Now: Tutorial for Web and Software Design > OS > Windows > OS Content
> Identifying Essential Windows Services: Part 1 [Bookmark it]
Identifying Essential Windows Services: Part 1

Identifying Essential Windows Services: Part 1

by Mitch Tulloch, author of Windows Server Hacks
11/29/2005

An important part of hardening Windows servers against attack is disabling any unnecessary services on your machines. A freshly installed member server running Windows Server 2003 with no specific roles defined (that is, not a file server or a print server or a web server, and so on) has more than 80 installed services visible in the Services console. These services are configured by default in various ways, with some configured for Automatic startup and therefore running by default, some configured for Manual startup and either stopped or running, and some configured as Disabled and therefore stopped.

By comparison, Windows 2000 servers have fewer installed services by default, but more of these configured for Automatic startup and are therefore running by default. The result is that Windows Server 2003 machines are more secure out of the box than Windows 2000 servers, so if you're still running the earlier platform you need to do a bit more work to ensure that only those services that are needed are running on your server.

But even with servers running Windows Server 2003 it's still valid to ask whether the default configuration of services is secure enough. The logical place to start is to ask which services are essential to normal operation of Windows servers, then go further and ask which additional services are needed when servers are fulfilling specific roles on your network such as file/print servers or web servers. I'll address the first question in this article and consider the second question in Part 2 later.

Bare Minimum Services

The Microsoft Windows Security Resource Kit is probably a pretty reliable source of information on securing Windows servers (we would hope!). In general, for all Windows 2000 and Windows XP machines this book recommends that the following minimum services be configured.

Services that should be configured to start automatically on Windows 2000 member servers:

  • DHCP Client
  • DNS Client
  • Event Log
  • Logical Disk Manager
  • Netlogon
  • Plug and Play
  • Protected Storage
  • Remote Procedure Call (RPC)
  • Remote Registry Service
  • Security Accounts Manager
  • Server
  • System Event Notification (SENS)
  • TCP/IP NetBIOS Helper Service
  • Windows Time Service (W32Time)
  • Workstation

Services that should be configured to start manually on Windows 2000 member servers:

  • Logical Disk Manager Administrative Service
  • Network Connections
  • Performance Logs and Alerts
  • Windows Management Instrumentation Driver Extensions

Most of these services are pretty obviously needed by servers running in a low or medium security environment, but before you start disabling everything else on your servers and end up with broken applications or other unexpected results, we should dig a little deeper into this subject by considering the recommendations of another important piece of Microsoft documentation: the Windows Server 2003 Security Guide. This document is a little more up to date than the Security RK, so let's see what the Security Guide recommends for minimum services needed on bare member servers, that is, member servers without any specific server roles defined.

Services that should be configured to start automatically on Windows Server 2003 member servers:

  • Automatic Updates
  • Computer Browser
  • Cryptographic Services
  • DHCP Client
  • DNS Client
  • Event Log
  • IPSec Services
  • Netlogon
  • NTLM Security Support Provider
  • Plug and Play
  • Protected Storage
  • Remote Procedure Call (RPC)
  • Remote Registry Service
  • Security Accounts Manager
  • Server
  • System Event Notification
  • TCP/IP NetBIOS Helper Service
  • Terminal Services
  • Windows Installer
  • Windows Management Instrumentation
  • Windows Time
  • Workstation

Services that should be configured to start manually on Windows Server 2003 member servers:

  • Background Intelligent Transfer Service
  • COM+ Event System
  • Logical Disk Manager
  • Logical Disk Manager Administrative Service
  • Microsoft Software Shadow Copy Provider
  • Network Connections
  • Network Location Awareness (NLA)
  • Performance Logs and Alerts
  • Remote Administration Service
  • Removable Storage
  • Volume Shadow Copy
  • Windows Management Instrumentation Driver Extensions
  • WMI Performance Adapter

Pages: 1, 2

Next Pagearrow

[1] [2] Next

[Bookmark][Print] [Close][To Top]
  • Prev Article-OS:

  • Next Article-OS:
    • Related Materias
    How to Deploy Software Usi
    Implementing Mandatory Roa
    Building Photo Uploaders w
    Inside Vistas New Diagnost
    Designing Small Windows Ne
    Ensuring Application Compa
    Supporting Branch Office E
    Use ClickOnce to Deploy Wi
    Object-Oriented Data Progr
    An Inside Look at Group Po
    Topics
    Photoshop Tutorial
     

    Special Effect
      3D Effect
      Photoshop Articles
    Programming Tutorial
     

    C/C++ Tutorial

      Visual Basic
      C# Tutorial
    Database Tutorial
     

    MySQL Tutorial

      MS SQL Tutorial
      Oracle Tutorial
    Graphic Design Tutorial
     

    Coreldraw Tutorial

      Illustrator Tutorial
      3D Graphics Articles
    Webmaster Articles
     

    Domain Service

      Web Hosting
      Site Promotion
    Java Tutorial&Articles
     

    Java Servlets

      JavaEE Tutorial
     

    JavaBeans Tutorial

    XML Tutorial&Articles
     

    XML Style Tutorial

      AJAX Tutorial
      XML Mobile
    Flash Tutorial&Articles
     

    Flash Video

      Action Script
      Flash Articles
    OS Tutorial&Articles
     

    Linux Tutorial

      Symbian Tutorial
      MacOS Tutorial