One of the most effective ways to secure Windows Server 2003 is to turn off unnecessary services. This detailed Excel spreadsheet lists 102 Windows Server 2003 services, describes each service's function, specifies whether you can safely disable the service, and outlines the ramifications of doing so. The spreadsheet also lists each service's default configuration for specific server roles--domain controller, DHCP server, File server, mail server, and so forth.
Download and review the spreadsheet:
http://techrepublic.com.com/5138-10879-5766252.html
Then, join this ongoing discussion and share your Windows security tips. Also, let us know if this download provided helpful information and if there's anything we can do to improve the document's content or format.
Discussion on:
DOWNLOAD: Windows Server 2003 services that can be disabled
Tags: windows, security, download, windows server 2003
View:
Show:
I welcome any comments, suggestions, or corrections that you might be able to offer. I'd like to make this chart as full featured as possible, but still be manageable.
Scott
Scott
Your comment: "Stopping this service will result in the inability for the computer to resolve names to IP addresses." is true, however, why would I want my computer to do the resolving? Then, I am subject to cache-poisoning attacks and the like. I consistently disable this service (in my NON-Active Directory environment, I might add) so that my clients let the DNS server do its job and resolve the addresses. My workstation doesn't have to do the resolving. Let the DNS server do it instead. It's probably better at it and more secure than my workstation. I think that Microsoft's description is a little misleading, because it leads you do believe that DNS addresses will not be able to be resolved, which is not true.
{quote}Your comment: "Stopping this service will result in the inability for the computer to resolve names to IP addresses." is true, however, why would I want my computer to do the resolving?{/quote}
Interesting. I am going to disable DNS on my workstation. I have occasions where my computer can't find the mail server in the same building for random periods of time. I am betting this is why.
Interesting. I am going to disable DNS on my workstation. I have occasions where my computer can't find the mail server in the same building for random periods of time. I am betting this is why.
I gave this chart a rating of 4. This is very useful information. I've mentioned in previous posts that I have created a lot of work for myself by using a test machine to experiment with turning services off and seeing what happened. This chart will save people a lot of time.
The only reason that I did not rate this chart as 5 is the format. I think that XLS format is a bad idea for general distribution of information. I mentioned in a recent discussion about someone migrating to OpenOffice.org software that the spreadsheet program can be a bit of a problem when reading a genuine M$ Excel file. In this case I found that the OOo spreadsheet program appeared to work but the Gnome spreadsheet called gnumeric failed to display the file properly.
I think that it you are going to distribute information that it NOT intended to be edited by the recipients then it is better to use a noneditable format such as PDF. Plus the software available on Unixes to display PDF files have better compatibility with PDF files created by any number of software applications. So I strongly prefer to receive documents in PDF format rather than in XLS format.
I want to end with a positive comment so I'm going to just say thanks for providing this information. I believe that it will be very useful to me in my professional activities.
The only reason that I did not rate this chart as 5 is the format. I think that XLS format is a bad idea for general distribution of information. I mentioned in a recent discussion about someone migrating to OpenOffice.org software that the spreadsheet program can be a bit of a problem when reading a genuine M$ Excel file. In this case I found that the OOo spreadsheet program appeared to work but the Gnome spreadsheet called gnumeric failed to display the file properly.
I think that it you are going to distribute information that it NOT intended to be edited by the recipients then it is better to use a noneditable format such as PDF. Plus the software available on Unixes to display PDF files have better compatibility with PDF files created by any number of software applications. So I strongly prefer to receive documents in PDF format rather than in XLS format.
I want to end with a positive comment so I'm going to just say thanks for providing this information. I believe that it will be very useful to me in my professional activities.
I'm very pleased that you found the information useful! I want to address the format issue. Normally, this kind of information would be distributed in both XLS and PDF format. However, a number of cells have comments not applicable to everyone and including this information in separate columns would have made the sheet unwieldy. Therefore, the decision was made to distribute in Excel only so that people that wanted to see the comments would be able to do so. A PDF distribution would have been lacking too much information.
Again, thank you for the positive feedback!
Scott
Again, thank you for the positive feedback!
Scott
Thanks.. Scott Lowe & TechRepublic.
its too good for help sys admin.
Mangesh Salunkhe
its too good for help sys admin.
Mangesh Salunkhe
Am I correct in assuming that most of this will also apply to Windows 2000 as well? I have 4 Win2K servers and a bunch of W2K workstations.
I manage various servers. My job responsibilities is primarily database servers. SQL Server in particular. I find that an entry for Database servers (such as MS SQL, Sybase, UDB, Oracle, etc.) is not entered. A database server is more than an application server and it deserves a separate column. Setting that aside, this is a good document and certainly helps me review and identify what should be running on our servers. Thanks!
"Your computer will be unable to locate other Windows computers on the network" - is not correct! Computer will not maintain the browsing list and will not participate in elections. At the same time it will be able to resolve all names regardless. I have it disabled on 10000+ machines (workstations) and they work just fine.
...db
...db
This service could and should be disabled on all servers with no DFS root published. Even DC's which dont have a dfs root replicated to them can have the service disabled. This wont stop the server being able to access data on a dfs root. The service isnt just for AD published roots either, its for standalone DFS roots (including consolidated roots)
With Windows Server 2003 the primary topic here, I hope I can ask a question whose answer has eluded me for some time. Where are the tooltips for the icons in the Quick Launch bar? Or maybe I should ask, how can I turn them on? It is a nuisance to have such a helpful feature just disappear in a new OS.
Thanks,
Mike
Thanks,
Mike
anyone else get this message? got it last week and again today. if someone downloaded the excel file could you plz email to me @ paul@mtg2000.com? thx!!!!
Hello I tried to download the excel file but I got an internet explorer error so could you please help to download the file by showing me the rihgt link or send it to my e-mail
mob2001in@yahoo.co.in
thank you so much
mob2001in@yahoo.co.in
thank you so much
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
