Added Windows Service optimization to Harden System Security (#1119)

Added a new section to the Service Manager in the Harden System Security app that offers a quick and easy way to optimize your system by disabling and stopping services that are rarely used.

Author: HotCakeX

Harden System Security/Pages/ServiceManager.xaml

@@ -124,6 +124,69 @@
                             </DataTemplate>
                         </ToggleButton.ContentTemplate>
                     </ToggleButton>
+
+                    <!-- Optimize Services Flyout -->
+                    <Button VerticalAlignment="Center"
+                            x:Uid="OptimizeServicesButton"
+                            IsEnabled="{x:Bind ViewModel.AreElementsEnabled, Mode=OneWay}">
+                        <Button.ContentTemplate>
+                            <DataTemplate x:DataType="x:String">
+                                <StackPanel Orientation="Horizontal" Spacing="8">
+                                    <FontIcon Glyph="&#xEC4A;" FontSize="16"/>
+                                    <TextBlock Text="{x:Bind}"/>
+                                </StackPanel>
+                            </DataTemplate>
+                        </Button.ContentTemplate>
+                        <Button.Flyout>
+                            <Flyout Placement="BottomEdgeAlignedLeft">
+                                <Grid Width="380">
+                                    <Grid.RowDefinitions>
+                                        <RowDefinition Height="Auto"/>
+                                        <RowDefinition Height="Auto"/>
+                                        <RowDefinition Height="*"/>
+                                    </Grid.RowDefinitions>
+
+                                    <TextBlock Grid.Row="0" x:Uid="RecommendedServices" Style="{StaticResource SubtitleTextBlockStyle}" Margin="0,0,0,12"/>
+
+                                    <Button Grid.Row="1" x:Uid="StopAndDisableAllRecommendedServicesButton" HorizontalAlignment="Stretch" Margin="0,0,0,12" Click="{x:Bind ViewModel.DisableAndStopAllRecommendedServices_Click}">
+                                        <Button.ContentTemplate>
+                                            <DataTemplate x:DataType="x:String">
+                                                <StackPanel Orientation="Horizontal" Spacing="8" HorizontalAlignment="Center">
+                                                    <FontIcon Glyph="&#xE71A;" FontSize="14" Foreground="{ThemeResource SystemFillColorCriticalBrush}"/>
+                                                    <TextBlock Text="{x:Bind}"/>
+                                                </StackPanel>
+                                            </DataTemplate>
+                                        </Button.ContentTemplate>
+                                    </Button>
+
+                                    <ScrollViewer Grid.Row="2" MaxHeight="400" VerticalScrollBarVisibility="Auto" Padding="0,0,8,0">
+                                        <ItemsControl ItemsSource="{x:Bind ViewModel.RecommendedServices, Mode=OneWay}">
+                                            <ItemsControl.ItemTemplate>
+                                                <DataTemplate x:DataType="vm:RecommendedService">
+                                                    <Border Margin="0,0,0,8" Padding="12" CornerRadius="8" BorderThickness="1" BorderBrush="{ThemeResource SurfaceStrokeColorDefaultBrush}" Background="{ThemeResource CardBackgroundFillColorSecondaryBrush}">
+                                                        <Grid ColumnSpacing="12">
+                                                            <Grid.ColumnDefinitions>
+                                                                <ColumnDefinition Width="*"/>
+                                                                <ColumnDefinition Width="Auto"/>
+                                                            </Grid.ColumnDefinitions>
+                                                            <StackPanel Grid.Column="0" Spacing="4" VerticalAlignment="Center">
+                                                                <TextBlock Text="{x:Bind DisplayName}" Style="{StaticResource BodyStrongTextBlockStyle}"/>
+                                                                <TextBlock Text="{x:Bind Description}" Style="{StaticResource CaptionTextBlockStyle}" Foreground="{ThemeResource TextFillColorSecondaryBrush}" TextWrapping="Wrap"/>
+                                                            </StackPanel>
+                                                            <Button Grid.Column="1" VerticalAlignment="Center" Tag="{x:Bind}" Click="{x:Bind vm:ViewModelProvider.ServiceManagerVM.DisableAndStopRecommendedService_Click}" x:Uid="StopAndDisableServiceButton">
+                                                                <FontIcon Glyph="&#xE71A;" Foreground="{ThemeResource SystemFillColorCriticalBrush}"/>
+                                                            </Button>
+                                                        </Grid>
+                                                    </Border>
+                                                </DataTemplate>
+                                            </ItemsControl.ItemTemplate>
+                                        </ItemsControl>
+                                    </ScrollViewer>
+                                </Grid>
+                            </Flyout>
+                        </Button.Flyout>
+                    </Button>
+
                 </StackPanel>
             </Border>
 
