Running Windows with No Services

Running Windows with No Services

  • Comments 3
  • Likes

A Windows service provides functionality to the operating system and user accounts regardless of whether anyone is logged into a system. Windows XP comes with around four dozen services enabled by default, including ones that many people consider superfluous like Remote Registry, Alerter, and SSDP Discovery (Universal Plug and Play). A question many Windows administrators commonly have is therefore, which services can I safely disable? What if I told you that for at least basic functionality like Web surfing and application execution, Windows doesn’t need any services? In fact, you can also do those things without system processes like Winlogon.exe, the interactive logon manager, and Lsass, the local security authority subsystem.

The following steps, which you must follow carefully to achieve a minimal Windows system, were derived by Dave Solomon through experimentation, and when he discovered that Windows was usable without all the core system processes we were dumbfounded. After figuring this out he and I polled senior Windows experts like the vice president of the Core Operating Systems Division, the technical lead of the Virtual PC team, and a lead Windows security architect to see if they thought that Windows would function at all, much less if Internet Explorer would work, without the support of Winlogon, Lsass, and services, and the unanimous answer was ‘no’. Even after we showed them the demonstration I’m about to share with you they all thought that we’d staged some kind of trick.

The first step to achieving a minimal Windows configration is to kill the system processes I’ve mentioned. You can’t use Task Manager for the job, however, because it has an internal list of processes that it considers critical and that it won’t terminate. Try to kill Smss.exe, Winlogon.exe, Services.exe, Lsass.exe or Csrss.exe and you’ll see this dialog:



So if you don’t have it already download Process Explorer. To make things go more quickly uncheck the Confirm Kill entry in the Process Explorer Options menu. Then kill Smss.exe, the Session Manager process. The reason we start with Smss.exe is that Smss.exe watches the back of Winlogon, the process it creates during the boot, so if you terminate Winlogon first Smss.exe gets upset and blue screens the machine with an error indicating that the Windows logon process terminated unexpectedly. And if you kill Lsass or Services without killing Winlogon you'll see this dialog that Winlogon shows before it shuts down the system (you can abort the shutdown by running "shutdown -a"):



Once Smss.exe is out of the way select Winlogon and choose Kill Process Tree from in the Process menu. This terminates Winlogon.exe, Lsass.exe, Services.exe, and all the Windows service processes. We’re almost done.

The next step is to kill all other standard processes except for Csrss.exe (and of course Process Explorer). Csrss.exe is the only process in the system that has the “critical process” bit set in its kernel process structure (EPROCESS) flags field. On the termination of a process with the flag set the kernel halts with a CRITICAL_PROCESS_DIED blue screen. Note that you won’t be able to terminate the System Idle Process, System, Interrupts, or DPC processes. The Idle process isn’t a real process and simply tracks the time when no thread is executing. The System process holds operating system kernel threads and device driver threads, and Interrupts and DPCs are artificial processes that Process Explorer uses to display interrupt and Deferred Procedure Call (DPC) activity.

Because Process Explorer shows the Interrupts and DPCs artifical processes switch to Task Manager at this point to get a real idea of what’s actually running by activating the Run command in Process Explorer’s File menu and entering “taskmgr”. Then exit Process Explorer and look to Task Manager’s Process tab. This is what you should see (themes disappear when the Svchost.exe process hosting the theming service terminates):



You have achieved minimal Windows: the only two processes, not including Task Manager, are System and Csrss.exe. You’re now ready to start experimenting. Verify that you can surf the Internet by launching “iexplore” from Task Manager’s Run command in its File menu. Then restart Explorer by running “explorer”. You’re done with Task Manager so you can exit it.

There will be a delay before Explorer redraws the desktop because it waits for the Service Control Manager (SCM) to signal the ScmCreatedEvent, which Services signals during its initialization. Below is the stack of the main Explorer thread waiting. The second parameter to WaitForSingleObject is a timeout value that’s interpreted as milliseconds and 0xEA60 is 60,000 – 60 seconds:



Once Explorer starts it clips the task bar off the bottom of the display so get it back by right-clicking on the barely visible task bar and applying the ‘Show Quick Launch” option. Notice that even though the task bar is fully visible it doesn’t show the active windows.

