Follow these steps to create a new email address in Plesk with the Power-user interface:

1. Open the Mail menu from the left column of the Plesk panel
2. Click the Create email address button
3. Enter the local part of the address (before the @ symbol) alongside the Email Address field
4. Select the domain name for the address from the drop-down to the right of the @ symbol
5. Select if you want to allow access to the customer Plesk panel using this email address using the tick-box for Access to the Customer Panel
6. Enter a password for the email and re-enter into the confirm password field or select Generate to automatically generate a password for the address
7. You can select to apply the default mailbox size or select Another size to set a disk space quota for the mailbox
8. Optional: You can enter a description for the email address into the Description in Plesk field, or you can leave this field blank
9. Click OK at the bottom of the page to create the address.

Service Provider interface

Follow these steps to create a new email address in Plesk with the Service-provider interface:

1. Open the domains menu from the left column of the Plesk panel.
2. Click the domain name that you want to create an email address for from the list on the following page
3. Click the Mail or Email Addresses link from the domain control panel page
4. Click the Create email address button to add a new address
5. Enter the local part of the address (before the @ symbol) alongside the Email Address field
6. Enter a password for the email and re-enter into the confirm password field or select Generate to automatically generate a password for the address
7. You can select to apply the default mailbox size or select Another size to set a disk space quota for the mailbox
8. Optional: You can enter a description for the email address into the Description in Plesk field, or you can leave this field blank
9. Click OK at the bottom of the page to create the address.

Email Client Settings

The following settings can be used to add the address to an email client application/device:

Account type: POP or IMAP
Incoming server: mail.yourdomain.com
Username: full email address
Password: Enter the mailbox password for the address
Incoming Port: 110 for POP accounts, 143 for IMAP accounts.
Outgoing server: mail.yourdomain.com
Authentication: Authentication is required for outgoing mail, using the same username/password as incoming settings.
Outgoing Port: 25

These are some notes on setting up a small mail server suitable for a single user or a few users.

This setup uses the following projects to enable sending and receiving mail using SPF, DKIM, and DMARC for email authentication:

• Postfix for mail transfer and delivery to Dovecot via LMTP.
• Dovecot for IMAP access and SASL for Postfix with Pigeonhole for Sieve message filtering support
• Rspamd for spam filtering, email authentication validation, and DKIM signing (with Redis for caching)
• Let’s Encrypt and certbot to provide SSL certs

Moreover this configuration enables support for sending and receiving mail on two domains whereby the two domains mirror each other.

CERTIFICATES AND KEYS

SSL/TLS CERTS

Obtain an SSL certificate from Let’s Encrypt. This particular server did not have an existing HTTP server, so I used certbot in standalone mode:

# certbot certonly --standalone -d domain1.tld,domain2.tld

This produces a single certificate for both domains. Alternatively, one could invoke certbot for each domain to produce separate certificates.

DKIM KEYS

Rspamd includes a utility to generate DKIM keys. I created a directory within /etc/rspamd, protected it, and generated keys according to Rspamd’s dkim_signing guide.

# mkdir -p /etc/rspamd/dkim/keys
# chown -R rspamd:rspamd /etc/rspamd/dkim
# chmod -R 700 /etc/rspamd/dkim
# rspamadm dkim_keygen -s 'mail' -b 2048 -d domain1.tld -k /etc/rspamd/dkim/keys/domain1.tld.mail.key > /etc/rspamd/dkim/keys/domain1.tld.mail.txt
# rspamadm dkim_keygen -s 'mail' -b 2048 -d domain1.tld -k /etc/rspamd/dkim/keys/domain2.tld.mail.key > /etc/rspamd/dkim/keys/domain2.tld.mail.txt
# chown rspamd:rspamd /etc/rspamd/dkim/keys/*
# chmod 600 /etc/rspamd/dkim/keys/*

If you are having trouble splitting up the public key into multiple chunks within the DNS TXT record, you may need to use -b 1024 and live with the weakened security.

DIFFIE-HELLMAN PARAMETERS FOR DOVECOT

This is actually optional because I disabled non-ECC Diffie-Hellman ciphers in the Dovecot configuration.

# touch /etc/dovecot/dh.pem
# chmod 600 /etc/dovecot/dh.pem
# chown root:root /etc/dovecot/dh.pem
# openssl dhparam -out /etc/dovecot/dh.pem 4096

POSTFIX CONFIGURATION

The following Postfix configuration enables SASL through Dovecot, delivers mail to Dovecot’s LMTP service, enables TLS, and enables Rspamd as a milter.

I’ve only listed variables that differ from the defaults as of Postfix 3.7.

