This article is mainly for those who have just one computer, or do not share files and printers over home (local) network or HomeGroup. Steps described here disable remote administration and sharing capabilities and therefore are not suitable for business environments. Please keep in mind that www.winhelp.us is primarily meant for home users.
Disabling some of these services also helps to decrease time needed to boot into Windows, and enhance overall performance a bit.
Although Windows Firewall tries hard to keep hackers at bay, it is best to minimize the possible attack surface by turning off services that are not required.
In all versions of Windows, open Run dialog using keyboard shortcut Windows Key+R.
Type services.msc and click OK.
Scroll down in the list to find Remote Registry. Right-click on the row and select Properties.
Select Disabled from Startup type list. Then click OK to close Remote Registry Properties window.
This service enables viewing and changing Windows Registry (the place where all settings and information about your Windows, installed programs and users' settings is kept) from a remote computer (including hackers' computers) - so it is best to keep the service shut down at all times. On home networks, Windows Registry should be accessed from local computer only.
In Home editions of Windows, this service does not run by default. If the service is running, click Stop to shut it down right away.
Other services you might want to disable in Windows are:
- ClipBook - only in Windows XP, shares Clipboard contents over a network;
- Function Discovery Resource Publication - only in Windows Vista, 7, 8 and 8.1, publishes shared resources (printers, libraries, etc) on this computer over a network. This service's startup is set to Manual, but it often runs whenever Windows starts. Disable it to decrease Windows boot time. Other computers and devices on the same network will not be able to detect shared resources automatically after this.
- Offline Files - only in Windows Professional/Business/Ultimate editions, caches selected folders and files from file servers so that the items are always available;
- Remote Desktop Services / Terminal Services - enables remote access to GUI (Graphical User Interface) on the computer over a network;
- SSDP Discovery - detects and publishes Simple Services, such as UPnP devices (home entertainment systems, media streaming, printers, some Wi-Fi routers, etc). This service's startup is set to Manual, but it runs whenever Windows starts. Disable it to speed up Windows boot. UPnP devices are not affected by this, but in Windows 8.1 UPnP Device Host service will not start if SSDP Discovery is disabled..
- Telnet - only in Windows XP, enables remote access to command-line interface over a network;
- WebClient - enables creating, accessing and modifying files on the Internet using Windows-based programs. This does not affect FTP, SSH, SCP or browser-based access.
- Windows Media Player Network Sharing Service - enables streaming music and video to home entertainment systems and other computers/devices over a network.
You can feel a tad more secure - you just made it harder for bots and hackers to attack your computer while your computer is connected to the Internet!
Windows Vista and later have special presets for Network Locations that hide or show your computer on current network by configuring Windows Firewall.
If your computer is connected to the Internet directly or via a modem and you have no home network (just one computer at home), always choose Public for Network Location - this disables sharing files and printers with other computers and over the Internet and enhances security.
Public is also the suggested setting for all wi-fi (wireless), dial-up and VPN connections you create.
If you do have a home network and you want to share printers and files with other computers in your home, select Private (in Windows Vista, 8 and 8.1) or Home for Network Location. This is the configuration with least security - please be aware of this! If you do not need or want to share anything, select Public instead.
In Windows 7, if you are connecting at your workplace, select Work. This will also enable File and Printer Sharing and make your PC visible on the network.
In case you want to double-check or change Network Location for current connection in Windows Vista or 7, right-click Network icon in Taskbar Notification area and select (Open) Network and Sharing Center.
Scroll down to see Windows 8 and 8.1 instructions.
In Windows Vista, click Customize on the right side of an active network connection.
In Windows 7, find the View your active networks section and click the existing network type (Home network, Work network or Public network).
The Set Network Location window opens. Click the network type you want for this network connection.
In Windows Vista, you can change the connection title in the Network name field and connection icon using the Change button to the right of Network Icon. Click Next to continue.
In Windows 7, if you know you will never set up a home network for this computer and you will be using public networks (wireless, dial-up, direct connections to the Internet) only, you can activate the Treat all future networks that I connect to as public, and don't ask me again option. This will disable the Set Network Location wizard and automatically set the highest security level for all future networks you connect your computer to. You can still change any network's location by opening Network and Sharing Center.
Just click Close in the summary window. Windows Firewall and sharing settings have been reconfigured.
Do not close Network and Sharing Center window in Windows Vista and 7 yet!
If you want to change a connection's name and icon in Windows 7, click the network's icon in Network and Sharing Center.
In the Set Network Properties window, fill Network name field and use the Change button to select a different icon.
Click OK to apply changes.
In Windows 8, click Network icon in Taskbar Notification area (aka System Tray) to open the list of configured networks.
The longer way is to use keyboard shortcut WINDOWS KEY+I to reveal Settings charm. Then click or tap Network in the lower part of the Charms bar. Windows 8.1 instructions follow a bit later in this tutorial.
List of all configured networks appears. Right-click the network you want to change and then click Turn sharing on or off.
Next, Windows 8 asks if you want to turn on sharing between PCs and connect to devices on this network.
Click No, don't turn on sharing or connect to devices if you want to set Network Location to Public.
Click Yes, turn on sharing and connect to devices in case you want to set Network Location to Private.
Windows 8.1 makes modifying network location even more difficult to find. In Settings charm, click or tap Change PC Settings (instead of Network icon in Windows 8).
In the PC Settings app, open Network tab and then open Connections tab. Click the connection you want to modify on the right.
Set the Find devices and content slider to Off if you want to set Network Location to Public.
If you never want to share your files or printer with other computers on your home or work network (or if you have no home network at all), it is best to make sure that no one sees your files and printers even when Windows Firewall fails for some reason.
Right-click Network icon in the Taskbar Notification area (aka System Tray) and select Open Network Connections or (Open) Network and Sharing Center from the menu.
In Windows Vista, click Manage network connections on the left side of Network and Sharing Center window.
In Windows 7, 8 and 8.1, the command is entitled Change adapter settings.
Click the first network adapter in the list to make it active. Then right-click on it and select Properties.
Now clear the File and Printer Sharing for Microsoft Networks check box. Then click OK to close connection properties window and apply the settings. Please do not mess with other settings, they can easily disable your connection to the Internet!
Repeat the above procedure for each and every connection (including wireless, dial-up, Bluetooth and IEEE1394/Firewire) on the list if you have more than one network adapter.