Microsoft choose to run programs as 'services'. Novell's equivalent are NLM
(Netware Loadable modules), while Unix uses Daemons, but Microsoft choose
services as a vehicle to run their executables. Traditionally, you access
the services from the administrative tools folder, however, I prefer to add
services as a snap-in to my MMC.
Maleware, virus, Trojan horses, what ever you call these evil programs they
often install themselves as a service. On the other hand, my virus checker
AVG6 also installs itself as a service. So this is why you need the skill
to identify the good services from the baddies.
My best advice is to go through each service and decide if your server needs the
underlying feature. There are two advantages of this approach, firstly you
learn how Windows 2003's mind works, secondly your server will run faster and
more securely if you disable unwanted services.
Which Startup type to configure?
Each service has 3 settings, Automatic, Manual and Disabled. If in doubt leave the
Startup type as it is. However, if its a service that is not required for that
particular server, consider switching from Automatic to Manual. Manual
means that programs that need that service can start it on demand. Reserve
the Disabled setting for services you are pretty sure that you will never need.
The other factor with services is the 'Log on as' account. Most services
are configured for the built-in account called Local System. A few like SQL
require a regular user account. Take care that any user accounts
have the correct privileges, such as can act as part of the operating system or
can log on as a batch job. Check SQL setup guide for instructions on how
to configure such accounts. Beware of the trap, the account fails because
it cannot change its password, so always set the option 'Password Never
Expires'.
Only you can know or discover which are the top 10 services on your server. Each
of my choices was made on the basis that you can use services to learn about the
operating, while at the same time improving your servers' performances.
Dependencies are well worth a look, especially if want to see how services are
related. For instance, if DFS (Distributed File System) is not working, it
may be because the Server Service has failed and DFS relies on the Server
service.
Workstation and Server Service
Together these two services make the client / server technology work.
Workstation is your 'go-getter' or redirector. The workstation service makes request to other
servers, for example, for logon, DFS or printing.
The Server Service is the mirror image, the component that responds to requests
from Workstation services on other machines and supplies the files, information
or service requested. Naturally, the server service contacts the security
sub-system to check that the client does indeed have the necessary permissions
for the resource.
This reminds me that in Windows 2000 and 2003 that you can start and stop
services which have hung, rather than suffer a 10 minute wait while you reboot
the server. Print Spooler was the very first service that I used this
restart technique, but nowadays, I apply the principle to other services, for
example, Exchange System
Attendant. My reason is that I want to save that ten minute reboot.
Guy Recommends: A Free Trial of the Network Performance Monitor
(NPM)
Solarwinds'
Orion performance monitor
will help you discover what's happening on your network. This
utility will also guide you through troubleshooting; the dashboard will
indicate whether the root cause is a broken link, faulty equipment or
resource overload.
Perhaps the NPM's best feature is the way it suggests solutions to network
problems. Its
second best feature is the ability to monitor the health of individual VMWare
virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you take advantage of Solarwinds' offer.
If you are using Exchange 2003 or 2000 then Outlook Web Access needs WWW to
render the pages. Alternatively, if you are publishing a website
using IIS then you need this service, otherwise disable it for security reasons.
Here is an example of understanding what the service does, such information
would help in troubleshooting OWA.
Firstly, watch out for spelling and alphabetical order, I keep looking down at
the bottom under 'U' for updates, whereas I should be looking under 'A' for
automatic.
Automatic Update service probably causes more debate than any other service.
Perhaps my greatest help is pointing out that you have control over those
irritating bubbles that pop-up and ask you to contact Microsoft for the latest
patch. However, others will tell you that these updates have been a life
saver in preventing, viruses attacking their servers.
Viruses target FTP as a service which will spread their evil to other machines.
So if you are not using FTP to copy files then I would disable FTP, if
you just set to Manual, the virus may be able to switch FTP to automatic.
Disable Telnet unless you have a business use. This is another favourite service
for viruses and hackers to hitch a ride and wreck havoc.
A great additional service for Windows Server 2003. Learning point, check
which services are new in Windows Server 2003.
Make sure that Volume Shadow Copy service is running because this permits true
online backups.
See more here.
Guy Recommends: Solarwinds' Log & Event Management Tool
LEM will alert you to problems such as when a key
application on a particular server is unavailable. It can also
detect when services have stopped, or if there is a
network latency problem. Perhaps this log and event management
tool's most interesting ability is to take corrective action, for
example by
restarting services, or isolating the source of a maleware attack.
Yet perhaps the killer reason why people
use LEM is for its
compliance capability, with a little help from you, it will ensure that your organization complies with industry
standards such as CISP or FERPA. LEM is a really smart
application that can make correlations between data in different logs,
then use its built-in logic to take corrective action, to restart services,
or thwart potential security breaches.
I mention this service because many administrators overlook the fact that XP
machines can automatically synchronize with a domain controller.
Consequently, you do
not need 'NET TIME' commands in logon scripts. Administrators are rightly
concerned that machines clocks should be within a few minutes of the server,
otherwise Kerberos security will think that its packets have been hacked.
The result is that users will not be able to logon because Kerberos security
thinks that it has been compromised.
Some administrators use Group Policies to turn this off the Remote Desktop
services. But I think its a pity if they deny users access
to their own desktop from a distant machine. Learning point: you can use
Group Policy to configure the Startup type of any service.
Firstly be aware that there are two similar services for producing screen
messages. The distinction is not easy, however, the Alerter Service is
used by SQL and other server type programs, where as Messenger is used by client
type programs.
If you are setting performance monitor alerts then you will only receive
notification if the Alerter service is running. The Messenger service
delivers those 'Net Send' pop-up boxes. Here it's horses for courses, if
you are using perfmon or 'pop-up' programs then you need these services, else
set them to manual.
This is wonderful technology. The only slight surprise is that Terminal
Services is implemented as a service rather than a series of .exe files.
See more about Terminal Services here.
Windows
Server 2008 Enterprise Admin
Train Signal have an excellent Windows Server 2008 course. You get over 70
hrs instruction with Ed Liberman and Ben "Coach" Culbertson. Try their
step-by-step videos and master Windows Server 2008 Enterprise Admin.
The package includes the Transcender exams, which are the key to gaining the
coverted Microsoft Certified IT Professional certification. However, the
course also builds practical experience so that you can manage your network
effectively once you complete the course.
Guy Recommends: Orion's NPM - Network Performance Monitor
Orion's performance monitor is designed for detecting network outages. NPM makes it easy to see what's working, and what needs your attention.
This utility guides you through creating network maps. It also helps troubleshooting by indicating whether the root cause is faulty equipment, or resource overload.
