Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
Win7/8 Split svchost Option
I liked how MS split the svchost services on Windows 10 if the user has 4GB+ of RAM for stability in case one happens to crash it won't take the others with it. I thought I'd try to reproduce it on my Win7 VM and while I've only tested a handful so far I I've had issues with two. I'll list those below but I was wondering if it might be an option you'd want to include [if it works out] so users can activate it from within NTlite for Windows 7 and 8 as well since it would just require registry changes to implement? eg change Type from 20 to 10
So far it seems only RpcEptMapper and RpcSs can't be split. Changing those results in the system never completing the boot up into windows.
These I have tested without "noticeable" issues on a VM so far:
Update1: Expanded my tests to just about all the others and while I haven't been through all possible aspects I did come across a quirk with regards to Aero. It seems to require the UxSms service and WdiSystemHost to remain set as Share(d) [20] or it mostly wants you to troubleshoot Aero effects and never uses it 'properly' after the sysprep and oobe stages.
As an after-thought I figured this might actually also explain why I was never able to remove the Diagnostics services and still retain Aero capabilities before. I've completed a test image to be sure that removal with NTLite (and then re-adding JUST WdiSystemHost [with Start=4] (it had the other keys than just Start in case that's how it sounded but it was just that service that was re-added but start was disabled) via a reg file with the SetupComplete.cmd; ~yup the actual files are all still removed) results in Aero being available and functioning {with accompanying/proper video drivers}. I've wanted to remove DPS + the others for a while but always ended up keeping them only for Aero as they don't do much good with powershell removed anyway but I never wasted enough time to isolate this one service as being involved before.
This results in WdiSystemHost being the second one I've actually needed to keep for 'some reason' or another. The first being the TermService in order to avoid many rather annoying Event Log errors.
Update2:
Sysprep/Capture/NTlite/ISO-Build/NewInstall(VM) phases all complete and resulted in a Win7 image working w Aero yet still having Diagnostics "REMOVED".../yay! I will of course update here further if I encounter future svchost oddities on 7 while splitting them like this. Yet at this particular moment I am super happy that the time spent solving this one has helped me twofold. /happydance
Mind you there were a few instances where I could get Aero working without the existing WdiSystemHost but for a 100% reproducible case [on my end] it seemed to be required. Don't ask me why. Makes no sense to me(yet)! I await your wisdom....
So far it seems only RpcEptMapper and RpcSs can't be split. Changing those results in the system never completing the boot up into windows.
These I have tested without "noticeable" issues on a VM so far:
AppIDSvc
AppInfo
AudioEndpointBuilder
AudioSrv
BFE
BITS
CryptSvc
DcomLaunch
Dhcp
Dnscache
DPS
eventlog
EventSystem
gpsvc
KtmRm
MMCSS
MpsSvc
Netman
netprofm
NlaSvc
nsi
pla
PlugPlay
Power
ProfSvc
Schedule
seclogon
SENS
sppuinotify
TermService
Themes
THREADORDER
UxSms
WcsPlugInService
WdiServiceHost
WdiSystemHost
Wecsvc
Winmgmt
WPDBusEnum
wuauserv
wudfsvcUpdate1: Expanded my tests to just about all the others and while I haven't been through all possible aspects I did come across a quirk with regards to Aero. It seems to require the UxSms service and WdiSystemHost to remain set as Share(d) [20] or it mostly wants you to troubleshoot Aero effects and never uses it 'properly' after the sysprep and oobe stages.
As an after-thought I figured this might actually also explain why I was never able to remove the Diagnostics services and still retain Aero capabilities before. I've completed a test image to be sure that removal with NTLite (and then re-adding JUST WdiSystemHost [with Start=4] (it had the other keys than just Start in case that's how it sounded but it was just that service that was re-added but start was disabled) via a reg file with the SetupComplete.cmd; ~yup the actual files are all still removed) results in Aero being available and functioning {with accompanying/proper video drivers}. I've wanted to remove DPS + the others for a while but always ended up keeping them only for Aero as they don't do much good with powershell removed anyway but I never wasted enough time to isolate this one service as being involved before.
