Windows 2003 system services
Windows Server 2003 also has many additional optional services such as Certificate Services. These services are not installed during the default installation of Windows Server 2003.
The optional services can be added to existing Windows Server 2003 computers by using Add/Remove Programs or the Windows Server 2003 Configure Your Server Wizard, or by creating a customized automated installation of Windows Server 2003.
The service or application running on the Windows 2003 Server can be a point from where hackers and intruders may attack. Therefore, the services and applications that are not required in an environment should be disabled or removed.
If additional services are enabled, they may also have dependencies that require further services. All of the services needed for a specific server role are added in the policy for the server role that it performs in an organization. For example, if Microsoft SQL Server is going to be used for storing customer data on the back-end of a Web application, then SQL Server needs to be installed. A Group Policy that applies to that new server role in this case will also need to be created that sets the SQL Services service to Automatic. Setting the service to Automatic will start the service automatically when the computer starts. The system services settings can be configured in Windows Server 2003 at the following location within the Group Policy Object Editor:
Computer ConfigurationWindows SettingsSecurity SettingsSystem Services
Following are some important system services of Windows Server 2003:
The Alerter system service notifies specific users and computers of administrative alerts. It is used to send alert messages to the specified users that are connected to the network. If the service is stopped, programs that use administrative alerts will not receive them.
The Automatic Updates system service is used for downloading and installing critical Windows updates.
Background Intelligent Transfer Service
The Background Intelligent Transfer Service (BITS) system service is a background file transfer mechanism and queue manager. It is used for transferring files asynchronously between a client and an HTTP server. Requests to the BITS service are submitted and the files are transferred using an idle network bandwidth so that other network-related activities, such as browsing, are not affected.
The Certificate Services service is a part of the core operating system that enables a business to act as its own certification authority (CA) and issue and manage digital certificates.
MS Software Shadow Copy Provider
The MS Software Shadow Copy Provider service manages software for file shadow copies taken by the Volume Shadow Copy service. A shadow copy enables users to create a copy of a disk volume that represents a consistent read-only point in time, for that volume. This point in time then stays constant and allows an application, such as NTBACKUP, to copy data from the shadow copy to tape. If this service is disabled, software-based volume shadow copies cannot be managed.
The Cluster Service is used for controlling server cluster operations and for managing the cluster database. The Cluster Service spreads data and computation among the nodes of the cluster. When a node fails, other nodes provide the services and data formerly provided by the missing node. When a node is added or repaired, the Cluster Service software migrates some data and computation to that node.
The Computer Browser service is used to maintain an up-to-date list of computers on the network. It also supplies the list to programs that are requesting it. The Computer Browser service is used by Windows-based computers that need to view network domains and resources.
The DHCP service is used to allocate IP addresses and to enable advanced configuration of network settings such as DNS servers and WINS servers to DHCP clients automatically. It prevents an administrator from having to manually configure static IP addresses for individual resources. DHCP service enables a computer to function as a DHCP server and configure DHCP-enabled client computers on the network. DHCP, which runs on a server, enables the automatic, centralized management of IP addresses, and other TCP/IP configuration settings for the network's client computers.
Distributed File System
The Distributed File System (DFS) service is used to manage logical volumes distributed across a local or wide area network. It permits the linking of servers and shares into a simpler, more meaningful name space. DFS provides improved load sharing and data availability.
DNS Client service
The DNS Client service is used to resolve and cache DNS names for a computer. The DNS client service must be running on every computer that performs DNS name resolution. Resolving DNS names is essential for locating domain controllers in Active Directory domains. Running the DNS client service is also critical for locating devices identified using DNS name resolution.
DNS Server service
The DNS Server service is used to enable DNS name resolution by answering queries and update requests for DNS names. The presence of a DNS server is necessary for locating devices identified using DNS names and domain controllers in Active Directory. It enables users to use friendly names to locate computers and other resources on an IP network. TCP/IP uses IP addresses to locate and connect to hosts, but for users, it is easier to use names instead of IP addresses to locate or connect to a site. For example, users will be more comfortable in using the host name www.uCertify.com rather than using its IP address 220.127.116.11.
Event Log service
The Event Log service is used to enable event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be disabled.
File Replication Service (FRS)
The File Replication Service (FRS) is used to enable files to be automatically copied and maintained simultaneously on multiple servers. If the File Replication Service is disabled, file replication will not occur, and server data will not synchronize. In the case of a domain controller, stopping the FRS service might adversely affect the domain controller's functionality.
IIS Admin Service
IIS Admin Service is used to manage the IIS metabase that holds IIS configuration data. It is used to update the following components of a Web server:
- Windows operating system registry for World Wide Web Publishing Service
- FTP Publishing Service
- Simple Mail Transfer Protocol (SMTP) service
- Network News Transfer Protocol (NNTP) service.
IIS Admin Service is used by operating systems to expose the IIS metabase to other applications, including the core components of IIS, applications that are built on IIS, and third-party applications that are independent of IIS, such as management or monitoring tools.
If this service is stopped, administrators cannot run Web, FTP, NNTP, or SMTP sites or configure IIS, and the MMC IIS snap-in appears blank. Moreover, if this service is disabled, any services that explicitly depend on this service will fail to start.
IMAPI CD - Burning COM service
The IMAPI CD-Burning COM service is used to manage CD burning through the Image Mastering Applications Programming Interface (IMAPI) COM interface and to perform CD-R writes when requested by the user through Windows Explorer, Windows Media Player, and third-party applications that use this API.