@@ -354,7 +417,7 @@
                                             </Grid.ColumnDefinitions>
 
                                             <!-- Column 0: Service Name -->
-                                            <TextBlock Grid.Column="0" Text="{x:Bind Item.ServiceName}" Style="{StaticResource BodyStrongTextBlockStyle}" VerticalAlignment="Center" TextWrapping="NoWrap" TextTrimming="CharacterEllipsis" ToolTipService.ToolTip="{x:Bind Item.ServiceName}"/>
+                                            <TextBlock Grid.Column="0" Text="{x:Bind Item.ServiceName}" Style="{StaticResource BodyStrongTextBlockStyle}" VerticalAlignment="Center" TextWrapping="NoWrap" TextTrimming="CharacterEllipsis" IsTextSelectionEnabled="True" ToolTipService.ToolTip="{x:Bind Item.ServiceName}"/>
 
                                             <!-- Column 1: Display Name -->
                                             <TextBlock Grid.Column="1" Text="{x:Bind Item.DisplayName}" Style="{StaticResource BodyTextBlockStyle}" VerticalAlignment="Center" TextWrapping="NoWrap" TextTrimming="CharacterEllipsis" ToolTipService.ToolTip="{x:Bind Item.DisplayName}"/>

Harden System Security/Strings/en-US/Resources.resw

@@ -5594,4 +5594,47 @@ Thumbprint: {3}</value>
   <data name="ElevationContextSwitchButtonTeachingTip.ActionButtonContent" xml:space="preserve">
     <value>Relaunch</value>
   </data>
+  <!--NEW-->
+  <data name="OptimizeServicesButton.Content" xml:space="preserve">
+    <value>Optimize</value>
+  </data>
+  <data name="OptimizeServicesButton.ToolTipService.ToolTip" xml:space="preserve">
+    <value>Optimize the system services by stopping and disabling certain rarely used and safe to disable services in Windows. You can always undo these actions at any time.</value>
+  </data>
+  <data name="OptimizeServicesButton.AutomationProperties.HelpText" xml:space="preserve">
+    <value>Optimize the system services by stopping and disabling certain rarely used and safe to disable services in Windows. You can always undo these actions at any time.</value>
+  </data>
+  <data name="RecommendedServices.Text" xml:space="preserve">
+    <value>Recommended Services</value>
+  </data>
+  <data name="StopAndDisableAllRecommendedServicesButton.Content" xml:space="preserve">
+    <value>Stop and disable all</value>
+  </data>
+  <data name="StopAndDisableAllRecommendedServicesButton.ToolTipService.ToolTip" xml:space="preserve">
+    <value>Stop and disable all of the recommended services.</value>
+  </data>
+  <data name="StopAndDisableAllRecommendedServicesButton.AutomationProperties.HelpText" xml:space="preserve">
+    <value>Stop and disable all of the recommended services.</value>
+  </data>
+  <data name="MapsBrokerServiceDescription" xml:space="preserve">
+    <value>This is used to manage downloaded maps in Windows.</value>
+  </data>
+  <data name="WebClientServiceDescription" xml:space="preserve">
+    <value>Disabling this is recommended by Microsoft to improve security.</value>
+  </data>
+  <data name="StiSvcServiceDescription" xml:space="preserve">
+    <value>Only disable this if you do not use a scanner, digital camera or their image acquisition functions.</value>
+  </data>
+  <data name="DusmSvcServiceDescription" xml:space="preserve">
+    <value>Only disable this if you do not worry about data caps, you don't limit your network usage and you do not use metered networks.</value>
+  </data>
+  <data name="StopAndDisableServiceButton.ToolTipService.ToolTip" xml:space="preserve">
+    <value>Stop and disable the service.</value>
+  </data>
+  <data name="StopAndDisableServiceButton.AutomationProperties.HelpText" xml:space="preserve">
+    <value>Stop and disable the service.</value>
+  </data>
+  <data name="FileEnumerationDurationMessage" xml:space="preserve">
+    <value>File enumeration took {0} hours and {1} minutes and {2} seconds to complete.</value>
+  </data>
 </root>

