General discussion


DOWNLOA Windows Server 2003 services that can be disabled

By Bill Detwiler Editor ·
One of the most effective ways to secure Windows Server 2003 is to turn off unnecessary services. This detailed Excel spreadsheet lists 102 Windows Server 2003 services, describes each service's function, specifies whether you can safely disable the service, and outlines the ramifications of doing so. The spreadsheet also lists each service's default configuration for specific server roles--domain controller, DHCP server, File server, mail server, and so forth.

Download and review the spreadsheet:

Then, join this ongoing discussion and share your Windows security tips. Also, let us know if this download provided helpful information and if there's anything we can do to improve the document's content or format.

This conversation is currently closed to new comments.

13 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Comments and suggestions

by Scott Lowe Contributor In reply to DOWNLOAD: Windows Server ...

I welcome any comments, suggestions, or corrections that you might be able to offer. I'd like to make this chart as full featured as possible, but still be manageable.


Collapse -

DNS Service comment

by Slogmeister In reply to Comments and suggestions

Your comment: "Stopping this service will result in the inability for the computer to resolve names to IP addresses." is true, however, why would I want my computer to do the resolving? Then, I am subject to cache-poisoning attacks and the like. I consistently disable this service (in my NON-Active Directory environment, I might add) so that my clients let the DNS server do its job and resolve the addresses. My workstation doesn't have to do the resolving. Let the DNS server do it instead. It's probably better at it and more secure than my workstation. I think that Microsoft's description is a little misleading, because it leads you do believe that DNS addresses will not be able to be resolved, which is not true.

Collapse -

Re: DNS Service comment

by In reply to DNS Service comment

{quote}Your comment: "Stopping this service will result in the inability for the computer to resolve names to IP addresses." is true, however, why would I want my computer to do the resolving?{/quote}

Interesting. I am going to disable DNS on my workstation. I have occasions where my computer can't find the mail server in the same building for random periods of time. I am betting this is why.

Collapse -

Good information

by stress junkie In reply to DOWNLOAD: Windows Server ...

I gave this chart a rating of 4. This is very useful information. I've mentioned in previous posts that I have created a lot of work for myself by using a test machine to experiment with turning services off and seeing what happened. This chart will save people a lot of time.

The only reason that I did not rate this chart as 5 is the format. I think that XLS format is a bad idea for general distribution of information. I mentioned in a recent discussion about someone migrating to software that the spreadsheet program can be a bit of a problem when reading a genuine M$ Excel file. In this case I found that the OOo spreadsheet program appeared to work but the Gnome spreadsheet called gnumeric failed to display the file properly.

I think that it you are going to distribute information that it NOT intended to be edited by the recipients then it is better to use a noneditable format such as PDF. Plus the software available on Unixes to display PDF files have better compatibility with PDF files created by any number of software applications. So I strongly prefer to receive documents in PDF format rather than in XLS format.

I want to end with a positive comment so I'm going to just say thanks for providing this information. I believe that it will be very useful to me in my professional activities. :-)

Collapse -

Excel format

by Scott Lowe Contributor In reply to Good information

I'm very pleased that you found the information useful! I want to address the format issue. Normally, this kind of information would be distributed in both XLS and PDF format. However, a number of cells have comments not applicable to everyone and including this information in separate columns would have made the sheet unwieldy. Therefore, the decision was made to distribute in Excel only so that people that wanted to see the comments would be able to do so. A PDF distribution would have been lacking too much information.

Again, thank you for the positive feedback!


Collapse -

Its excellent!!

by mangesh62012 In reply to Excel format

Thanks.. Scott Lowe & TechRepublic.

its too good for help sys admin.

Mangesh Salunkhe

Collapse -

Windows 2003 Services...

by In reply to DOWNLOAD: Windows Server ...

Am I correct in assuming that most of this will also apply to Windows 2000 as well? I have 4 Win2K servers and a bunch of W2K workstations.

Collapse -

Re: Win2k3 Services Listing and Disabling

by forever1sg In reply to DOWNLOAD: Windows Server ...

I manage various servers. My job responsibilities is primarily database servers. SQL Server in particular. I find that an entry for Database servers (such as MS SQL, Sybase, UDB, Oracle, etc.) is not entered. A database server is more than an application server and it deserves a separate column. Setting that aside, this is a good document and certainly helps me review and identify what should be running on our servers. Thanks!

Collapse -

Computer Browser service comment

by bozald In reply to DOWNLOAD: Windows Server ...

"Your computer will be unable to locate other Windows computers on the network" - is not correct! Computer will not maintain the browsing list and will not participate in elections. At the same time it will be able to resolve all names regardless. I have it disabled on 10000+ machines (workstations) and they work just fine.

Collapse -

Distributed File System

by ian In reply to DOWNLOAD: Windows Server ...

This service could and should be disabled on all servers with no DFS root published. Even DC's which dont have a dfs root replicated to them can have the service disabled. This wont stop the server being able to access data on a dfs root. The service isnt just for AD published roots either, its for standalone DFS roots (including consolidated roots)

Back to Windows Forum
13 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums