Services
Understanding and managing services that appear on the server and clients is an important part of the security procedure. Disabling services not in use reduces the ways in which the server can be attacked.
A sample configuration of services and their start-up state are listed below.
| Name | Caption | State | StartMode |
|---|---|---|---|
| AeLookupSvc | Application Experience | Running | Auto |
| ALG | Application Layer Gateway Service | Stopped | Manual |
| Appinfo | Application Information | Stopped | Manual |
| AppMgmt | Application Management | Stopped | Manual |
| aspnet_state | ASP.NET State Service | Stopped | Disabled |
| AudioEndpointBuilder | Windows Audio Endpoint Builder | Stopped | Manual |
| Audiosrv | Windows Audio | Stopped | Manual |
| BFE | Base Filtering Engine | Running | Auto |
| BITS | Background Intelligent Transfer Service | Stopped | Manual |
| Browser | Computer Browser | Stopped | Disabled |
| CertPropSvc | Certificate Propagation | Running | Manual |
| clr_optimization_v2.0.50727_32 | Microsoft .NET Framework NGEN v2.0.50727_X86 | Stopped | Disabled |
| clr_optimization_v4.0.30319_32 | Microsoft .NET Framework NGEN v4.0.30319_X86 | Stopped | Auto |
| COMSysApp | COM+ System Application | Running | Manual |
| CryptSvc | Cryptographic Services | Running | Auto |
| CscService | Offline Files | Stopped | Disabled |
| DcomLaunch | DCOM Server Process Launcher | Running | Auto |
| Dhcp | DHCP Client | Running | Auto |
| Dnscache | DNS Client | Running | Auto |
| dot3svc | Wired AutoConfig | Stopped | Manual |
| DPS | Diagnostic Policy Service | Running | Auto |
| EapHost | Extensible Authentication Protocol | Stopped | Manual |
| EventLog | Windows Event Log | Running | Auto |
| EventSystem | COM+ Event System | Running | Auto |
| FCRegSvc | Microsoft Fibre Channel Platform Registration Service | Stopped | Manual |
| fdPHost | Function Discovery Provider Host | Stopped | Manual |
| FDResPub | Function Discovery Resource Publication | Stopped | Manual |
| FontCache | Windows Font Cache Service | Running | Auto |
| FontCache3.0.0.0 | Windows Presentation Foundation Font Cache 3.0.0.0 | Stopped | Manual |
| gpsvc | Group Policy Client | Running | Auto |
| hidserv | Human Interface Device Access | Stopped | Manual |
| hkmsvc | Health Key and Certificate Management | Stopped | Manual |
| idsvc | Windows CardSpace | Stopped | Manual |
| IKEEXT | IKE and AuthIP IPsec Keying Modules | Running | Auto |
| IPBusEnum | PnP-X IP Bus Enumerator | Stopped | Disabled |
| iphlpsvc | IP Helper | Running | Auto |
| KeyIso | CNG Key Isolation | Stopped | Manual |
| KtmRm | KtmRm for Distributed Transaction Coordinator | Running | Auto |
| LanmanServer | Server | Running | Auto |
| LanmanWorkstation | Workstation | Running | Auto |
| LICENCESERVER | ClearSCADA License Server | Running | Auto |
| lltdsvc | Link-Layer Topology Discovery Mapper | Stopped | Manual |
| lmhosts | TCP/IP NetBIOS Helper | Running | Auto |
| MatrikonOPC Server for Simulation and Testing | MatrikonOPC Server for Simulation and Testing | Stopped | Manual |
| MMCSS | Multimedia Class Scheduler | Stopped | Manual |
| MpsSvc | Windows Firewall | Running | Auto |
| MSDTC | Distributed Transaction Coordinator | Running | Auto |
| MSiSCSI | Microsoft iSCSI Initiator Service | Stopped | Manual |
| msiserver | Windows Installer | Stopped | Manual |
| napagent | Network Access Protection Agent | Stopped | Manual |
| Netlogon | Netlogon | Running | Auto |
| Netman | Network Connections | Running | Manual |
| NetMsmqActivator | Net.Msmq Listener Adapter | Stopped | Disabled |
| NetPipeActivator | Net.Pipe Listener Adapter | Stopped | Disabled |
| netprofm | Network List Service | Running | Auto |
| NetTcpActivator | Net.Tcp Listener Adapter | Stopped | Disabled |
| NetTcpPortSharing | Net.Tcp Port Sharing Service | Stopped | Disabled |
| NlaSvc | Network Location Awareness | Running | Auto |