# based on Postfix 3.7.0
compatibility_level = 3.7

# Restrictions
# smtpd_recipient_restrictions includes the following features:
#   1.  prohibit specific senders via check_sender_access
#       create a list of prohibited domains in the following format
#           baddomain.tld   REJECT
#       save to /etc/postfix/sender_access and run `postmap /etc/postfix/sender_access`
#   2.  prepend X-Original-To for LMTP via check_recipient_access and set
#       lmtp_destination_recipient_limit
#       see https://dovecot.dovecot.narkive.com/jYiqyZYr/differences-in-delivered-to-header-between-deliver-and-lmtp#post7
smtpd_recipient_restrictions =  check_sender_access hash:/etc/postfix/sender_access,
                                check_recipient_access pcre:{{/(.+)/ prepend X-Original-To: $$1}}
lmtp_destination_recipient_limit = 1

# Aliases
alias_maps = hash:/etc/postfix/aliases
alias_database = $alias_maps

# Network
# set because $myhostname is domain.tld (not server.domain.tld)
mydomain = $myhostname
# set in order to add secondary domain
#   alternative is to use virtual domains: http://www.postfix.org/VIRTUAL_README.html
mydestination = $myhostname, localhost.$mydomain, localhost, localhost.localdomain, domain2.tld

# TLS support
smtpd_use_tls = yes
smtpd_tls_loglevel = 1
smtpd_tls_cert_file = /etc/letsencrypt/live/domain1.tld/fullchain.pem
smtpd_tls_key_file  = /etc/letsencrypt/live/domain1.tld/privkey.pem
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtp_tls_session_cache_database  = btree:/var/lib/postfix/smtp_scache

# SASL support
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

# Milters
#smtpd_milters = unix:/var/lib/rspamd/milter.sock
# or for TCP socket
smtpd_milters = inet:localhost:11332
non_smtpd_milters = $smtpd_milters
#milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
# skip mail without checks if something goes wrong
milter_default_action = accept

# Delivery
mailbox_transport = lmtp:unix:private/dovecot-lmtp

# Others
recipient_delimiter = +
biff = no

To enable “Submission” (port 587) for client usage, the following can be added to /etc/postfix/master.cf:

submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_tls_auth_only=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_recipient_restrictions=
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

Edit 2021-09-29: smtpd_tls_cert_file now points at the full chain instead of the individual cert.

Edit 2022-02-13: smtpd_recipient_restrictions uses Postfix 3.7’s inline pcre:{{}} syntax rather than requiring a separate file.

SUPPORTING MULTIPLE DOMAINS

In this configuration, I opted to serve multiple domains in the simplest way, by adding the second domain to mydestination. Postfix’s guide on this subject describes this way as being useful for the situation where each user receives mail in each domain, which was the case that applied to me. For more complex usages, one could use virtual alias domains, also described in that guide.

RELAY VS. RECIPIENT RESTRICTIONS

Postfix has a document that describes access restrictions. It notes that as of Postfix 2.10, the smtpd_relay_restrictions takes care of preventing Postfix from acting as an open relay. As such, many Postfix configuration tutorials do not have up-to-date guidance; instead, they opt to carefully configure smtpd_recipient_restrictions. As Postfix’s document illustrates, either way will work, so long as one of them prevents Postfix from acting as an open relay. In this configuration, I am relying on the sane default configuration of smtpd_relay_restrictions, which postconf -d smtpd_relay_restrictions reports to be:

smtpd_relay_restrictions = ${{$compatibility_level} < {1} ? {} : {permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination}}

Optionally, you can use smtpd_recipient_restrictions to prohibit certain domains. In my case, an attacker has been trying to sign up for an unprotected service by using fake emails from my domain name. I reject all emails from that service.

Edit 2020-07-06: Per this discussion, I have added a check_recipient_access entry that adds an X-Original-To header containing the original address that the email was intended for. Paired with the adjustment of the Dovecot configuration variable lda_original_recipient_header, this makes Sieve filtering based on address and “detail” (label after the + in an address) fairly simple.

I structured /etc/dovecot to follow the example template provided with Dovecot.

# mkdir -p /etc/dovecot
# cp -R /usr/share/doc/dovecot/example-config/conf.d /etc/dovecot
# cp -R /usr/share/doc/dovecot/example-config/dovecot.conf /etc/dovecot

Importantly, I had to make a few changes to the files in conf.d/:

1. Because I am using passwd-file authentication, I commented out the inclusion of auth-system.conf.ext in conf.d/10-auth.conf:

   #!include auth-system.conf.ext
   

2. Because SSL certs are located in /etc/letsencrypt, I commented out the attempts to read in those certs in conf.d/10-ssl.conf:

   #ssl_cert = </etc/ssl/certs/dovecot.pem
   #ssl_key = </etc/ssl/private/dovecot.pem
   

   I suppose one could symlink the certs to these locations instead.

I then made changes from the default configuration (as of Dovecot 2.3.10.1) by creating the following /etc/dovecot/local.conf. Dovecot will merge this configuration with the existing defaults.

protocols = imap lmtp

# conf.d/10-auth.conf

auth_mechanisms = plain login
!include conf.d/auth-passwdfile.conf.ext


# conf.d/10-mail.conf

mail_location = maildir:~/.mail


# conf.d/10-master.conf

service lmtp {
    unix_listener /var/spool/postfix/private/dovecot-lmtp {
        mode  = 0600
        user  = postfix
        group = postfix
    }
}

service auth {
    unix_listener /var/spool/postfix/private/auth {
        mode  = 0666
        user  = postfix
        group = postfix
    }
}


# conf.d/10-ssl.conf

ssl_cert = </etc/letsencrypt/live/domain1.tld/fullchain.pem
ssl_key  = </etc/letsencrypt/live/domain1.tld/privkey.pem
ssl_min_protocol = TLSv1.2
ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
ssl_prefer_server_ciphers = yes


# conf.d/15-lda.conf

lda_original_recipient_header = X-Original-To


# conf.d/20-imap.conf

protocol imap {
    mail_max_userip_connections = 20
}


# conf.d/20-lmtp.conf

protocol lmtp {
    mail_plugins = $mail_plugins sieve
}

As a consequence, Dovecot provides a SASL service to Postfix for authentication and receives mail from Postfix via LMTP. It enables an IMAP service for mail user agent connection.

