Security Templates: Services

By winthrop.polk ·
In the services section of a Win XP SP2 security template, how complete is this listing and what is the source? Different workstations will have different services running depending on what is installed. The question is this. When I open hisecws template and view the services section, is this list what services I have on this computer or does it list just the sevices that are included directly after a fresh OS install? Is the list populated at runtime or is it hardcoded?


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

there are certain services that must run

by CG IT In reply to Security Templates: Servi ...

and if you search TR,or Google for that matter, there are some papers on what services you can turn off without affecting the O/S operation.

Collapse -


by winthrop.polk In reply to there are certain service ...

I know I know all this already. The question is about how the services are presented to the user via the MMC security templates. Are they grabbed from the computer when you open the template? Or is the list of services in the security template going to be the same on any computer? I know that the display in services.msc will be different on just about every computer, but what about the services as displayed from a security template?

Collapse -

Well to answer your question

by CG IT In reply to But

no there really isn't any documentation on who decided and why those services are listed in the hisec.inf security template.

hisec.inf, as you know, is a superset of the secure.inf template.The secure template is a set of configurations that basically limit annonymous user access and NTLM.

If you really must know how, the services got listed as well as why and what they are, go to the microsoft community forums. An actual Microsoft developer/tech will probably provide you with the answer.

Collapse -


by winthrop.polk In reply to Well to answer your quest ...

I appreciate it. The reason I feel that I need to know where this list is pulled from is due to the follow. We have a network with 120 computers and no domain; pretty much zero traditional enterprise IT type infrastructure. We have to meet NERC CIP by 12-31-09; I am not allowed to purchase new equipment. So, I am being force to design this temporary administrative nightmare. We have to implement password policies, user management, virus protections, etc,etc,etc without a domain.

So I would really like to make sure that the services listed in the template (the template I plan to manually apply and then customize to each of the 120 devices) is a good list to use. You cannot add anything to the list, so I suspect these are the default services that typically are installed with a fresh install, but I don't know for sure. It could be that this list is generated based on the computer I am currently using to develop the template, meaning it is totally not appropriate to use.

Collapse -

I would suggest to post the question on the Microsoft

by CG IT In reply to Thanks

Community forums because you'll most likely get an actual Microsoft guy giving you an answer.

I'd ask if the services listed in the template are part of the template or is it populated by the machine your using to configure the template. I would think it's part of the template.

If you ask, might share what you find here on the boards. Be interesting to know.

Collapse -

Try this community group

by CG IT In reply to Here's the post... lets s ...

Some of the guys have MSFT after their avatar these are the guys your looking for.

This is where I've posted some questions and gotten Microsoft developers and techs to provide answers and suggestions.

Related Discussions

Related Forums