Client Domain Management by exu21454


More Info
									                                                      Windows 2000 services that can be disabled

                                                                                                                                                                                                                               Infrastructure server
                                                                                                                                                                                                           Domain controller
                                                                                                                                                                                           Member server

                                                                                                                                                                                                                                                       IIS server
Service                                       Description                                                       Startup     Ramifications if disabled
                                                                                                                            System Event Notification stops working, which means
                                              Allows management of Component Services by providing
                                                                                                                            that logon and logoff notifications will not take place.
COM+ Event Services                           automatic distribution of events to subscribing COM               Manual                                                                          •                 •                    •                   •
                                                                                                                            Other applications, such as Volume Snapshot service, will
                                                                                                                            not work correctly.

                                              Allows the system to automatically obtain IP addressing                       The system will be unable to obtain an IP address, WINS
DHCP Client                                   information, WINS server information, routing information,        Automatic   information, etc., from a DHCP server and will need to be           •                 •                    •                   •
                                              etc., and is required to update records in Dynamic DNS                        configured with a static address.

                                              Distributes TCP/IP and WINS information to requesting                         Clients will be unable to obtain addressing information,
DHCP Server                                                                                                     Automatic                                                                                                              •
                                              clients                                                                       which could result in a loss of network connectivity.

                                              Manages volumes that are replicated to other domain                           Users will be unable to access distributed files using the
Distributed File System                       controllers on the network, such as the SYSVOL volume             Automatic   Dfs namespace and will instead need to specifically target                            •
                                              present on all domain controllers                                             an individual server to get the required information.

                                              Ensures that shortcuts and OLE links continue to work after
                                                                                                                            Link tracking will be unavailable. Users on other
Distributed Link Tracking Client              the target file is renamed or moved by maintaining links in the Automatic                                                                         •                 •                    •                   •
                                                                                                                            computers won't be able to track links on this computer.
                                              file system

                                              Resolves and caches DNS names, allowing the system to                         The system will be unable to resolve a name and will be
DNS Client                                    communicate with canonical names rather than strictly by IP       Automatic   able to communicate only via IP address. A client may be            •                 •                    •                   •
                                              address                                                                       unable to communicate with its domain controller.

                                              Performs the name-to-IP address lookup both for itself and                    Access to resources must be made by IP address and
DNS Server                                    clients; required on the server to allow clients to use Active    Automatic   not by name. There could be serious implications for                                  •                    •
                                              Directory services                                                            Active Directory lookups.

                                                                                                                            Administrators won't be able to view logs, including the
                                              Allows event log messages to be viewed in Event log to assist
Event Log                                                                                                   Automatic       security log, increasing the difficulty of diagnosing               •                 •                    •                   •
                                              in problem resolution
                                                                                                                            problems and detecting security breaches.

                                              Used by services to replicate files to different servers on the               File replication will not take place, which can result in an
File Replication                                                                                                Automatic                                                                                         •
                                              network; used especially by the Dfs service                                   impaired domain controller.

                                              Enables administration of an Internet Information Services                    IIS can't be administered, and Web, FTP, and other
IIS Admin                                                                                                       Automatic                                                                                                                                  •
                                              Web server                                                                    Internet services will not run.

                                              Allows users with an appropriate client to log on to the
Kerberos Key Distribution Center                                                                                Automatic   Users will be unable to log in to the domain.                                         •
                                              network using Kerberos v5

                                              Waits for new drives to be added and passes required
Logical Disk Manager                          information to the LDM administrative service; required to        Automatic   New disks will not be detected by the system.                       •                 •                    •                   •
                                              ensure dynamic disk information is up to date

                                              Starts and allows configuration to take place when a new
Logical Disk Manager Administrative Service                                                                     Manual      None; runs only when needed.                                        •                 •                    •                   •
                                              drive is detected or a partition/drive is configured

                                              Allows pass-through authentication to take place between a                    The server will be unable to properly participate in the
Netlogon                                      client and a domain controller or between domain controllers; Automatic       domain and will reject NT LAN Manager (NTLM)                        •                 •                    •                   •
                                              required for domain participation                                             requests.

                                                                                                                            Network configuration will not be possible; new
                                              Manages the network and dial-up connections for the server,
Network Connections                                                                                             Manual      connections can't be created and services that need                 •                 •                    •                   •
                                              including network status notification and configuration
                                                                                                                            network information may fail.

