Home
| > hashbang.iacl.org > Computer Security > 2009 Windows Services
2009 Windows Services Here's a list based on a quick rundown of Services generally turned on by default. In some cases Updating Windows or installing new service pack will re-examine "services" and turn back on and set to automatic items below that you may have turned off. Suggest you keep a list of what you want off as opposed to on that you can re-examine later.
However, it is very important that when the computer turns on it does not bring up Explorer (the desktop). It must come to a password screen, by which you have to enter password. Password should be enabled when you come out of screen saver mode, stand by should be enabled with some time, (going into stand-by renders the computer in the "off" position). The idea is to not leave you (the "admin") logged in (indefinitely) on the desktop when you walk away, Windows is a secure operating system WHEN NO-ONE IS LOGGED ON and will demand credentials of any attempt on it's services.
You may not be able to turn off the Windows Networking (Mapped Folder, file and print sharing). Separating the "Windows LAN" from the "Internet LAN" is highly desirable, but requires separate Network Interfaces and LAN wiring infrastructure. Windows is a secure operating system when a "request" from your Internet LAN asks for something on your Windows LAN and they are separate devices. (ethernet interfaces) Then (In Networking/Properties) tcp/ip checked on the one and the windows lan (NETBEUI or NetBIOS) on the other, separates the two far more effectively.
List of Services (make a shortcut to services on your desktop) and turn off (if possible).
The Big Fat Windows Service:
Windows Management Instrumentation Driver Extensions
Windows Management Instrumentation
Communications:
Terminal Services - Control and be control Remote Desktop - if not in use..
Telnet - telnet to another computer - if not in use..
Telephony - Drivers to serial ports - if not in use..
Print Spooler - If not connected to a printer
Messenger - sends messages over the local lan, very insecure on Internet.
Fax Service - if using computer for sending and recieving faxes.
Windows Networking, i.e mapped drives and file sharing:
TCP/IP NetBIOS Helper
Server
Network Location Awareness (NLA)
Network DDE DSDM
Network DDE (dde stands for dynamic data exchange)
Distributed Transaction Coordinator
Distributed Link Tracking Client
Computer Browser
Workstation
Windows "Security":
Windows Firewall/Internet Connection Sharing (ICS)
Security Center
Auto Install (LAN/ Net/ Windows):
Remote Registry
Background Intelligent Transfer Service
Automatic Updates
Dial-Up Access:
Remote Procedure Call (RPC) Locator
Remote Desktop Help Session Manager
Remote Access Connection Manager
Remote Access Auto Connection Manager
As to the "culture" of having the most amount of services available.. Windows is a chalkboard with limited operating space, all the services, left on by default, use up this space, thus less operating room for your programs to run. Yes, the above are all "TSR" that is "terminate (and) stay resident" programs, tying up resources better used by your applications.
Seem like a lot to do? yes, and is something that has to be entered into carefully. Do them just a few at a time, with restarts in between. Windows Updates and Service Packs have been know to re-enable some of the services above without notifying you. Tip: Create a "Services" shortcut on your desktop.
The older "NetBEUI" protocol still runs on XP/2003 and you can attempt to use this to create an ad hoc (peer) lan in your home or small office. NetBEUI can be enabled (bound) at the ethernet Interface level and supports the dual lan model mentioned above.
|
|
|