With Explorer, the start menu and desktop back you can wander your system, trying various applications and utilities to see how they respond when there are no services running. There are many things that will work, but of course also many things that won’t. For example, here’s the Services node of the Computer Management MMC snapin displaying an expected error message:



What are the real limitations of running like this? Some will become obvious during your exploration, but a major one is that you won’t be able to logoff (or shutdown) since neither Lsass nor Winlogon are running. Networking is also crippled, especially in a LAN, since accessing other computers requires the participation of Lsass in the cross-machine domain authentication process.

The bottom line is that this stripped-down Windows configuration is not practical, but makes a cool demonstration of just how little of Windows is required for basic functionality.

On a more personal note, I’m going to be in the Cape Canaveral area on Thursday, August 11, and so am calling out to any NASA employee Sysinternals fans to see if you’d be willing to arrange for a special tour of the space center.

Update 8/21/2009

To perform this experiment on Vista  or Windows 7:
  • Kill Smss.exe
  • Suspend Wininit.exe
  • Right-click on Services.exe and kill its process tree
  • Kill in this order Lsm.exe, Lsass.exe and Winlogon.exe
  • Then you can kill all other processes except Csrss.exe processes

Originally by Mark Russinovich on 7/24/2005 10:14:00 AM
Migrated from original Sysinternals.com/Blog

# re: Running Windows with No Services

Killing 'services.exe' first also gives 'interesting' results!

7/24/2005 10:58:00 AM by Jonathan Payne
# re: Running Windows with No Services

Wow! I wouldn't recommend anyone running these tests in his/her working Windows installation. :-)

I thought the Windows kernel would bring down the system immediately if Smss.exe ended for some reason.
Also, it seems that if Winlogon is terminated before Services.exe, the "shutdown-in-a-minute" window will not appear after killing Services.exe. (Or am I wrong?)

BTW, I tried to kill Csrss.exe for testing in a Windows 2000 SP4 system and Process Explorer could not do that: "The parameter is incorrect." Maybe the Windows subsystem is preventing itself from "dying"? Mark, does Process Explorer terminate processes by calling always the Windows API TerminateProcess function?

Cheers!

Ramón Sola from Málaga (Spain)
MVP Windows - Shell/User


P.S.: I am reading "Windows Internals, 4th Edition". It is very, very, very entertaining and educational. Nice work, Mark and David!

7/24/2005 10:26:00 PM by Ramón Sola
# re: Running Windows with No Services

I've added some text explaining the "windows will shut down in one minute" dialog: its posted by Winlogon when either of its two child processes, lsass and services, terminates unexpectedly.

7/25/2005 9:17:00 AM by Mark Russinovich
# re: Running Windows with No Services

As far as why you get "Invalid parameter" when you try to terminate Csrss on Win2K, that's because Win32k.sys system threads live in Csrss on Win2K and NtTerminateProcess, the kernel function for killing processes, returns that error when it comes across a system thread as its terminating the threads of a process.

7/25/2005 1:36:00 PM by Mark Russinovich
# re: Running Windows with No Services

Regarding Winlogon - why I can kill Winlogon after I kill his child processes, lsass and services?

7/26/2005 2:01:00 AM by Tomislav
# re: Running Windows with No Services

Many viruses today attach themselves to Winlogon (using the Winlogon notify function) and continually polls the queue that Sysinternals' PendMoves.exe displays, looking for attempts of boot time removal of themselves. If found, the entry is deleted instantly by the virus. Same if you try to remove the virus' Winlogon notification in the registry, it's magically rewritten by the virus.

So programs like Norton Antivirus cannot get rid of these viruses. Starting XP in Safe mode is useless as well, since Winlogon still runs. The only remedy so far has been to boot from the XP CD and delete the virus manually using the recovery console.

I was thinking of creating a hard link to the virus (using the Junction.exe program) and posting that to the PendMoves's queue (so as to escape detection by the virus), but it's only a matter of time before the viruses check that as well. (And yes, I've tried writing a service to delete the virus, but Winlogon starts before Services.exe.)

But being able to temporarily shut down Winlogon this way is excellent news! Makes for effortless removal of these state-of-the-art viruses. Perhaps Norton Antivirus 2007 or 2008 will incorporate this technique...

/Rgrds Henry

7/26/2005 6:10:00 AM by Henry Skoglund
# re: Running Windows with No Services

Hi Mark,

Can you expand on this statement:

"What are the real limitations of running like this? ... Networking is also crippled..."

