I don't know if this site might help. I've used it before to improve security of a system. It lists servives and it looks like it details those that can be disabled safely.
It's suddenly occured to me that there are some things that we leave running on clasroom desktop PC's (and laptops) that, in the interests of keeping disk space down and machines running smoothly and not getting bogged down with background tasks, especially with older and slower systems, we could do well without.
Two eamples are System Restore and switching off hibernation mode. We rarely use system restpre on desktop PCs and would much rather re-image to a clean working version of Windows than sit and faff around. It aso has the benefit of saving disk space and time when installign new software and updates.
And the removal of hiberfil.sys saves GB of space on hard drives.
Are there any other things that we can safely switch off to eak a little more out of our desktop systems?
^^ I've found Black Viper's "tips" are generally not worth bothering with as they can do more harm than good. The following is a much better guide IMO.
This is also worth a read...
N.B. Site is a little slow at the moment.
Last edited by Arthur; 15th March 2010 at 10:42 PM.
You can actually switch off System Restore using Group Policy, however generally speaking I'd still recommend it on teacher laptops.
In the past I've also found running XP in classic mode on older machines makes a big difference.
The Java Quickstarter - JQS.exe
windows search indexing with xp sp3 it seems to just fill the docs and settings with gb's of rubbish!
Alternatively for some users you can disable the Notification Area completely. Workstations should/can have the Windows Firewall switched off too. Again all via GPOs.
I started from the beginning by using nlite. It removes the features from xp not just turn them off. When I started here 2 years ago the image was 15GB it currently is less then 8GB with more software installed. Their is a nice tutorial somewhere that gives loads of useful information on nlite. You can also add SATA drivers and other drivers to make installing easier and slipstream sp3 and other updates.
we run windows firewall disabled on desktops across the school - there are only 3 machines connected to the LEA's wan which is our ISA, squid proxy and a webserver
The wan then sits behind a firewall so the only way pretty much of a virus coming in is memory sticks, kids cannot download/save exe's so they cannot run it anyway. Also autorun is disabled on memory sticks so reduces the risk of virus's coming in that way.
local windows firewall disabled here too
Do you have NAC? If not I'd seriously think about switching on windows firewall again right away.
I've never measured the performance hit but it must be tiny and the firewall can be managed easily via GP to allow ports/applications required.
All it takes is someone to plug in their compromised laptop and anything can run amock.
There have been high profile cases of this including banks and the New York Times IIRC.
I can recommend Firewalls for Dummies as a good read.
There are currently 1 users browsing this thread. (0 members and 1 guests)