Essential versus nonessential services for a Windows Web server

Use this security checklist to harden your IIS Web server.

by Michael Cobb

This list is a companion piece to the Secure Web server installation portion of SearchSecurity.com's Intrusion Defense School lesson on Web attack prevention and defense. Check out the companion primer, Insider's guide to Web server security.



Nonessential services

Essential services

Alerter

COM+ Event System

ClipBook Server

Event Log

Computer Browser

IIS Admin Service

DHCP Client

IPSEC Policy Agent

Distributed File System

Logical Disk Manager

Distributed Link Tracking
(Client and Server)

Network Connections

Distributed Transaction Coordinator

Performance Logs and Alerts

DNS Client

Plug and Play

FTP Publishing Service
(unless FTP services required)

Protected Storage

Licensing Logging Service

Remote Procedure Call (RPC)

Logical Disk Manager Administrator Service

Remote Registry Service

Messenger

Security Accounts Manager

Net Logon*

System Event Notification

Network DDE

Uninterruptible Power Supply

Network DDE DSDM

Windows Management Instrumentation

Print Spooler

WMI Driver Extensions

Remote Registry Service

World Wide Web Publishing Service

Removable Storage

Remote Access Connection Manager

Routing and Remote

Access RPC Locator
(unless remote administration required)

RunAS Service

Server Service
(unless SMTP or NNTP required)

 

Task Scheduler

 

TCP/IP NetBIOS Helper

 

Telephony

 

Telnet

 

Windows Installer

 

Windows Time

 

Workstation*

 


* Services required if running as part of a Windows domain for an intranet.

Security School

Download a PDF version of Essential versus nonessential services for a Windows Web server

Check out the companion primer, Insider's guide to Web server security

This was first published in June 2007

Dig deeper on Web Server Threats and Countermeasures

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close