HowTo > Systemdienste

Aktivieren sie nur die Dienste, die WSUS benötigt.

Aktivierte Betriebssystemdienste

 
Option Security Setting Setting Rationale

Alerter

Disabled

The alerter service is of most use when an administrator is logged into the network and wants to be notified of events. For computers running WSUS, the service is not necessary.

Application Management

Manual

This service is only necessary when installing new applications to the environment with Active Directory.

Automatic Updates

Automatic

This service is required in order to support a fully patched operating environment.

Clipbook

Disabled

This service is unnecessary to the WSUS environment.

COM+ Event System

Manual

The COM+ event system might be used in the Web-based application.

Computer Browser

Automatic

The computer browser service is required on interactive workstations.

DHCP Client

Automatic

DHCP is necessary to have an IP address on the WSUS server.

Distributed File System

Disabled

DFS is used for file sharing across multiple servers, which is not needed for WSUS.

Distributed Link Tracking Client

Disabled

This service is only appropriate if a domain has distributed link tracking configured.

Distributed Link Tracking Server

Disabled

This service is only appropriate if a domain has distributed link tracking configured.

Distributed Transaction Coordinator

Disabled

This service is only appropriate if a domain has distributed link tracking configured.

DNS Client

Automatic

DNS is necessary for IP-address-to-name resolution.

Event Log

Automatic

The Event Log service is important for logging events on the system and provides critical auditing information.

File Replication

Disabled

This service is used for file replication and synchronization, which is not necessary for WSUS.

IIS ADMIN service

Automatic

This service is required for WSUS administration.

Indexing Service

Manual

This service is used by IIS.

Intersite Messaging

Disabled

This service only needs to be enabled on domain controllers.

Internet Connection Firewall / Internet Connection Sharing

Manual

This service is required if the local ICF firewall is being used.

IPSEC Services

Automatic

This service is required if IPsec has been utilized.

Kerberos Key Distribution Center

Disabled unless functioning as a domain controller

This service is enabled by default in order to join and authenticate to Windows Server 2003 domain controllers.

License Logging Service

Disabled

This service is used on systems where application licensing must be tracked.

Logical Disk Manager

Automatic

This service is used in logical disk management.

Logical Disk Manager Administrative Service

Manual

This service is used in logical disk management.

Messenger

Disabled

This service is only necessary if NetBIOS messaging is being used.

Net Logon

Automatic

This service is necessary to belong to a domain.

NetMeeting Remote Desktop Sharing

Disabled

NetMeeting is an application that allows collaboration over a network. It is used on interactive workstations, and should be disabled for servers as it presents a security risk.

Network Connections

Manual

This service allows network connections to be managed centrally.

Network DDE

Disabled

Network DDE is a form of interprocess communication (IPC) across networks. Because it opens network shares and allows remote access to local resources, it should be disabled unless explicitly needed.

Network DDE DSDM

Disabled

Network DDE is a form of interprocess communication (IPC) across networks. Because it opens network shares and allows remote access to local resources, it should be disabled unless explicitly needed.

NTLM Security Support Provider

Manual

The NTLM Security Support Provider is necessary to authenticate users of remote procedure call (RPC) services that use transports such as TCP and UDP.

Performance Logs and Alerts

Manual

This service is only necessary when logs and alerts are used.

Plug and Play

Automatic

Plug and Play is needed if the system uses Plug-and-Play hardware devices.

Print Spooler

Disabled

This service is necessary if the system is used for printing.

Protected Storage

Automatic

This service must be enabled because the IIS Admin service depends on it.

Remote Access Auto Connection Manager

Disabled

Enable this service only for RAS servers.

Remote Access Connection Manager

Disabled

Enable this service only for RAS servers.

Remote Procedure Call (RPC)

Automatic

This service is required for RPC communications.

Remote Procedure Call (RPC) Locator

Manual

This service is required for RPC communications.

Remote Registry

Manual

Remote Registry is a key target for attackers, viruses, and worms, and should be set to manual unless otherwise needed, where the server can enable it.

Removable Storage

Manual

For a dynamic server, this service is necessary.

Routing and Remote Access

Disabled

Enable this service only for RAS servers.

Security Accounts Manager

Automatic

This service should be enabled, as it manages local accounts.

Server

Automatic

This service should be enabled or disabled as necessary. The service supports file, print, and named-pipe sharing over the network for this computer.

Smart Card

Manual

Because users will not be using smart cards for two-factor logon authentication, this service is unnecessary and should be disabled or set to manual.

System Event Notification

Automatic

This service is needed for COM+ events.

Task Scheduler

Manual

This service should be enabled/disabled as necessary. The service enables a user to configure and schedule automated tasks on this computer.

TCP/IP NetBIOS Helper

Automatic

This service is used in Windows networking for computers running an operating system earlier than Windows Server 2003.

Telephony

Disabled

This service is not necessary in this environment because telephony devices are not used.

Telnet

Disabled

The telnet service should be disabled and its use strongly discouraged.

Terminal Services

Manual

Terminal services should be enabled or disabled as necessary.

Uninterruptible Power Supply

Manual

This service is necessary if a UPS is used.

Windows Installer

Manual

Users may choose to use Windows Installer to install .msi packages on the system, and therefore this service should be set to manual.

Windows Management Instrumentation

Manual

WMI provides extended management capabilities.

Windows Management Instrumentation Driver Extensions

Manual

WMI Driver Extensions allow monitoring of NIC connection state in the taskbar.

Windows Time

Automatic

External time synchronization is required for Kerberos key exchange in Active Directory environments.

Workstation

Automatic

The workstation service is necessary for Windows networking.