How many times have you looked through the list of services on a Windows 2000 Server and wondered which ones the system actually needs to operate properly? If you don't go through this list once in awhile and disable unnecessary services, you'll run into a couple of problems.
First, running unnecessary services can lead to potential security risks. Second, these services can decrease the performance of the equipment, requiring you to either upgrade or replace it earlier than needed.
The integrated nature of the services in Windows 2000 Server can make it hard to figure out which services can be disabled and what the ramifications will be. To help you determine what you can safely do without, I'll use a Microsoft-recommended baseline member server and domain controller running Windows 2000 Server to identify which services are required and which aren't, as well as to explain what their purpose is to the operating system and the effect of disabling them.
Download the reference sheet
All of this information on Win2K services is broken down in this downloadable reference sheet. The information is contained in a Microsoft Excel worksheet, which you can modify or supplement to meet the specific needs of your organization. There is also a PDF version of the worksheet, which you can distribute or print for use as a quick reference.
I gathered the information in the download from various areas of Microsoft’s Web site and from my own experience, and then consolidated it in an easy-to-follow format.
On the right side of the spreadsheet are columns for Member Server, Domain Controller, Infrastructure Server, and Web Server. These columns indicate whether a service is recommended for a secure baseline installation on each of these types of servers.
The worksheet lists only baseline services required to share resources on a Windows 2000 member server or domain controller. It does not include Exchange, SQL Server, or other server applications, since those services are not considered part of a baseline Win2K server.
Here is a breakdown of the columns in the worksheet:
- Service: This is the name of the service.
- Description: This is a description of the service, including what functions it performs.
- Startup: This denotes whether startup is manual or automatic. An automatic service starts when the OS boots. A manual service is started by the user or by another service. For example, the Network Connections service starts when an administrator configures a network connection.
- Ramifications if disabled: This is a short description of what happens when a service startup type is changed from Manual or Automatic to Disabled. For example, disabling the Network Connections service results in an administrator being unable to make changes to the network configuration, among other things.
- Member server: If this service is recommended on a baseline member server, there is a check in this column.
- Domain controller: If this service is recommended on a baseline domain controller, there is a check in this column.
- Infrastructure server: If this service is recommended on a baseline infrastructure server, there is a check in this column. An infrastructure server provides a network with such services as DNS, DHCP, and WINS.
- Web server: If this service is recommended on a baseline Web server, there is a check in this column.
Limiting the number of services on servers can help from both a security and a performance standpoint. The information presented in this worksheet will show you what services you definitely need to be running for a functional server and help you to pinpoint which services can be disabled.