This results in WdiSystemHost being the second one I've actually needed to keep for 'some reason' or another. The first being the TermService in order to avoid many rather annoying Event Log errors.
Update2:
Sysprep/Capture/NTlite/ISO-Build/NewInstall(VM) phases all complete and resulted in a Win7 image working w Aero yet still having Diagnostics "REMOVED".../yay! I will of course update here further if I encounter future svchost oddities on 7 while splitting them like this. Yet at this particular moment I am super happy that the time spent solving this one has helped me twofold. /happydance
Mind you there were a few instances where I could get Aero working without the existing WdiSystemHost but for a 100% reproducible case [on my end] it seemed to be required. Don't ask me why. Makes no sense to me(yet)! I await your wisdom....
Comments
Hi e_web,
interesting topic, was saving it for later, so pardon the delay.
Are you using the word "Split" for "Grouping"?
That said, I'm a bit confused as to what was the goal, group them as shown in Task Manager (attached) or, what's the benefit? Don't understand that 4GB limit and crashing, are you saying it all crashes svchost normally when one service under Win7 is crashed?
Sorry if my wisdom is not as expected
Thanks!
I've attached a zipped .bat I made to work on both 7/8 to apply this change in a VM before sysprep but so far as NTLite would be concerned [if you wanted to add this] you'd just want to scan the ControlSet1\services\ for svchost.exe -k in the ImagePath or something and change the Type dword from 0x20 to 0x10
So far [I haven't been able to test everything] just RpcEptMapper and RpcSs need to be kept grouped for stability then there was WdiSystemHost and UxSms for proper Aero functionality.
https://blogs.windows.com/windowsexperience/2016/10/07/announcing-windows-10-insider-preview-build-14942-for-pc/ Update:
Looking at a Win10 CU install I noticed that both BFE & MpsSvc were kept as shared [together, though it uses jobs]. I've tested basic firewall rules on my VM and they seem to work split on Win7 but I wonder if there is something they know that I haven't seen yet? Also under one of the "Critical System Services" lists I found they list Dcom & PnP were there. So, while all four of those seem to work fine split on Win7 thus far both cases should likely be kept in mind for any future oddities noticed?
Update 2:
After mulling over stuff a bit more today I did manual testing killing services in a Win7 VM and found that it was pointless to split DcomLaunch, PlugPlay and Power. Killing any of these three requires a reboot anyway so I've restored them as shared in my sysprep vm. There didn't seem to be any harm in having them separate, just not much help either.
I'm still not seeing any reason to keep BFE and MpsSvc shared like there were in Win10 CU. I just don't see why the firewall crashing or getting killed should take out the entire BFE with it so I think I'll retain the split for them on my end unless I notice something down the line.
Replaced attached .bat to account for this change.
Potentially FW and BFE have either the performance or security benefit of staying grouped, I would ask MS if you want to be certain, but you would need a direct to dev contact, no one else will know the answer.
I have 4 under DCOM, and 3 under Service Host: Local Service (includes FW/BFE and core messaging). All else split or removed.
Also another point making me reluctant from adding this option, is the fact that RpcSs fails if split, which means there is something else going on, not just saving memory. And the same might trigger in FW/BFE in some situation.
I do like the idea, please keep me updated.
Thanks.
I mostly kept it similar to the way Win10 CU splits them. I kept the 'critical' services grouped which of course includes RpcSs as you mentioned. Even windows 10 doesn't split them and as I noted it didn't work when I tried either on 7
In the end, for my Win7 build, I kept these grouped:
DcomLaunch, Power, PlugPlay (same as Win10 CU)
RpcSs and RpcEptMapper (same as Win10 CU)
WdiSystemHost and UxSms (to retain proper Aero functionality 100% of the time)
I don't currently have the BFE and MpsSvc grouped. I did test the firewall to ensure both inbound and outbound rules and policies still functioned but there obviously wouldn't be any harm keeping them together like MS did in Win10 CU just in case.
It seems as though all else can be split on Windows 7 just like on the Win10 CU.