Does this mean you can launch Internet Explorer, but not connect to any Web sites? Just looking for clarification.

Thank you.

7/26/2005 12:56:00 PM by Richard Bejtlich
# re: Running Windows with No Services

Mark,

when i try to kill smss.exe w/ process exp.

I get a "error opening process: access i denied"

however i am loged in as administrator.

This is a xp virtual machine that has a virus(s)

and i am noticing what Henry Skoglund said is hapening >>>

"Same if you try to remove the virus' Winlogon notification in the registry, it's magically rewritten by the virus."

so my question is why cant i kill smss.exe w/ process explorer...
thanks
BeN

7/26/2005 1:16:00 PM by BeN
# re: Running Windows with No Services

Actually you don't need to boot into win CD to remove stuff from winlogon registry entries. All you need to do is find the similar random dll's and use some magic with attrib and cacls. I was thinking of writing an in depth HowTo for this removal but I don't know if anyone would find any use for it. If you think I should write this HowTo, please email me.. I'd like to know.. thanks

btw. the problem is that the dll's that are run generate exe's which in turn generate more random dll's.

7/26/2005 3:34:00 PM by David J. E.
# re: Running Windows with No Services

What would be really useful would be a list of services that are probably not needed and why. I've tried randomly killing services and have had very little success making it work well that way.

7/26/2005 4:46:00 PM by Drew
# re: Running Windows with No Services

Another interesting achievement is to run Windows with no listening ports. (Using the free applet)

7/26/2005 5:55:00 PM by flatfly
# re: Running Windows with No Services

I've found this guide to controlling which services are truly critical, along with explanations. First link.
This can also be found at the site. It's the different ways one can align the various services to reduce the number of processes.
Second Link


7/26/2005 8:48:00 PM by Mike
# re: Running Windows with No Services

Drew: There's a page that deals with disabling "unnecessary" services here.

7/27/2005 2:12:00 AM by dsidler
# re: Running Windows with No Services

thanks for this. i got my lowest memory footprint ever with this.

But is there a way to hibernat e after killingthese processes, or just a way to run these proesses?then it would cool as well as useful

7/27/2005 7:24:00 AM by chessonly
# re: Running Windows with No Services

I always dreamed of an aplication that will stop all running services, so I can play a game, and after quiting the game, I will press a button to left all services running again

Dreaming is for free ...
:)

7/28/2005 5:16:00 PM by Oliver S.
# re: Running Windows with No Services

Please - some info on disabling anything possible during boot such as unused drivers, delay timers, etc.

7/28/2005 6:16:00 PM by k
# re: Running Windows with No Services

Cool. I created different Hardware profiles that run less services when I just want to play games. I was just doing trial and error on what I needed, but this will give me some direction.

Thx

7/28/2005 6:44:00 PM by corey
# re: Running Windows with No Services

Henry, regarding cleaning up viruses. I'd rather use a BART CD to clean up than go into the recovery console. It gives you many more options such as antispyware software and ghosting. See here http://www.nu2.nu/pebuilder/

7/28/2005 7:00:00 PM by shokk
# re: Running Windows with No Services

First Slashdot Post!

Gratitious Bash.org Quote:

#120296 +(4605)- [X]

once upon a midnight dreary, while i pron surfed, weak and weary, over many a strange and spurious site of ' hot xxx galore'. While i clicked my fav'rite bookmark, suddenly there came a warning, and my heart was filled with mourning, mourning for my dear amour, " 'Tis not possible!", i muttered, " give me back my free hardcore!"..... quoth the server, 404.
*cries*, scary....

Brought to you by Firecrotch18@slashdot.org

7/28/2005 8:10:00 PM by Firecrotch18
# re: Running Windows with No Services

The thing that really scared me was that I could run a remote desktop session.

I was thinking of using the pstools to script the whole process -- parse the output of pslist for process IDs or something...

7/28/2005 8:24:00 PM by david kilmer
# re: Running Windows with No Services

Perhaps someone should boot a knoppix disk and do an exaustive nmap run against the minimal box to see if anything is open to the world.

I don't have anything more recent than '98 on my boxes at home, so I can't do much to test this.