The Indexing Service is used to index contents and properties of files on local and remote computers. It provides quick access to files through a flexible querying language. The Indexing Service also enables quick searching of documents on local and remote computers and a search index for content shared on the Web.
Internet Authentication Service
Internet Authentication Service (IAS) performs centralized connection authentication, authorization, and accounting for dial-up and virtual private network (VPN), remote access, and router-to-router connections.
License Logging Service
The License Logging service logs client access license usage for server services or programs such as IIS, Terminal Services, SQL Server, etc. Disabling the License Logging service does not log the usage of client access license for these server services or programs.
Logical Disk Manager Service
The Logical Disk Manager service is used to detect and monitor new hard disk drives. It sends the disk volume information to the Logical Disk Manager Administrative Service for configuration. This service watches Plug and Play events for new drives that are detected and passes volume and disk information to the Logical Disk Manager Administrative Service to be configured.
The Messenger system service is used to send and receive messages transmitted by administrators or by the Alerter service.
Microsoft POP3 Service
The Microsoft POP3 Service is used to provide e-mail transfer and retrieval services. Administrators use the POP3 service for storing and managing e-mail accounts on the mail server.
The Netlogon system service is used to maintain a secure channel between a computer and the domain controller for authenticating users and services. If this service is disabled, computers on the network will not authenticate users and services, and the domain controller will not register DNS records. Disabling this service will also deny NTLM authentication requests, and, in case of domain controllers, they will not be discoverable by client computers.
Network News Transport Protocol (NNTP)
The Network News Transport Protocol (NNTP) service allows computers running Windows Server 2003 to act as a news server. It is used to post, distribute, and retrieve network news messages from NNTP servers and NNTP clients on the Internet.
Performance Logs and Alerts
The Performance Logs and Alerts service is used to collect performance data from local or remote computers based on preconfigured schedule parameters. It then writes the data to a log or triggers an alert.
Plug and Play
The Plug and Play service is used to enable a computer to recognize and adapt hardware changes with little or no user input.
The Print Spooler service is used for managing all local and network print queues and for controlling all print jobs.
Remote Access Connection Manager
The Remote Access Connection Manager service is used to manage dial-up and VPN connections from a computer to the Internet or other remote networks.
Remote Installation Services (RIS) is used to install a copy of the operating system throughout the organization from a remote location. It helps reduce the Total Cost of Ownership (TCO).
Remote Procedure Call (RPC)
The Remote Procedure Call (RPC) service is a secure inter-process communication (IPC) mechanism. It is used to enable data exchange and invocation of functionality residing in a different process. Different processes can occur on the same computer, the local area network (LAN), or across the Internet. This service should not be disabled. Disabling the Remote Procedure Call (RPC) service will prevent the operating system from loading numerous services that are dependent on it.
Remote Registry Service
The Remote Registry Service is used to enable remote users to modify registry settings on a computer. Remote Registry service is mainly used by remote administrators and performance counters. If the Remote Registry Service is disabled, modifying the registry will only be allowed on the local computer.
The Removable Storage service is used to manage and list removable media and to operate automated removable media devices. This service maintains a catalog of identifying information for removable media used by a computer, including cartridge tapes and CDs. This service is required for system backups by using NTBACKUP.EXE.
Routing and Remote Access
Routing and Remote Access Service (RRAS) is a single integrated service that provides both remote access and multiprotocol routing. RRAS provides extensive support for demand-dial routing that allows users to connect to the Internet, connect remote offices, and implement router-to-router virtual private network (VPN) connections.
The Server service provides RPC support, file, print, and named pipe sharing over the network.
Simple Mail Transport Protocol (SMTP)
The Simple Mail Transport Protocol (SMTP) service is used for transferring e-mails between the intranet and the Internet.
The Task Scheduler service is used to enable users to configure and schedule automated tasks on a computer. It monitors whatever criteria users choose and performs the task when the criteria have been met.
TCP/IP Print Server
The TCP/IP Print Server service is used to enable TCP/IP-based printing using the Line Printer Daemon protocol.
Terminal Services provides multi-session environment that allows remote computers to access Windows-based programs running on a server. When a user runs a program on a Terminal Server, the application execution takes place on the server, and only the keyboard, mouse, and display information are transmitted over the network. Each user sees only his individual session, which is managed transparently by the server operating system, and is independent of any other client session.
Terminal Services Licensing
The Terminal Services Licensing service is used to install a licensed server and to provide registered client licenses when connecting to a Terminal Server.
Volume Shadow Copy
The Volume Shadow Copy service is used to manage and implement Volume Shadow copies used for backup and other purposes.
The Windows Installer service is used to manage the installation and removal of applications by applying a set of centrally defined setup rules during the installation process.
Windows Internet Name Service (WINS)
Windows Internet Name Service (WINS) is a name resolution service that registers and resolves NetBIOS names to IP addresses used on the network. WINS is a Microsoft standard and is used only on networks that comprise of Windows hosts.
Windows Media Services
The Windows Media Services service is used to provide streaming media services over IP-based networks.
About the Author:
uCertify was formed in 1996 with an aim to offer high quality educational training software and services in the field of information technology to its customers. uCertify provides exam preparation solutions for the certification exams of Microsoft, CIW, CompTIA, Oracle, Sun and other leading IT vendors. To know more about uCertify, please visit http://www.ucertify.com/