Edit 2020-07-06: The adjustment to lda_original_recipient_header (which also applies to LMTP) tells Dovecot to use the X-Original-To header to specify the original recipient.

Following Mozilla’s TLS guide, the minimum protocol is set to TLSv1.2. A more restrictive set of ciphers are allowed as well (in particular, no non-ECC Diffie-Hellman support).

Edit 2021-09-29: ssl_cert now points at the full chain instead of the individual cert.

USER AUTHENTICATION

This configuration uses a simple password file for authentication.

touch /etc/dovecot/users
chown dovecot:dovecot /etc/dovecot/users
chmod 600 /etc/dovecot/users

Passwords can be generated with dovecot pw -s SHA512-CRYPT as per Dovecot’s password scheme guide.

Then, following Dovecot’s Passwd-file guide, one can create a mostly-empty row:

in /etc/dovecot/users:

user:{SHA512-CRYPT}<hash>:sys_user:sys_user_group::/home/sys_user::

This configuration allows for a virtual mapping from user to the system account sys_user with its corresponding group sys_user_group and home directory /home/sys_user. user should be the account that you map all of your aliases in /etc/postfix/aliases to.

Edit 2022-01-29: The Rspamd-Redis connection now uses UNIX sockets.

Per Rspamd’s Quick Start guide, I adjusted a few Redis configuration settings slightly, namely setting a memory limit and policy and enabling access via UNIX socket. To do that, I added include /etc/redis.d/local.conf to the end of /etc/redis.conf and created the following /etc/redis.d/local.conf:

# settings recommended by Rspamd
#   https://rspamd.com/doc/quickstart.html

maxmemory 500mb
maxmemory-policy volatile-ttl
unixsocket /var/run/redis/redis.sock
unixsocketperm 770

I also followed the suggestion of setting vm.overcommit_memory = 1 with sysctl and in /etc/sysctl.d/.

RSPAMD

Rspamd is a powerful spam filtering tool that can also be used to add DKIM signatures to outgoing messages. I have used it since ~v1.2 (mid-2016); it has grown significantly since then, and there have been a few configuration-breaking changes in that time. However, I have not encountered such issues recently.

I made changes exclusively within /etc/rspamd/local.d and only included settings that changed the defaults as of Rspamd 2.5.

GLOBAL CONFIGURATION SETTINGS

I have Unbound configured as the local nameserver, so Rspamd will automatically use it (/etc/resolv.conf points to 127.0.0.1). Rspamd can generate a lot of DNS requests, so I have found this to be a valuable solution. Using a public nameserver will likely result in rejections over time.

Therefore, local.d/options.inc looks like:

# same as postfix $mynetworks minus loopback addresses (`postconf mynetworks`)
local_addrs = [
    <self IP addresses>
];

# DNS tuning for local DNS server
#   probably not necessary
dns {
    timeout = 10s;
    retransmits = 50;
}

# server does not support SSE3
disable_hyperscan = true;

PROXY WORKER AS MILTER

The Rspamd proxy worker acts as a milter by default, but should be configured to scan outbound mail to DKIM sign messages. That can be accomplished by setting the following in local.d/worker-proxy.inc:

upstream "local" {
    self_scan = yes;
}

# spawn more processes in self-scan mode
count = 4;

DKIM SIGNING

Because each DKIM key follows a structured file naming format, local.d/dkim_signing.conf is relatively simple:

# the same settings apply for all domains

selector = "mail";
path = "/etc/rspamd/dkim/keys/$domain.$selector.key";
allow_username_mismatch = true;

SPAM BLOCKING CONFIGURATION

For testing, it’s best to avoid outright rejecting emails that have a high spam score. The following adjustment in local.d/actions.conf adds spam headers to pretty much all messages that exceed the (default) add_header threshold.

# always add headers instead of rejecting
reject = 500;

The following files enable and configure their respective modules to use Redis as a backend.

Edit 2022-01-29: The Rspamd-Redis connection now uses UNIX sockets.

Rspamd connects to Redis via a UNIX socket (per these instructions). To provide Rspamd access, its user must be added to the redis group via usermod -a -G redis rspamd (note that some installations may have different usernames for Rspamd).

local.d/classifier-bayes.conf:

backend = "redis";

local.d/mx_check.conf:

enabled = true;

local.d/redis.conf:

servers = "/var/run/redis/redis.sock";

Adding the following to ~/.dovecot.sieve will send mail marked as spam to the Junk folder:

require ["fileinto"];

if header :is "X-Spam" "Yes" {
    fileinto "Junk";
    stop;
}

The firewall should open SMTP ports 25 and 587 and IMAP ports 143 and 993 to appropriate network traffic. For nftables, the following configuration can be added to an input inet filter chain:

tcp dport { 25, 587 }  accept comment "Allow SMTP/Submission"
tcp dport { 143, 993 } accept comment "Allow IMAP/IMAPS"

DNS entries need to be added for reverse DNS, SPF, DKIM, and DMARC. These tools all help other mail servers realize that your mail is not spam. Of course, an MX record is required as well.