                                              Allows clients to log on using NT LAN Manager (NTLM)                          Users with versions of Windows prior to Windows 2000
NT LM Security Support Provider                                                                                 Automatic                                                                                         •
                                              authentication                                                                will be unable to log in to the network.

                                                                                                                            Users with versions of Windows prior to Windows 2000
NT LM Security Support Provider (NTLMSSP)     Allows users to log on to the network using NTLM                  Automatic                                                                                         •                    •
                                                                                                                            will be unable to log in to the network.

                                              Collects performance data for the computer or other                           Performance information will no longer be logged or
Performance Logs and Alerts                                                                                     Manual                                                                          •                 •                    •                   •
                                              computers and writes it to a log or displays it on the screen                 displayed.

                                              Allows an administrator to add hardware to a server and have                  The system will be unstable and incapable of detecting
Plug and Play                                                                                              Automatic                                                                            •                 •                    •                   •
                                              the server automatically detect and configure it                              hardware changes.

                                              Protects sensitive information such as private keys from
Protected Storage                                                                                               Automatic   Protected information will be inaccessible.                         •                 •                    •                   •
                                              exposure except to allowed persons and services

                                              Allows processes to communicate internally and across the
Remote Procedure Call (RPC)                                                                                     Automatic   The system will not boot. Don't disable this service.               •                 •                    •                   •
                                              network with each other

                                                                                                                            Remote systems will be unable to connect to the local
                                              Provides a mechanism to remotely manage the system
Remote Registry Service                                                                                         Automatic   registry. Hfnetchk uses this mechanism. Disabling it can            •                 •                    •                   •
                                                                                                                            affect the patch utility's operation.

                                                                                                                            Systems that are running third-party utilities looking for
                                                                                                                            RPC information will be unable to find it. OS components
RPC Locator                                   Provides RPC name services similar to DNS services for IP         Automatic                                                                                         •
                                                                                                                            do not use this service, but programs such as Exchange

                                              Stores account information for local security accounts, which,                Services that rely on requests to the SAM database will
Security Accounts Manager                                                                                    Automatic                                                                          •                 •                    •                   •
                                              when started, allows other services to access the SAM                         not function properly.

                                              Allows the sharing of local resources such as files and                       Resources can't be shared, RPC requests will be denied,
Server                                                                                                          Automatic                                                                       •                 •                    •                   •
                                              printers, as well as named pipe communication                                 and named pipe communication will fail.

                                                                                                                            Certain notifications will no longer work. For example,
                                              Required to record entries in the event logs; notifies COM+                   synchronization won't work, as it depends on connectivity
System Event Notification                                                                                       Automatic                                                                       •                 •                    •                   •
                                              subscribers about logon and power-related events                              information and Network Connect/Disconnect and
                                                                                                                            Logon/Logoff notifications.

                                              Required for software distribution in a Group Policy (may be                  NetBIOS over TCP/IP clients including Netlogon and
TCP/IP NetBIOS Helper Service                 used to distribute patches) and provides support for NetBIOS Automatic        Messenger might stop responding. Disabling may also                 •                 •                    •                   •
                                              over TCP/IP and NetBIOS name lookups                                          affect the ability to share resources.

W3SVC                                         Allows the server to share Web content (IIS)                      Automatic   Clients can't obtain information with a Web browser.                                                                           •

                                              Provides system management information; required to
                                                                                                                            System management and performance information will be
Windows Management Instrumentation Driver     implement performance alerts using Performance Logs and           Manual                                                                          •                 •                    •                   •

                                                                                                                            Time synchronization won't take place, which may cause
                                              Uses NTP to keep computers in the domain synchronized;                        Kerberos identification tokens to be marked as expired
Windows Time (or W32Time)                                                                                       Automatic                                                                       •                 •                    •                   •
                                              critical for Kerberos authentication to consistently function                 and discarded by a server, resulting in inaccessible

                                              Provides NetBIOS naming services; required for networks
                                                                                                                            Older clients will be unable to obtain NT domain
Windows Internet Name Service (WINS)          with clients running versions of Windows prior to Windows         Automatic                                                                                                              •
                                                                                                                            information and use domain resources.

                                              Provides network connections and communications using the                     The computer will be unable to connect to remote
Workstation                                                                                             Automatic                                                                               •                 •                    •                   •
                                              Microsoft Network services                                                    Microsoft Network resources.

To top