Harden System Security/ViewModels/MiscellaneousConfigsVM.cs

@@ -322,43 +322,7 @@ private static List<MUnit> CreateUnits()
 
 				applyStrategy: new DefaultApply(() =>
 				{
-					IntPtr scManager = NativeMethods.OpenSCManagerW(null, null, NativeMethods.SC_MANAGER_CONNECT);
-					if (scManager != IntPtr.Zero)
-					{
-						try
-						{
-							IntPtr hService = NativeMethods.OpenServiceW(scManager, "WebClient", NativeMethods.SERVICE_CHANGE_CONFIG | NativeMethods.SERVICE_STOP);
-							if (hService != IntPtr.Zero)
-							{
-								try
-								{
-									SERVICE_STATUS status = new();
-									_ = NativeMethods.ControlService(hService, NativeMethods.SERVICE_CONTROL_STOP, ref status);
-
-									_ = NativeMethods.ChangeServiceConfigW(
-										hService,
-										NativeMethods.SERVICE_NO_CHANGE,
-										4, // SERVICE_DISABLED
-										NativeMethods.SERVICE_NO_CHANGE,
-										null,
-										null,
-										IntPtr.Zero,
-										IntPtr.Zero,
-										null,
-										null,
-										null);
-								}
-								finally
-								{
-									_ = NativeMethods.CloseServiceHandle(hService);
-								}
-							}
-						}
-						finally
-						{
-							_ = NativeMethods.CloseServiceHandle(scManager);
-						}
-					}
+					ViewModels.ServiceManagerVM.DisableAndStopServices(["WebClient"]);
 				}),
 
 				verifyStrategy: new DefaultVerify(() =>

Harden System Security/ViewModels/ServiceManagerVM.cs

@@ -30,6 +30,13 @@
 
 namespace HardenSystemSecurity.ViewModels;
 
+internal sealed class RecommendedService(string serviceName, string displayName, string description)
+{
+	internal string ServiceName => serviceName;
+	internal string DisplayName => displayName;
+	internal string Description => description;
+}
+
 internal sealed partial class ServiceItemViewModel : ViewModelBase
 {
 	internal ServiceItem Item { get; }
@@ -267,7 +274,6 @@ internal sealed partial class ServiceManagerVM : ViewModelBase
 {
 	internal ServiceManagerVM() => FilteredServices.CollectionChanged += (s, e) => OnPropertyChanged(nameof(EmptyStatePlaceholderVisibility));
 
-
 	internal readonly InfoBarSettings MainInfoBar = new();
 
 	// Whether the UI elements are enabled or disabled
@@ -307,6 +313,14 @@ internal bool IsLoading
 	internal readonly RangedObservableCollection<ServiceItemViewModel> FilteredServices = [];
 	internal readonly RangedObservableCollection<FilterGroupVM> FilterGroups = [];
 
+	internal readonly List<RecommendedService> RecommendedServices =
+	[
+		new("MapsBroker", "Maps Broker", Atlas.GetStr("MapsBrokerServiceDescription")),
+		new("WebClient", "Web Client", Atlas.GetStr("WebClientServiceDescription")),
+		new("StiSvc", "Windows Image acquisition", Atlas.GetStr("StiSvcServiceDescription")),
+		new("DusmSvc", "Data usage restriction", Atlas.GetStr("DusmSvcServiceDescription"))
+	];
+
 	internal Visibility EmptyStatePlaceholderVisibility => FilteredServices.Count == 0 ? Visibility.Visible : Visibility.Collapsed;
 
 	internal string? SearchText
@@ -998,7 +1012,6 @@ internal async void CopyItem_Click(object sender, RoutedEventArgs e)
 		}
 	}
 