For the domain name that matches $myhostname in Postfix (not any other domains), a PTR record is necessary. For example, for an IP address of 1.2.3.4:

4.3.2.1.in-addr.arpa. 3599 IN    PTR     domain1.tld.

An equivalent IPv6 PTR record is necessary, too. This tool is helpful in generating the record.

For all domains, an SPF record is required:

domain1.tld.    3599    IN      TXT     "v=spf1 ip4:<IPv4 Address> ip6:<IPv6 Address> -all"

Each of the DKIM keys generated above also generated a DNS record in /etc/rspamd/dkim/keys/$domain.$selector.txt. Each domain’s record must be added.

Adding a DMARC record to each domain helps other mail servers understand what to do with mail that failed SPF or DKIM checks. For testing, it makes sense to ask the mail server to keep the mail but send reports back to you.

_dmarc.domain1.tld. 3599    IN      TXT     "v=DMARC1; p=none; pct=100; rua=mailto:dmarc-reports@domain1.tld"

By changing to p=reject, the other server will reject mail that failed these checks.

Detecting whether email is junk, spam, or phishing is a challenge at the University of Washington. This is due primarily to the UW’s unusual email routing, which has been designed to support the UW community’s highly distributed IT infrastructure. The UW provides two centrally managed productivity platforms with email services (UW Google and UW Office 365). UW email also allows emails addressed from UW email addresses to be sent from anywhere, and incoming emails addressed to UW email addresses to be forwarded to anywhere.
Email sent to and from UW email addresses generally passes first through UW’s Email Infrastructure service infrastructure where it is scanned by Proofpoint, a software package that filters the majority of junk, spam, and phishing email, as well as email containing malware.

Once email has passed through the Email Infrastructure service, email is then delivered to the destination mailbox as selected on the UW email forwarding manage page. Upon delivery to the destination mailbox (e.g. UW Gmail, UW Office 365, consumer Gmail, Outlook.com, Yahoo!, etc.) email is then filtered again by the platform managing the destination mailbox (e.g. Google, Microsoft, Yahoo!, etc.) as junk, spam, or phishing email.
Read more about how the Email Infrastructure service filters email and how you can protect your email.
Determining if email is junk, spam, or phishing is up to each email service vendor (Proofpoint, Google, Microsoft, Yahoo! etc.) and is based on a wide variety of potential parameters that can change minute-by-minute. Additionally, user-implemented email filtering rules can also influence whether an email is filtered as junk, spam, or phishing.

If you send an email to or from a UW email address and receive a Non-Delivery Report (NDR) email
Non-Delivery Reports (NDR) are emails sent to a sender to report that an email has failed to deliver. These emails come from the last successful system to receive the email, not from the system that rejected or failed to accept the email. These reports should have details on why the email failed to deliver. Many times, the reason will simply be because the email address the email was sent to is no longer valid.
However, if the NDR email says an email was rejected as spam, try these steps:
• Send from a system officially “allowed” by your email domain’s Sender Policy. For those sending from @uw.edu email addresses, these include UW Google and UW Office 365 email services
• This does not currently include smtp.washington.edu and smtp.uw.edu that may be used with POP or IMAP clients to access UW Google and UW Office 365 mailboxes
• Never include links that immediately require a login
• Avoid using ALL CAPS in emails
• Avoid using excessive exclamation marks early and often in emails
• Remove any links or HTML from your signature
• Avoid using excessive HTML in emails with relatively little content
• Remove any potentially controversial or words commonly used in spam emails
If you try the above without success, try these steps:
• Switch to sending emails as plain text (instructions for Gmail and Outlook on the web)
If you are sending email that is being delivered to recipients’ spam/junk folders
If you are sending email that is being delivered to spam/junk folders for recipients utilizing UW Gmail, UW Office 365, commercial Gmail, Outlook.com, etc., try these steps:
• Send from a system officially “allowed” by your email domain’s Sender Policy.
• Never include links that immediately require a login
• Avoid using ALL CAPS in emails
• Avoid using excessive exclamation marks early and often in emails
• Remove any links or HTML from your signature
• Avoid using excessive HTML in emails with relatively little content
• Remove any potentially controversial or words commonly used in spam emails
If you try the above without success, try these steps:
• Switch to sending emails as plain text (Instructions for Gmail and Outlook on the web)
• Try sending the email from a different email address. If this works but you already have gotten this far down the list, then likely your specific email address has been marked as a problem. If you are using a UW email address, please contact help@edu for help in evaluating your situation. If you are using an outside address, please contact that organization for help
Read more about Gmail’s sender guidelines and Microsoft’s sender guidelines.
If you have tried all of the above which are practical for your situation, the recipient(s) will need to contact their email provider.

