config "vmicvss" start=disabled
REM original state: (automatic)
sc config "iphlpsvc" start=disabled
REM original state: (manual)
sc config "KPSSVC" start=disabled
REM original state: (manual)
sc config "KtmRm" start=disabled
REM original state: (manual)
sc config "diagnosticshub.standardcollector.service" start=disabled
REM original state: (manual)
sc config "wlidsvc" start=disabled
REM original state: (manual)
sc config "MSiSCSI" start=disabled
REM original state: (manual trigger start) - registry 3->4
sc config "NgcSvc" start=disabled
sc config "NgcCtnrSvc" start=disabled
REM original state: (manual)
sc config "smphost" start=disabled
REM original state: (manual)
sc config "InstallService" start=disabled
REM original state: (manual)
sc config "Netlogon" start=disabled
REM original state: (manual trigger start)
sc config "NcbService" start=disabled
REM sc config "NcaSvc" start=disabled
REM sc config "netprofm" start=disabled
REM sc config "NlaSvc" start=disabled
REM original state: (manual)
sc config "PerfHost" start=disabled
REM original state: (manual)
sc config "pla" start=disabled
REM original state: (manual)
sc config "PlugPlay" start=disabled
REM original state: (manual trigger start)
sc config "WPDBusEnum" start=disabled
REM original state: (automatic)
sc config "Power" start=disabled
REM original state: (automatic)
sc config "Spooler" start=disabled
REM original state: (manual)
sc config "PrintNotify" start=disabled
REM original state: (manual) - registry 3->4
sc config "PrintWorkflowUserSvc" start=disabled
REM original state: (manual)
sc config "wercplsupport" start=disabled
REM original state: (manual)
sc config "PcaSvc" start=disabled
REM original state: (manual)
sc config "QWAVE" start=disabled
REM original state: (manual)
sc config "RasAuto" start=disabled
REM original state: (automatic)
sc config "RasMan" start=disabled
REM original state: (manual)
sc config "RpcLocator" start=disabled
REM original state: (automatic trigger start)
sc config "RemoteRegistry" start=disabled
REM original state: (manual)
sc config "RSoPProv" start=disabled
REM original state: (manual trigger start)
sc config "SensrSvc" start=disabled
REM original state: (manual trigger start)
sc config "SensorService" start=disabled
REM original state: (automatic trigger start)
sc config "LanmanServer" start=disabled
REM original state: (automatic)
sc config "ShellHWDetection" start=disabled
REM original state: (manual trigger start)
sc config "SCardSvr" start=disabled
REM original state: (manual)
sc config "SCPolicySvc" start=disabled
REM original state: (manual)
sc config "SNMPTRAP" start=disabled
REM original state: (manual)
sc config "sacsvr" start=disabled
REM original state: (manual)
sc config "WiaRpc" start=disabled
REM original state: (manual trigger start)
sc config "StorSvc" start=disabled
REM original state: (manual)
sc config "TieringEngineService" start=disabled
REM original state: (automatic)
sc config "SysMain" start=disabled
REM original state: (manual trigger start)
sc config "lmhosts" start=disabled
REM original state: (manual)
sc config "tapisrv" start=disabled
REM original state: (automatic)
sc config "Themes" start=disabled
REM original state: (manual trigger start)
sc config "TabletInputService" start=disabled
REM sc config "UsoSvc" start=disabled
REM original state: (automatic delayed start)
sc config "UALSVC" start=disabled
REM original state: (manual) - registry 3->4
sc config "UserDataSvc" start=disabled
REM original state: (manual) - registry 3->4
sc config "UnistoreSvc" start=disabled
REM original state: (manual)
sc config "w3logsvc" start=disabled
REM original state: (manual trigger start)
sc config "WarpJITSvc" start=disabled
REM original state: (manual)
sc config "TokenBroker" start=disabled
REM original state: (manual trigger start)
sc config "WbioSrvc" start=disabled
REM original state: (manual trigger start)
sc config "FrameServer" start=disabled
REM original state: (manual trigger start)
sc config "WerSvc" start=disabled
REM sc config "Wecsvc" start=disabled
REM original state: (manual)
sc config "stisvc" start=disabled
REM original state: (manual trigger start)
sc config "LicenseManager" start=disabled
REM original state: (manual)
sc config "WMPNetworkSvc" start=disabled
REM original state: (manual)
sc config "TrustedInstaller" start=disabled
REM original state: (automatic)
sc config "WpnService" start=disabled
REM original state: (automatic) - registry 2->4
sc config "WpnUserService" start=disabled
REM original state: (automatic)
sc config "WinRM" start=disabled
REM original state: (manual trigger start)
sc config "wuauserv" start=disabled
REM original state: (manual) - registry 3->4
sc config "WaaSMedicSvc" start=disabled
REM original state: (manual) - registry 3->4
sc config "WinHttpAutoProxySvc" start=disabled
REM original state: (manual)
sc config "wmiApSrv" start=disabled
REM original state: (automatic)
sc config "LanmanWorkstation" start="disabled"
- Run "Task Manager", find "search" process and select it.
- Go to "C:\windows\SystemApps", rename "Microsoft.Windows.Cortana_cw5n1h2txyewy" to something like "Original - Microsoft.Windows.Cortana_cw5n1h2txyewy" or whatever name you want, hit enter. It gives you error "Try again" because the search is running. Keep this "Try again" dialog "open".
- Now go back to "Task Manager" and "End task" that search process and then the second you end it, click fast on the "Try again". Windows won't have time to re-run it, it takes a second I think so you get time to rename it.
Turning off "wuauserv" have the nice benefit of killing off Windows update! This is a nice thing because you want control over your machine and can plan when to do updates. I made this .bat file for running Windows update on my own schedule, manually. A side note about this, I put a "pause" in it because I think it is better to run the Windows update, reboot the machine and then turn off the "TrustedInstaller" in case Windows update needs it for installing updates. So I basically run this and it pauses. I run the Windows update, I reboot the machine, I re-run this .bat file, re-check Windows update, then press a button to skip to the section after the pause.
Code: Select all
@ECHO OFF
sc config "TrustedInstaller" start=demand
net start TrustedInstaller
sc config "wuauserv" start=demand
net start wuauserv
explorer ms-settings:windowsupdate
pause
net stop wuauserv
sc config "wuauserv" start=disabled
net stop TrustedInstaller
sc config "TrustedInstaller" start=disabled