-
 	private bool ModifyServiceConfig(string serviceName, uint serviceType, uint startType, uint errorControl)
 	{
 		IntPtr scManager = NativeMethods.OpenSCManagerW(null, null, NativeMethods.SC_MANAGER_CONNECT);
@@ -1450,6 +1463,111 @@ internal async void LoadServicesButton_Loaded(object sender, Microsoft.UI.Xaml.R
 		if (AllServices.Count == 0)
 			_ = await FocusManager.TryFocusAsync((Button)sender, Microsoft.UI.Xaml.FocusState.Keyboard);
 	}
+
+	internal async void DisableAndStopRecommendedService_Click(object sender, RoutedEventArgs e)
+	{
+		if (sender is Button button && button.Tag is RecommendedService service)
+		{
+			try
+			{
+				AreElementsEnabled = false;
+
+				await Task.Run(() =>
+				{
+					DisableAndStopServices([service.ServiceName]);
+				});
+
+				MainInfoBar.WriteSuccess($"Successfully disabled and stopped {service.DisplayName}.");
+				RefreshList();
+			}
+			catch (Exception ex)
+			{
+				MainInfoBar.WriteError(ex);
+			}
+			finally
+			{
+				AreElementsEnabled = true;
+			}
+		}
+	}
+
+	internal async void DisableAndStopAllRecommendedServices_Click(object sender, RoutedEventArgs e)
+	{
+		try
+		{
+			AreElementsEnabled = false;
+
+			List<string> list = new(RecommendedServices.Count);
+			foreach (RecommendedService s in RecommendedServices)
+			{
+				list.Add(s.ServiceName);
+			}
+
+			await Task.Run(() =>
+			{
+				DisableAndStopServices(list);
+			});
+
+			MainInfoBar.WriteSuccess("Successfully disabled and stopped all recommended services.");
+			RefreshList();
+		}
+		catch (Exception ex)
+		{
+			MainInfoBar.WriteError(ex);
+		}
+		finally
+		{
+			AreElementsEnabled = true;
+		}
+	}
+
+	/// <summary>
+	/// Disables and stops services.
+	/// </summary>
+	/// <param name="serviceNames">Service names to disable and stop.</param>
+	internal static void DisableAndStopServices(List<string> serviceNames)
+	{
+		IntPtr scManager = NativeMethods.OpenSCManagerW(null, null, NativeMethods.SC_MANAGER_CONNECT);
+		if (scManager != IntPtr.Zero)
+		{
+			try
+			{
+				foreach (string serviceName in CollectionsMarshal.AsSpan(serviceNames))
+				{
+					IntPtr hService = NativeMethods.OpenServiceW(scManager, serviceName, NativeMethods.SERVICE_CHANGE_CONFIG | NativeMethods.SERVICE_STOP);
+					if (hService != IntPtr.Zero)
+					{
+						try
+						{
+							SERVICE_STATUS status = new();
+							_ = NativeMethods.ControlService(hService, NativeMethods.SERVICE_CONTROL_STOP, ref status);
+
+							_ = NativeMethods.ChangeServiceConfigW(
+								hService,
+								NativeMethods.SERVICE_NO_CHANGE,
+								4, // SERVICE_DISABLED
+								NativeMethods.SERVICE_NO_CHANGE,
+								null,
+								null,
+								IntPtr.Zero,
+								IntPtr.Zero,
+								null,
+								null,
+								null);
+						}
+						finally
+						{
+							_ = NativeMethods.CloseServiceHandle(hService);
+						}
+					}
+				}
+			}
+			finally
+			{
+				_ = NativeMethods.CloseServiceHandle(scManager);
+			}
+		}
+	}
 }
 
 [System.Runtime.InteropServices.Marshalling.GeneratedComClass]