If you are receiving email that is incorrectly being delivered to your spam/junk folder
UW Gmail
If you are using UW Gmail and are finding emails in your spam folder that are being incorrectly delivered as spam, try these steps:
• Unmark an email as spam
• Add the sender as a contact
• Verify that you do not have a Gmail rule that filters these emails
• Verify that all devices and email clients you have configured to check your UW Gmail account have no rules or filtering in place
• If you have taken all of these steps and email is still incorrectly being delivered to your UW Gmail spam folder, please forward the email as an attachment to help@edu
If you try the above without success, you can:
• Add a Gmail rule to explicitly not filter the sender. Take this step with great caution and only for email addresses that are known and important to you, as it opens you to junk, spam, and phishing attacks sent from the email address(es) you exclude.
As a last resort, you can:
• Join this UW Group to opt out of all UW Gmail junk, spam, and phishing email protections
UW Office 365
If you are using UW Office 365 and are finding emails in your Junk E-Mail folder that are being incorrectly delivered as spam, try these steps:
• Under Filters, select “Trust email from my contacts” (Outlook on the web)
• Add the sender as a contact (Outlook on the web)
• Add the sender to Safe senders and domains (Outlook on the web)
• To add a domain, enter only the text after the @ symbol e.g. “edu” instead of “@edu”)
• Remove senders and their domains from Blocked senders and domains (Outlook on the web)
• Verify that you do not have rules or sweeps that could send emails to your Junk E-Mail folder (Outlook on the web rules, Outlook on the web sweeps)
• Verify that all devices and email clients you have configured to check your UW Office 365 account have no rules or filtering in place.

If you want the easiest way to stop, start, disable, or enable a service on Windows 11, you can use the “Services” app.

Stop a service
To stop a service on Windows 11, use these steps:
1. Open Start.
2. Search for Services and click the top result to open the app.
3. Double-click the service to stop.

4. Click the Stop button.

5. Click the Apply button.
6. Click the OK button.
Once you complete the steps, the service should stop. If the service doesn’t stop running, you may be trying to stop a critical service required for the system to operate correctly.

Start a service
To start a service on Windows 11, use these steps:
1. Open Start.
2. Seach for Services and click the top result to open the app.
3. Double-click the service to start.

4. Click the Start button.

5. Click the Apply button.
6. Click the OK button.
After you complete the steps, the service should start immediately.

Disable a service
To disable a service, use these steps:
1. Open Start.
2. Search for Services and click the top result to open the app.
3. Double-click the service to disable.

4. Click the Stop button (if applicable).
5. Select the Disabled option from the “Start menu” drop-down menu.

6. Click the Apply button.
7. Click the OK button.
Once you complete the steps, the service will no longer run on the device after restarting the computer. If you click the “Stop” button, the service will stop immediately.

Enable a service
To enable a service on Windows 11 using the Services app, use these steps:
1. Open Start.
2. Search for Services and click the top result to open the app.
3. Double-click the service to enable.

4. Click the Start button.
5. Select the how to start the service option:
a. Automatic: Starts the service automatically during start.
b. Automatic (Delayed Start): Starts the service automatically but after the system loads.
c. Manual: Allows users to start the service manually or through another service that the user tries to start.
d. Disabled: Keeps the service stopped regardless of whether it is needed or not.

6. Click the Apply button.
7. Click the OK button.
After you complete the steps, the service will enable after restarting the computer. If you want to run the service immediately, you also need to click the Start button.
You can also right-click the service and select the state. Or you can choose the service and choose the action (start, stop, pause, or restart) from the command bar at the top of the app.

How to manage services using Task Manager on Windows 11
On Windows 11, Task Manager includes the “Services” tab that allows you to manage services.
To stop or restart a service through Task Manager, use these steps:
1. Open Start.
2. Search for Task Manager and click the top result to open the app.Quick note: You can also right-click the Start button and select the Task Manager. Or use the Ctrl + Shift + Esc keyboard shortcut to open the app.
3. Click the Services tab.
4. Right-click the service and select the action:
• Start.
• Stop.
• Restart.

Once you complete the steps, the service will start, stop, or restart, depending on your selected option.
When using Task Manager, consider that you can’t disable or configure the service to start automatically.

How to manage services using Command Prompt on Windows 11
You can also use Command Prompt with the “net” (legacy) and “sc” (modern) command to disable, enable, stop, or start services on your computer.
Stop a service
To stop a service from an app or Windows 11 with Command Prompt, use these steps:
1. Open Start.
2. Search for Command Prompt, right-click the top result, and select the Run as administrator option.
3. Type the following command to view the available services and press Enter:sc queryex state=all type=service

4. Type the following command to stop one service with Command Prompt and press Enter:net stop “SERVICE-NAME”In the command, replace “SERVICE-NAME” for the name of the service. The quotation marks are only needed if there’s a space within the name.This example stops the printer spooler from using the service name on Windows 11:net stop “spooler”

5. (Optional) Type the following (different) command to stop a service and press Enter:sc stop “spooler”
6. After you complete the steps, the Command Prompt command will stop the Windows 11 or app service.

Start a service
To use Command Prompt to start a service, use these steps:
1. Open Start.
2. Search for Command Prompt, right-click the top result, and select the Run as administrator option.
3. Type the following command to view the available services and press Enter:sc queryex state=all type=service

4. Type the following command to start a service with Command Prompt and press Enter:net start “SERVICE-NAME”In the command, replace “SERVICE-NAME” for the name of the service.This example starts the printer spooler using the service name on Windows 11:net start “spooler”

5. (Optional) Type the following (different) command to start a service and press Enter:sc start “spooler”
6. After you complete the steps, the command will start the service on your computer.