7/28/2005 10:25:00 PM by Stephdn Samuel
# re: Running Windows with No Services

Perhaps someone should boot a knoppix disk and do an exaustive nmap run against the minimal box to see if anything is open to the world.

I don't have anything more recent than '98 on my boxes at home, so I can't do much to test this.

7/28/2005 10:26:00 PM by Stephdn Samuel
# re: Running Windows with No Services

Hardlinking won't work to remove a virus - when you hardlink and then remove the hardlink, won't the virus-infected file end up with a link count of one and thus still accessible?

7/28/2005 10:29:00 PM by Michel
# re: Running Windows with No Services

So I was thinking about this too.

Is there a way to run a shell before the loging on processes. (I have disabled the logon part many times where I couldn't log on anymore :/)

For example run notepad.exe as a service, wouldn't it then start running before/parallel to winlogon? (If this wouldn't work with explorer.exe (the default shell) it might be possible with shells like litestep.

If that would work, then you could disable a whole lot of services and get a running system with minimal servieces available.

7/28/2005 11:17:00 PM by node
# re: Running Windows with No Services

Hello, Mark.
After the said steps, it seems some services stop working.
Well, the most important here, is the Windows Audio service:
%SystemRoot%\System32\audiosrv.dll
that is mentioned here:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AudioSrv

Is there a way to leave it working/start it manually after removing SRSS/Winlogon/Service.exe ?

The added responsiveness of the system after these operations is astonishing.

Thank you.

7/29/2005 6:23:00 AM by silvioster
# re: Running Windows with No Services

wow!

Very well written, I'm using Process Explorer since last 3-4 month but never thought of this :D For me this is like Running Linux desktop with No Services

7/29/2005 6:39:00 AM by Vivek
# re: Running Windows with No Services

More poking...
"Windows Audio Service" depends on the PlugPlay service, which is started as part of services.exe.

The Windows Audio service can be started standalone, in a separate svchost.

The PNP service, sadly, starts as part of services.exe and thus prevents terminating services.exe (since then pnp service and audio will break).

Is there a way to start PlugPlay service separately from services.exe ?

Thanks.

7/29/2005 9:07:00 AM by silvioster
# re: Running Windows with No Services

I'm running this way,. and will do as long as I can. Almost everything works, including full networking. Grisoft antivirus works, but the updates are unsuccessful.

The most interesting thing: windows clipboard is now broken. I can now Cut or Copy, but not Paste. What's up with that?

7/29/2005 9:24:00 AM by Nachman Ziskind
# re: Running Windows with No Services

There's a program called Enditall2 that can be used to shutdown services to run a game or whatever. It recommends what can be safely shutdown.

8/2/2005 4:35:00 AM by shegeek72
# re: Running Windows with No Services

Kinda interesting.
somewhat like Linux.
Except Linux keeps working.

8/9/2005 9:19:00 PM by Bytehd
# re: Running Windows with No Services

How do you start these services after they've been terminated?

This would be a lot more usefull, if it was easy to start these services again to regain functionality.

JF

8/19/2005 10:37:00 AM by Josh
# re: Running Windows with No Services

I backed into this thread/situation while trying to remove ziplogs/services.exe and ziplogs/csrss.exe. While I was able to remove the spyware, I also managed to remove or disable system32/services.exe and system32/csrss.exe. At least I've screwed something up.

I can report that the machine, Win2k SP4, will boot up just fine, and run all the programs I've tried so far. But I'm unable to make a connection to the net. Apparently the order of removing services.exer and/or csrss.exe is not as critical as one assumed.

Now that I have done this to myself, does anyone have an idea about how to bring back the "good" csrss.exe?

8/21/2005 8:56:00 PM by Dr. Spiff
# re: Running Windows with No Services

Hi,

I need urgent help.
I followed Mark's instructions and killed smss.exe, as well as Winlogon.exe, Lsass.exe, Services.exe.
Right after my computer processes became inactive. I cannot shut/restart the computer, cannot copy information to disks, USB and Printer are not shown either. So I have all files on the computer, but cannot transfer them any place or print.
What do I do?
How do I get things back to normal?
PLEASE answer me ASAP (email agne_garmute@hotmail.com).
Thank you in advance!!