| nsi | Network Store Interface Service | Running | Auto |
| OpcEnum | OpcEnum | Stopped | Manual |
| PeerDistSvc | BranchCache | Stopped | Manual |
| pla | Performance Logs & Alerts | Stopped | Manual |
| PlugPlay | Plug and Play | Running | Auto |
| PolicyAgent | IPsec Policy Agent | Running | Auto |
| ProfSvc | User Profile Service | Running | Auto |
| ProtectedStorage | Protected Storage | Stopped | Manual |
| RasAuto | Remote Access Auto Connection Manager | Stopped | Manual |
| RasMan | Remote Access Connection Manager | Running | Manual |
| RemoteAccess | Routing and Remote Access | Stopped | Disabled |
| RemoteRegistry | Remote Registry | Running | Auto |
| RpcLocator | Remote Procedure Call (RPC) Locator | Stopped | Manual |
| RpcSs | Remote Procedure Call (RPC) | Running | Auto |
| RSoPProv | Resultant Set of Policy Provider | Stopped | Manual |
| sacsvr | Special Administration Console Helper | Stopped | Manual |
| SamSs | Security Accounts Manager | Running | Auto |
| SCardSvr | Smart Card | Stopped | Manual |
| Schedule | Task Scheduler | Running | Auto |
| SCPolicySvc | Smart Card Removal Policy | Stopped | Manual |
| seclogon | Secondary Logon | Running | Auto |
| SENS | System Event Notification Service | Running | Auto |
| SepMasterService | Symantec Endpoint Protection | Running | Auto |
| SessionEnv | Terminal Services Configuration | Running | Manual |
| SharedAccess | Internet Connection Sharing (ICS) | Stopped | Disabled |
| ShellHWDetection | Shell Hardware Detection | Running | Auto |
| slsvc | Software Licensing | Running | Auto |
| SLUINotify | SL UI Notification Service | Stopped | Manual |
| SmcService | Symantec Management Client | Running | Manual |
| SNAC | Symantec Network Access Control | Stopped | Manual |
| SNMPTRAP | SNMP Trap | Stopped | Manual |
| Spooler | Print Spooler | Running | Auto |
| SSDPSRV | SSDP Discovery | Stopped | Disabled |
| SstpSvc | Secure Socket Tunneling Protocol Service | Running | Manual |
| swprv | Microsoft Software Shadow Copy Provider | Stopped | Manual |
| SysMain | Superfetch | Stopped | Disabled |
| TapiSrv | Telephony | Running | Manual |
| TBS | TPM Base Services | Stopped | Auto |
| TermService | Terminal Services | Running | Auto |
| Themes | Themes | Stopped | Disabled |
| THREADORDER | Thread Ordering Server | Stopped | Manual |
| TrkWks | Distributed Link Tracking Client | Running | Auto |
| TrustedInstaller | Windows Modules Installer | Running | Manual |
| UI0Detect | Interactive Services Detection | Stopped | Manual |
| UmRdpService | Terminal Services UserMode Port Redirector | Running | Manual |
| upnphost | UPnP Device Host | Stopped | Disabled |
| UxSms | Desktop Window Manager Session Manager | Running | Auto |
| vds | Virtual Disk | Stopped | Manual |
| VMTools | VMware Tools | Running | Auto |
| vmvss | VMware Snapshot Provider | Stopped | Manual |
| VSS | Volume Shadow Copy | Stopped | Manual |
| W32Time | Windows Time | Running | Auto |
| WcsPlugInService | Windows Color System | Stopped | Manual |
| WdiServiceHost | Diagnostic Service Host | Stopped | Manual |
| WdiSystemHost | Diagnostic System Host | Running | Manual |
| Wecsvc | Windows Event Collector | Stopped | Manual |
| wercplsupport | Problem Reports and Solutions Control Panel Support | Stopped | Manual |
| WerSvc | Windows Error Reporting Service | Running | Auto |
| WinHttpAutoProxySvc | WinHTTP Web Proxy Auto-Discovery Service | Running | Manual |
| Winmgmt | Windows Management Instrumentation | Running | Auto |
| WinRM | Windows Remote Management (WS-Management) | Running | Auto |
| wmiApSrv | WMI Performance Adapter | Stopped | Manual |
| WPDBusEnum | Portable Device Enumerator Service | Stopped | Manual |
| WPFFontCache_v0400 | Windows Presentation Foundation Font Cache 4.0.0.0 | Stopped | Manual |
| wuauserv | Windows Update | Running | Auto |
| wudfsvc | Windows Driver Foundation - User-mode Driver Framework | Stopped | Manual |