Disable a service
To disable a service on Windows 11 with commands, use these steps:
1. Open Start.
2. Search for Command Prompt, right-click the top result, and select the Run as administrator option.
3. Type the following command to view the available services and press Enter:sc queryex state=all type=service

4. Type the following command to disable a service with Command Prompt and press Enter:sc config “SERVICE-NAME” start=disabledIn the command, replace “SERVICE-NAME” for the name of the service. The quotation marks are only needed if there’s a space within the name.This example disables the printer spooler using the service name on Windows 11:sc config “spooler” start=disabledQuick note: When you use the disable option on Windows 11, it doesn’t stop the current state of the service. If you want to stop immediately, you can restart the computer or stop the service using the following command.

Once you complete the steps, the Command Prompt command will be disabled on Windows 11.

Enable a service
To enable a service with Command Prompt, use these steps:
1. Open Start.
2. Search for Command Prompt, right-click the top result, and select the Run as administrator option.
3. Type the following command to view the available services and press Enter:sc queryex state=all type=service

4. Type the following command to enable a service and press Enter:sc config “SERVICE-NAME” start=autoIn the command, replace “SERVICE-NAME” for the name of the service.This example enables the printer spooler:sc config “spooler” start=auto

5. (Optional) Type the following command to start a service with the “Manual” option and press Enter:sc config “SERVICE-NAME” start=demand
6. (Optional) Type the following command to start a service with the “Automatic Delayed” option and press Entersc config “SERVICE-NAME” start=delayed-auto
7. (Optional) Type the following command to start a service immediately and press Enter:sc start “SERVICE-NAME”
8. After you complete the steps, the service will start immediately.

How to manage services using PowerShell on Windows 11
If you need to create a script or use commands, PowerShell also lets you manage system and app services.

Stop a service
To stop a service with PowerShell, use these steps:
1. Open Start.
2. Search for PowerShell, right-click the top result, and select the Run as administrator option.
3. Type the following command to view the available services and press Enter:Get-Service

4. Type the following command to stop a service on Windows 11 and press Enter:Stop-Service -Name “SERVICE-NAME”In the command, change “SERVICE-NAME” with the name of the service to stop. If you want to use the service’s display name, then replace -Name for -DisplayName and specify the service name.This example stops the printer spooler on Windows 11:Stop-Service -Name “spooler”

5. (Optional) Type the following variant of the command also to stop a service and press Enter:Set-Service -Name “SERVICE-NAME” -Status stoppedIn the command, change “SERVICE-NAME” with the name of the service to stop.
6. (Optional) Type the following command to force stop a service that results in dependency errors using the previous commands and press Enter:Set-Service -Name “SERVICE-NAME” -Force
Once you complete the steps, the PowerShell command will stop the Windows 11 or app service.

Start a service
To start a service on Windows 11 with PowerShell, use these steps:
1. Open Start.
2. Search for PowerShell, right-click the top result, and select the Run as administrator option.
3. Type the following command to view the available services and press Enter:Get-Service

4. Type the following command to start a service on Windows 11 with PowerShell and press Enter:Start-Service -Name “SERVICE-NAME”In the command, change “SERVICE-NAME” with the name of the service to start.This command starts the printer spooler service on Windows 11:Start-Service -Name “spooler”

5. (Optional) Type the following variant of the command also to start a service and press Enter:Set-Service -Name “SERVICE-NAME” -Status runningIn the command, change “SERVICE-NAME” with the name of the service to start.
After you complete the steps, the command will start the service immediately.

Disable a service
To disable a service with PowerShell commands, use these steps:
1. Open Start.
2. Search for PowerShell, right-click the top result, and select the Run as administrator option.
3. Type the following command to view the available services and press Enter:Get-Service

4. Type the following command to stop a service and press Enter:Stop-Service -Name “SERVICE-NAME”In the command, change “SERVICE-NAME” with the name of the service to stop. If you want to use the service’s display name, then replace -Name for -DisplayName and specify the service name.This example stops the printer spooler on Windows 11:Stop-Service -Name “spooler”
5. Type the following command to disable a service on Windows 11 and press Enter:Set-Service -Name “SERVICE-NAME” -Status stopped -StartupType disabledIn the command, change “SERVICE-NAME” with the name of the service to disable. You can also use the -DisplayName option instead of -Name to use the service’s display name.This example disables the printer spooler service:Set-Service -Name “spooler” -Status stopped -StartupType disabled

6. (Optional) Type the following command to disable the service without stopping it immediately and press Enter:Set-Service -Name “SERVICE-NAME” -StartupType disabled
Once you complete the steps, PowerShell will disable the service you specified.

