Windows Server 2003 Services to Investigate
Microsoft choose to run programs as ‘services’. Novell’s equivalent are NLM (Netware Loadable modules), while Unix uses Daemons, but Microsoft choose services as a vehicle to run their executables. Traditionally, you access the services from the administrative tools folder, however, I prefer to add services as a snap-in to my MMC.
Guy’s List of 10 Windows 2003 Services
- Server and Workstation Services
- Print Spooler
- World Wide Web
- Automatic Update
- FTP and Telnet
- Volume Shadow Copy
- Windows Time
- Alerter and Messenger
- Terminal Services
Why Investigate Windows Services?
Maleware, virus, Trojan horses, what ever you call these evil programs they often install themselves as a service. On the other hand, my virus checker AVG6 also installs itself as a service. So this is why you need the skill to identify the good services from the baddies.
My best advice is to go through each service and decide if your server needs the underlying feature. There are two advantages of this approach, firstly you learn how Windows 2003’s mind works, secondly your server will run faster and more securely if you disable unwanted services.
Which Startup type to configure?
Each service has 3 settings, Automatic, Manual and Disabled. If in doubt leave the Startup type as it is. However, if its a service that is not required for that particular server, consider switching from Automatic to Manual. Manual means that programs that need that service can start it on demand. Reserve the Disabled setting for services you are pretty sure that you will never need.
The other factor with services is the ‘Log on as’ account. Most services are configured for the built-in account called Local System. A few like SQL require a regular user account. Take care that any user accounts have the correct privileges, such as can act as part of the operating system or can log on as a batch job. Check SQL setup guide for instructions on how to configure such accounts. Beware of the trap, the account fails because it cannot change its password, so always set the option ‘Password Never Expires’.
Only you can know or discover which are the top 10 services on your server. Each of my choices was made on the basis that you can use services to learn about the operating, while at the same time improving your servers’ performances.
Dependencies are well worth a look, especially if want to see how services are related. For instance, if DFS (Distributed File System) is not working, it may be because the Server Service has failed and DFS relies on the Server service.
Workstation and Server Service
Together these two services make the client / server technology work. Workstation is your ‘go-getter’ or redirector. The workstation service makes request to other servers, for example, for logon, DFS or printing.
The Server Service is the mirror image, the component that responds to requests from Workstation services on other machines and supplies the files, information or service requested. Naturally, the server service contacts the security sub-system to check that the client does indeed have the necessary permissions for the resource.
This reminds me that in Windows 2000 and 2003 that you can start and stop services which have hung, rather than suffer a 10 minute wait while you reboot the server. Print Spooler was the very first service that I used this restart technique, but nowadays, I apply the principle to other services, for example, Exchange System Attendant. My reason is that I want to save that ten minute reboot.
SolarWinds’ Network Performance Monitor will help you discover what’s happening on your network. This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.
Perhaps the NPM’s best feature is the way it suggests solutions to network problems. Its second best feature is the ability to monitor the health of individual VMware virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you give this Network Performance Monitor a try.
If you are using Exchange 2003 or 2000 then Outlook Web Access needs WWW to render the pages. Alternatively, if you are publishing a website using IIS then you need this service, otherwise disable it for security reasons. Here is an example of understanding what the service does, such information would help in troubleshooting OWA.
Firstly, watch out for spelling and alphabetical order, I keep looking down at the bottom under ‘U’ for updates, whereas I should be looking under ‘A’ for automatic.
Automatic Update service probably causes more debate than any other service. Perhaps my greatest help is pointing out that you have control over those irritating bubbles that pop-up and ask you to contact Microsoft for the latest patch. However, others will tell you that these updates have been a life saver in preventing, viruses attacking their servers.
Viruses target FTP as a service which will spread their evil to other machines. So if you are not using FTP to copy files then I would disable FTP, if you just set to Manual, the virus may be able to switch FTP to automatic.
Disable Telnet unless you have a business use. This is another favourite service for viruses and hackers to hitch a ride and wreck havoc. Evaluate TFTP Server.
A great additional service for Windows Server 2003. Learning point, check which services are new in Windows Server 2003.
Make sure that Volume Shadow Copy service is running because this permits true online backups. See more here.
LEM will alert you to problems such as when a key application on a particular server is unavailable. It can also detect when services have stopped, or if there is a network latency problem. Perhaps this log and event management tool’s most interesting ability is to take corrective action, for example by restarting services, or isolating the source of a maleware attack.
Yet perhaps the killer reason why people use LEM is for its compliance capability, with a little help from you, it will ensure that your organization complies with industry standards such as CISP or FERPA. LEM is a really smart application that can make correlations between data in different logs, then use its built-in logic to take corrective action, to restart services, or thwart potential security breaches – give LEM a whirl.
I mention this service because many administrators overlook the fact that XP machines can automatically synchronize with a domain controller. Consequently, you do not need ‘NET TIME’ commands in logon scripts. Administrators are rightly concerned that machines clocks should be within a few minutes of the server, otherwise Kerberos security will think that its packets have been hacked. The result is that users will not be able to logon because Kerberos security thinks that it has been compromised.
Some administrators use Group Policies to turn this off the Remote Desktop services. But I think its a pity if they deny users access to their own desktop from a distant machine. Learning point: you can use Group Policy to configure the Startup type of any service.
Firstly be aware that there are two similar services for producing screen messages. The distinction is not easy, however, the Alerter Service is used by SQL and other server type programs, where as Messenger is used by client type programs.
If you are setting performance monitor alerts then you will only receive notification if the Alerter service is running. The Messenger service delivers those ‘Net Send’ pop-up boxes. Here it’s horses for courses, if you are using perfmon or ‘pop-up’ programs then you need these services, else set them to manual.
This is wonderful technology. The only slight surprise is that Terminal Services is implemented as a service rather than a series of .exe files.See more about Terminal Services here.
If you like this page then please share it with your friends