Agne

8/23/2005 2:58:00 AM by agne
# re: Running Windows with No Services

Mark,
Read this little blog the other day. I'm seeing a problem which happens infrequently where several services: eg Logical Disk Manager,Network Connections,Routing and Remote Access, Telephony and Windows Management Instrumenation(WMI) all are terminated unexpectedly. Later WMI was successfully restarted. Have one other service that I didnot see a start at all. This needs to start otherwise we can't get access via a windows environment. If a service depends on one of the aborted services will it start up anyway? Would it be a good idea to restart these services that were terminated (and any others)?
Thanks,
Marty

8/24/2005 9:22:00 AM by MartyM
# re: Running Windows with No Services

You most likely have a corrupted winsock or tcp/ip stack, try this tool to fix this:
http://www.spychecker.com/download/download_winsockxpfix.html



http://www.spychecker.com/download/download_winsockxpfix.html

8/24/2005 5:33:00 PM by Anonymous
# re: Running Windows with No Services

If you want to kill or start process at certain times or intervals you should look at VisualCron -> http://www.visualcron.com

regards Jake

8/31/2005 3:20:00 PM by Anonymous
# re: Running Windows with No Services

I am looking for the services used in this project, a method to stop them at startup. Without user intervention.

All but lsass in order to restart closed services when they become needed

9/7/2005 10:09:00 PM by Anonymous
# re: Running Windows with No Services

Oh, there is a way to kill csrss.exe on xp/2003. RtlSetProcessIsCritical cannot reset the 'critical' flag for another process, but NtSetInformationProcess can (with 1dh as info class and DWORD as data with new value of the flag). Also, maybe suspending all the threads of service processes (and the allocating a big bit of memory as not-pageable to swap away service memory) can help while playing game. And it enables easy restarting of the service and no problems with ring0 threads...

9/8/2005 9:57:00 AM by diantus
# re: Running Windows with No Services

Wicked
Tip !! >> use win2003 server rc2 as a workstation with these "tweaks"

i tried this with an alternative shell (litestep) and a other file manager xplorer2 really works
litestep handels al the directing and everything works !!!

been running for 2 weeks now gaming internet runs splendid just one thing missing is it cxan't make some coffee ;)

abraxu

9/9/2005 11:47:00 AM by Anonymous
# re: Running Windows with No Services

Hello, your article is very good.
Maybe someone will help me with the following. I'm trying to fix spyware on a comp remotely, that means I can't use safe mode, recovery console or clean-DOS mode.
The spyware was attached to winlogon.exe as a dll, as described above by Henry Skoglund.

I run ProcessExplorer, an tried to kill processes smss.exe and winlogon.exe . Although in both cases it says:
---------------------------
Process Explorer
---------------------------
Error opening process: Access is denied.

---------------------------
OK
---------------------------

Did I understand it right that I have no SeDebugPrivilege? (I work as an administrator).

Then I run
ntrights -u Administrators +r SeDebugPrivilege

it says:
Granting SeDebugPrivilege to Administrators ... successful

but it doesn't help, i still can't kill the processes.
Did I understand it right that spyware process quickly removes the privilege?
What can be done?
Can I somehow see which privileges do I have at the present moment?

I'm not searching for solution for removal of this particular spyware (btw its site is www.contextplus.com , but it doesn't matter much), but I want to find a general solution to problem of killing processes.

9/11/2005 4:16:00 PM by blinkenlight
# re: Running Windows with No Services

I have found a program that shows privilegese. It is called showpriv.exe , from Windows Server 2003 Resource Kit Tools.

It says I have SeDebugPrivilege. So, what can be wrong? Why can't I kill smss.exe and winlogon.exe?

--
blinkenlight

9/11/2005 4:43:00 PM by Anonymous
# re: Running Windows with No Services

I am trying to make a bat executable that would disable certains services i want to be disabled (so doing i can disable them just by running a bat and not needed to do manually, when u do on alot of pc can be bothersome) i found there is a prog for stopping services (net stop) but until now i was not able to find an exe that could DISABLE them...
any suggestion?