Enable a service
To enable a service with PowerShell on Windows 11, use these steps:
1. Open Start.
2. Search for PowerShell, right-click the top result, and select the Run as administrator option.
3. Type the following command to view the available services and press Enter:Get-Service

4. Type the following command to enable a service and press Enter:Set-Service -Name “SERVICE-NAME” -Status running -StartupType automaticIn the command, change “SERVICE-NAME” with the name of the service to enable. You can also use the -DisplayName option instead of -Name to use the service’s display name. In this case, you may be able to use the display -DisplayName option. However, the command may prompt you to enter the name of the service, adding an extra step to the overall process. This example enables the printer spooler service:Set-Service -Name “spooler” -Status running -StartupType automatic
6. (Optional) Type the following command to enable the service without starting it immediately and press Enter:Set-Service -Name “SERVICE-NAME” -StartupType automatic

After you complete the steps, the PowerShell command will enable the service on Windows 11.

How to use Focus on Windows 11, By disabling notifications and hiding the Taskbar, Windows 11 22H2’s new Focus feature makes it simpler to focus on a single task. This feature is also compatible with the Clock app’s session timer. The Microsoft To Do app can help you prioritise your tasks and check them off as you complete them, and you can use Spotify to listen to your favourite tracks as you work if you need a little extra inspiration.

The Clock app can help you develop good routines by letting you establish daily challenges to push yourself toward a healthier lifestyle. The methods to activate the Focus function in the Windows 11 are outlined in this tutorial. Focus sessions can be initiated in Windows 11 22H2 in at least three different ways: via the Quick Settings flyout, the Settings app, or the Clock app.

These are the steps you need take to initiate a concentration session via the Quick Settings flyout:

1. A system’s date and time can be accessed via a button in the tray.
2. As a quick hint, you can also use the Windows key plus the N key combination.
3. Just head to the Calendar section and pick a time that works for you.
4. Just hit the “Focus” button.

Initiate a meditation session from the Settings app by following these steps:

1. Launch the preferences menu.
2. Select System and click it.
3. To access the Focus page, select it from the menu on the right.
4. Limit your time in the session.
5. Select the button labelled “Start focus session”

Follow these steps in the Clock app to initiate a concentrated work session:

1. Start the Clock programme.
2. Just go to the Focus sessions link.
3. Limit your time in the session.
4. (Optional) If you want to skip the breaks, you can do so by clicking the Skip breaks box.
5. Select the button labelled “Start focus session”

Follow these steps to begin your session and turn off app notifications and badges. When the countdown reaches zero, the Clock app will launch in a compact mode, complete with a timer, and all alerts will be silenced.

The Clock app allows you to customise your working time by adjusting the length of your concentrate times, the volume of your session’s finish and break sounds, and the degree to which Spotify and To Do are integrated into your workflow. I’ll show you how:

1. Ahead, Go!
2. Try it out for yourself by typing “Clock” into your search bar and then opening the first result.
3. For customization options, use the gear icon in the leftmost area.
4. Select the Time to concentrate option.
5. To set the duration of the time, head to the Focus period settings.
6. You can set the time duration for breaks using the Break period option.
7. To have a sound play whenever a session ends, turn on the End of session sound switch.
8. To modify the tone played when the session ends, select the desired option from the corresponding drop-down menu.
9. To have an audible signal play when a session ends, turn on the End of break sound switch.
10. To alter the sound played once a break is over, select it from the corresponding menu.
11. In order to activate the Spotify integration, simply flip the switch on (if applicable).
12. To modify your Spotify account’s preferences, select “Settings” from the menu.
13. You can activate Microsoft’s To Do integration by toggling the To Do switch on (if applicable).

Two recent pieces provide a high-level view of generative AI in HR. In a piece from May 2023, the Conference Board looks at key questions and impact areas. The piece suggests that, through the strategic application of AI, HR has an opportunity to impact financial outcomes in the company in relation to job design, organizational processes, analytics, talent acquisition, rewards, DEI, and employee engagement. In a June 2023 podcast, talent leaders Bryan Hancock and Bill Schaninger talk with McKinsey about the opportunities and risks of generative AI in HR, particularly in recruiting, performance management, and talent development. Taken together, the two pieces provide an up-to-date perspective.

AI, and in particular generative AI, has the potential to radically enhance HR processes and decision-making by sourcing, selecting, negotiating with, and then hiring candidates; generating custom
individual development plans and performance evaluations; monitoring worker productivity; writing reports; and conducting research on HR trends or legislative developments, all while controlling for suspicious activity and alerting managers to potential turnover risks. If done correctly, the ROI can be tremendous. At the same time, there are legal, reputation, and business risks, especially around bias and transparency.

Insights for What’s Ahead

• Besides enhancing HR processes and decision-making, generative AI has the potential to change the way work gets done and the way workers are managed. Sixty-five percent of CHROs expect AI to have a positive impact on the HR function over the next two years, according to The Conference Board CHRO Confidence Index, making proficiency in this technology a high priority for the function that is responsible for talent in the organization.
• However, risks associated with generative AI must be carefully considered and managed to avoid potential damage to an organization’s reputation, customer relationships, and strategic plans. It must be vetted through the same rigorous process as all business risk decisions.
• With people-related costs representing roughly half of most organizations’ operating budgets, the HR function has a tremendous opportunity to impact financial outcomes. CHROs will need to prioritize investments in new HR technology. Making the business case by articulating the longer-term positive impacts to the organization—whether those are in job redesign, organizational processes, information, analytics, markets, and employer brand—is critical.

