When a new operating system becomes available, one of the first things I look at is what is new on the basic components of the server; for example, I did this for scheduled tasks on Windows Server 2008 (including R2). One area that I look at most carefully is the Windows Services inventory. Two services that caught my eye in Windows Server 2008 are the PnP-X IP Bus Enumerator and Net.TCP Port Sharing services.
The PnP-X IP Bus Enumerator service, which first came with Windows Vista, functions to connect devices over the network such as printers through Plug and Play Extensions. It uses Simple Service Discovery Protocol (SSDP) and WS-Discovery to provide an abstraction layer between the network and the devices. These two methods utilize communication protocols over the network that may not be something most administrators want to utilize in the client or server spaces.
The Net.TCP Port Sharing service is described as a user-mode mechanism to accept connections in processes in net.tcp:// format. The service manages connections by inspecting the transmission and forwarding to a destination address, from the application perspective. In terms of managing security and traffic flow, I can’t imagine administrators liking this capability. This MSDN blog post explains Net.TCP Port Sharing and its use case, but in favor of keeping network traffic at face value, I’d opt to disable the service.
To disable these services for computer accounts, navigate in Group Policy to the Computer Configuration | Policies | Windows Settings | Security Settings | System Services area of the Group Policy Management Editor. Figure A shows this for a Windows Server 2008 R2 domain.
Click the image to enlarge.
PnP-X IP Bus Enumerator and Net.TCP Port Sharing are disabled by default for Windows Server 2008 installations, but that doesn’t keep Windows 7, Windows Vista, or server side programs from utilizing these services by changing the startup type.
Do you go through the extra effort to implement this type of protection for services that you want to prohibit even if you don’t foresee using them? Let us know in the discussion.
Stay on top of the latest Windows Server 2003 and Windows Server 2008 tips and tricks with our free Windows Server newsletter, delivered each Wednesday.