10/9/2005 3:27:00 PM by Agostino
# re: Running Windows with No Services

I have Windows XP and my task manager will not show up anymore by right clicking the task bar or by clt alt delete. please help.

thank you derek

10/13/2005 11:28:00 AM by Derek_R.
# re: Running Windows with No Services

Probably not much worth mentioning, but (ill-advisedly) it is quite easy to halt the "one minute shutdown" using shutdown.exe - if for instance, I choose to terminate a service that prompts this dialogue, I can open a command-line and type:

shutdown.exe -a

I have a shortcut on my taskbar with the path:

%windir%\System32\shutdown.exe -a

I also use shortcuts for one-click reboot and shutdown:

%windir%\System32\shutdown.exe -r -t 5
(5sec reboot)

%windir%\System32\shutdown.exe -s -t 10
(10sec shutdown)

...either of which I can halt with the 'abort' button.

I can honestly say that I'm not fully aware of the repercussions of aborting a shutdown after terminating critical services, so abort at your own risk.

WH

10/17/2005 1:34:00 PM by White Hawk
# re: Running Windows with No Services

Hi Mark,

I have tried your rootkit detection tool, it was very useful. What it detected was kind of odd, i found out that mutiple ip addresses are constantly trying to hack me. The "Inncoming count" and "blocked count" registry values of my firewall (zonealarm) are getting bigger contantly. The problem is in my router, it's trying to send packages to 255.255.255.255 on port 162.

Do you have any ideas about what's going on with my router? Thanks in advance.

JanWillem

11/2/2005 8:28:00 AM by Jan
# re: Running Windows with No Services

Hi Mark,

I read an article that refered to this site, and found your rootkit-detection tool. It's very nice, but it got me wondering about my security again. I tightened my firewall rules and now my firewall (zonealarm) is very often blocking packages that are being sent from my router to 255.255.255.255 on port 162 (snmptrap)

11/2/2005 8:34:00 AM by Jan
# re: Running Windows with No Services

2 Jan

UDP port 162 is used by Simple Network Management Protocol (SNMP). If by router you mean your home router/NAT box see if you can disable SNMP on it. 255.255.255.255 broadcasts may also be coming from your ISP and your router not supposed to pass thouse on to a LAN portion of your network.

11/2/2005 2:48:00 PM by FarEast
# re: Running Windows with No Services

I found a way to stop 1 virus "msupdate.exe" from running.
I tryed deleting it "msupdate"
but some other hidden program would replace it on the next boot.
so what i did was i edited the file itself "msupdate.exe" by removing the last half of it with a hex editer and saved it back to
its folder.The hidden file that replaces it at startup when its been deleated only checks
for its presence before running it
.once it sees the file is there
it takes no action to fix or replace it
it has worked so far.and as an added benefit "im hopeing " I wont get reinfected again as long as the currupted virus copy stays
where it was placed in the begining.

11/13/2005 9:45:00 AM by charliefromwashington
# re: Running Windows with No Services

I have already proved that ONLY lsa subsystem(lsass.exe and those stuffs supporting it) can be removed in order to maintain full functionality of a NT based system. What is lost is just that you cannot create privilege-limited users/groups, which functionality is totally redundant for most personal users.

By rewriting a minimal winlogon.exe, I got a astonishing windows xp system. It takes 7 seconds or so to show the explorer desktop, and HDD LED goes out with 8 seconds...

Would anybody tell me how to post a picture so that I can present the pictures showing how well my system runs, thanks a lot.

11/26/2005 5:59:00 AM by BeatNBBZ
# re: Running Windows with No Services

You don't even need to "kill" winlogon if an infected DLL file is "latched" to it.

Just use the "suspend" feature in Process Explorer.

Instead of closing a process, suspend does the same function, basically, but it also adds the functionality of resuming the process afterwards.

Try it. It’s wonderful for getting rid of infected DLL’s.

1/7/2006 12:41:00 PM by Anonymous
# re: Running Windows with No Services

Hello

Interesting topic.

Is there any manual way to kill Smss.exe without installing Process Explorer ?

1/15/2006 9:13:00 AM by Anonymous
# re: Running Windows with No Services

You can also set an interactive task to run a WMI script to kill
these processes.

1/19/2006 2:07:00 AM by Mosaic1
# re: Running Windows with No Services

Mark,

I have been working on the Security forums and have found that even with ntrights saying the SeDebugPrivilege was restored, it may not be in place even after a log off and back on or even a restart for several reasons. One easy way to test whether it is in place and effective is to try and open Sysinternals Regmon. If it opens without an error, then the privilege is in place. If not, and you have tried ntrights several times, try the L2Mfix in the event there are leftovers from a previous VX2 infection.