• Generative AI offers significant opportunities for talent acquisition; total rewards; diversity, equity & inclusion; and employee engagement—the functions most likely to experience significant disruption. This is because of AI’s ability to analyze vast amounts of data, identify patterns, and make predictions about the likelihood of a candidate’s success or an employee’s likelihood of leaving.
• When adopting this new technology, CHROs will need to determine how workers and leaders are engaging with generative AI and developing guidelines to leverage this technology. HR serves a critical role in protecting the assets, strategic plans, client data, and intellectual property of the organization. Mastering the use of generative AI will become table stakes for successful employment and be considered a core skill for HR leaders.
• Asking the right questions before adoption will be critical to optimizing the implementation of generative AI applications. For CHROs the goal is to supervise its adoption in HR, implement it successfully and ethically, monitor its use, manage the impact of technology on job design and organization processes, and protect and upskill workers and those who lead them.

Generative AI: The Promise and the Peril

Many HR organizations already employ several types of AI in their processes, such as chat bots, to address benefit questions and applicant tracking systems (ATS) to sift through thousands of resumes to find the closest match to open job criteria. In a recent study by Eightfold AI, HR leaders reported they use AI to support many core functions, with at least 64 percent reporting that they use some form of AI as support for employee records management, payroll processing and benefits administration, recruitment and hiring, performance management, onboarding new employees, retaining current employees, cross-skilling and reskilling employees, company culture and rewards management, and managing talent mobility.

However, it is important to note a vast array of digital solutions, many of which are touted as artificial intelligence (AI), are already available to the HR function, yet, strictly speaking, few of those products qualify as AI. The term AI is often applied more loosely to mean the use of computer systems or agents to perform any task that, up until now, humans had to do. The disconnect between the expert’s view and the popular one often causes some confusion in the business world. (See our report AI for HR: Separating the Potential from the Hype.)

Estimates vary, but as many 70 percent or more of workers are already using generative AI citing higher productivity, speed, or the ability to get a jump start on a topic or project; few have had training on it, and most are keeping their usage very low key with employers.2 3 4 5Looking ahead, Microsoft expects to integrate generative AI into its suite of office applications used by most businesses today.

Other common HR platforms will likely do the same
The second quarter 2023 edition of The Conference Board CHRO Confidence Index found that 65 percent of CHROs expect AI in all forms to have a positive impact on their function within the next two years. To contrast, our C-Suite Outlook 2023 reported that CEOs are more focused on enterprise-wide digital transformation and less on enhancing AI and analytics competencies in the HR function, despite the increasing demand from investors and regulators for evidence-based, quantitative human capital disclosures. According to the survey, CEOs do not place a high priority on investing in improving skills in HR data analytics or implementing AI/generative AI in optimizing human capital management efficiencies.7 This creates an even bigger challenge for CHROs seeking to introduce this technology. CEOs must have a clear understanding of the technology’s value and be able to demonstrate the payback for the incremental cost.
Generative AI has the potential to radically enhance HR processes and decisions. Generative AI’s impact on the HR function, and by extension, workers and the workplace, is a game changer. Potential applications include the ability to source, select, communicate/negotiate with and then hire candidates; create jobs; write behavior-based interview questions; generate custom individual development plans and performance evaluations; and monitor worker productivity, thus augmenting the productivity of HR professionals. In addition, generative AI has the potential to change the way work gets done (including job design and human capital deployment) and the way workers are managed (including leadership and accountability).
Generative AI will offer workers (in most professions or jobs) options that will improve efficiency and speed as well as productivity. This new technology can create personalized marketing and social media campaigns for marketing pros, write or review code for IT professionals, support pharmaceutical research and development efforts in the creation of new medications, draft annual reports for corporate communication professionals, draft legal documents for general counsels, and analyze vast amounts of customer feedback for every organization.8 Every HR process is an opportunity for generative AI. For example, AI-driven pay transparency and equity audits provide greater insights and enable faster decision-making. The functions where generative AI can provide almost limitless opportunities for efficiency include talent acquisition, total rewards, DEI, and employee engagement.

While the HR function has a tremendous opportunity to impact financial outcomes, CHROs will need to not only make a strong business case for investments in new HR technology but also articulate the longer-term positive impacts to the organization—whether those are in job redesign, organizational processes, information, analytics, markets, and employer brand—and ultimately evaluate the risks/rewards associated with any new technology. Generative AI introduces new risks to organizations, workers, and those who lead them.
In its current state, information and analysis offered by generative AI may reflect the biases of a society—either coded by flawed humans or built from biased or incomplete information used to “train” it. In some cases, the data itself may be dated or reflect a history of decisions that, looking back, we would not want to repeat or codify. Current shortcomings include:
• Based on inaccurate information and dependent on the sources used to train it, AI sometimes “hallucinates,” meaning it confidently generates inaccurate information9 without flagging that shift for the user of the app;

• Uploading proprietary data into the AI apps for processing could pose organizational risks that include forfeiting ownership of information, intellectual property, patents, and copyrights;
• Confidentiality and data privacy policies may not be verifiable;
• Generative AI does not (currently) understand concepts and frameworks; it simply gathers data and makes predictions and/or creates a narrative;
• Transparency may be lacking about how algorithms work and how important safety, privacy, and fairness guidelines are to protect the organization, its people, its customers, and other stakeholders.
Don’t underestimate legal and ethical issues.