Service Usage Logging

Is there a way to log which services I use on Vista? What I want is to be able to run my PC for a month or so, then go over the logs and see which of the services that are set to 'manual' never started in said period, and disable them.

Not so much an optimisation exercise, as an OS hardening exercise.

Can someone give 'everyday' application examples for the following services?


IKE and AuthIP IPsec Keying Modules
Routing and Remote Access
IPsec Policy Agent

Already disabled or needed:

Base Filtering Engine (required for Win Firewall?)
Internet Connection Sharing (ICS) (disabled)
Windows Firewall (Enabled)

I use a hardware router with NAT only (no firewall / ACLs), then KIS (with only parental control disabled). Also running Windows Defender and Windows Firewall.

I'm just going through my services and want to minimise their usage. I'm fairly sure I don't use IPSec in the direct sense, but not sure about if it is used for SSH, HTTPS or stuff like that. I assume if IPSEC is needed, then IKE etc is too. Routing and remote access? I've a static IP and use private IPs this side of the router with NAT. My only remote access is FTP to ISP's website, although there has been the very rare occasion of telnet to CGI server.

IKE and AuthIP IPsec Keying Modules - you're unlikely to need this unless you are creating VPN connections.

Routing and Remote Access - typical use for this is to be able to RDP into your PC from elsewhere.

IPsec Policy Agent - pulls IPSec policies from either an active directory server or from local registry on a standalone machine. It then applies these to any other components using IPSec. From the sound of it you don't use IPSec and probably have no policy info in the registry, so that service is just sat there doing nowt.

IPSec is not required for SSH or HTTPS.

Ta very much. It's a stand alone PC. No others. No AD or GP if that's pertinent. I'll look into disabling them and see what happens.

Interesting read on IPSec:

http://www.alliancedatacom.com/IPsec-overview.asp (Why do we need IPSec)

Still not 100% sure.

Like GeeTee said it is a corporate thing for IPSec communication between Windows (and compatible) clients on a domain/VPN/etc... It wont affect your web browsing on a home computer.

I'm not concerned about my browsing. I know it's not going to affect that. I'm more concerned with what lesser-used ports/protocols disabling it might affect. However, since I don't have an mmc snap in policy (if I have my terms right), I suppose I never used it in the first place.

Sorry, what I meant to say was that it should not affect any internet usage on your PC, apart from the things mentioned above (domain, VPN, you have specifically configured an IPsec policy in WFAS/GPO, for example).

Assuming your computer has no configured IPsec policy or certificates required to use IPsec, so nothing would be able to take advantage of it any way anyhow. Might be worth checking if other service have dependencies on it though.

I suppose the problem you do potentially run in is some silly quirk months/years down the line and it ends up being caused because this service is disabled, very rare, but it could happen. You could also speculate that Microsoft leave the service set to Automatic for a reason, depending how competant you think they are, they must not feel it will cause an appreciable performance penalty otherwise they would have shipped Vista with it set to disabled.

By the way have you used a program called Autoruns? Lots more options to disable stuff

Looks good!

http://www.speedyvista.com/services.php

http://www.techrepublic.com/blog/window-on-windows/h...

Ta for that. Building up a decent knowledge of these services once one gets a few websites for reference.

Still doing a bit here and there (I disable one service, then notice scheduled tasks running and pop in there, and back to services etc.).

On to "NAP Status UI" in the scheduled tasks.

http://www.techrepublic.com/article/10-things-you-sh...

#8: There are four types of NAP enforcement

IPSec enforcement relies on the HRA and X.509certificates. 802.1x enforcement relieson an EAPHost NAP enforcement client and is used forclients connecting through an 802.1x access point. (This can be a wirelessaccess point or an Ethernet switch.) Restricted access profiles are placed onnoncompliant clients using packet filters or VLAN identifiers to restrict themto the restricted network. VPNenforcement relies on VPN servers to enforce the health policy when acomputer attempts to make a VPN connection to the network. DHCP enforcement relies on the DHCP servers to enforce the healthpolicy when a computer leases or renews its IP address. You can use one, some,or all of the enforcement methods on a given network.

Since I have disabled almost everything to do with wireless, DHCP, and yesterday the IPSec, and have never used VPN to my knowledge, I assume it's safe to get rid of this scheduled task? There's a switch within my router, but I don't use it, and I doubt it't pertinent in this case.