At any rate, if still no joy, Regmon won't run, and you have ruled out a rootkit then running an Interactive task to run pskill or a WMI script to kill session manager and winlogon has been known to work. If the case is that in fact SeDebugPrivileg is not in working order.

1/21/2006 4:30:00 PM by Mosaic1
# re: Running Windows with No Services

..not realy on topic, but i think some may find it useful. try setting Deny Write to winlogon.exe to all users of the system including 'nt authority' called SYSTEM. the system logs in first so be sure u leave the SYSTEM with Read&Execute if u want your windows to load.
even if winlogon.exe is not patched that kept worms(and the rest of the crawlers) away from my win2kas

1/27/2006 1:07:00 AM by Coro
# re: Running Windows with No Services

can it be "Wicked" with win2k ?

can a shell load before/in place of winlogon.exe, it seems to load alot of things with it, what is the minimal winlogon.exe ? how do you make it ?

2/4/2006 7:26:00 AM by Monohouse
# re: Running Windows with No Services

Still nobody gave a clear solution to the problem: "Error opening process: access is denied". Does such a solution exist, or we have to reinstall Windows?

Thanks!!

4/11/2006 8:28:00 AM by hl
# re: Running Windows with No Services

Hmm, a very interesting read ... but doesn't solve my particular problem, which is what led me here in the first place.

I've been given a small mound of Dell slabs I wish to turn into single-app dedicated machines running Windows 2000 (Pro SP4). Each slab has more than enough RAM to hold the kernel and run the app, so I don't want VM. What I'm trying to find out is how to permanently disable the pagefile with Win2000 ... I've tried setting the page to 0 MB, but what happens is Win2000 whines at next boot there's no swap, and goes ahead & makes a 20 MB swap anyway.

Other places I've asked or researched have said "can't be done", which is bollocks -- I've seen embedded Win2000 machines running from ROM, no HD, and a miniscule amount of RAM, so I know it can be done, I just don't know (and can't find out) *how* it's done.

Thoughts, anyone?

4/14/2006 1:37:00 AM by Geoffrey
# re: Running Windows with No Services

It seems the MS has "Fixed" the "Mistake" and is noe denying access to smss and the rest of the files.
Finally one thing that is usfull in getting rid of viruses, and the idiots at "microshit" has to repair it.
MS, here is an advice:
FIRST MAKE SURE THAT WINDOWS WORKS!!!

5/26/2006 1:59:00 PM by Anonymous
# re: Running Windows with No Services

Is there any way to restart the machine successfully without force reboot, after killing all the services and say, removing a bad file attached to winlogon.exe?

6/23/2006 9:31:00 AM by Anonymous
# re: Running Windows with No Services

Geoffrey, the closest I think you will get easily is to set the pagefile to 2MB and then set DisablePagingExecutive.

That will allow you to get the best possible performance if you have plenty of memory. I wish it were easy to truly to set it to 0, but it appears Microsoft thinks it knows best, as usual.

And also, you can still kill smss and the rest of them using icesword. It allows you to kill just about anything bypassing any restrictions. It can do this because it acts like a rootkit. In fact I've taken out quite a few rootkits directly just by using icesword only.

8/20/2006 2:24:00 PM by Anonymous
# re: Running Windows with No Services

I need more informations about "Structured Settlements". Ive just got a payout and I need to talk to some one about

structured settlements. Ive heard that you can get more money by selling your one off payment for tiered payment system which

will ensure that you have money for the long run. I found a few articles at http://structured-settlement-payout.com but these

only seemed to confuse me. Any ideas?

9/21/2006 3:15:00 PM by sspecialme11
# re: Running Windows with No Services

It will be great to be able to buy a windows version with almost no services activated by default.
Actually, it takes more time to optimize windows resident than installing the OS.

10/25/2006 7:01:00 AM by YVN
Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • PingBack from http://www.seanhenderson.com/make-your-laptop-run-like-a-champ/

  • Estaba buscando info sobre unos servicios de windows y me encontré con esta nota en el blog de Mark krussinovich

  • I'm running Windows 7 Ultimate x64 (Build 7600).

    Just tried killing smss.exe and got a BSOD (Stop F4, CRITICAL_OBJECT_TERMINATION bug check).

    Rebooted, killed all user processes and repeated, with same result.

    This seems to contradict the note about Vista and 7 at the end of the article...