Systemdienste
Aktivieren sie nur die Dienste, die WSUS benötigt.
Aktivierte Betriebssystemdienste
| Option | Security Setting | Setting Rationale |
|
Alerter |
Disabled |
The alerter service is of most use when an administrator is logged into the network and wants to be notified of events. For computers running WSUS, the service is not necessary. |
|
Application Management |
Manual |
This service is only necessary when installing new applications to the environment with Active Directory. |
|
Automatic Updates |
Automatic |
This service is required in order to support a fully patched operating environment. |
|
Clipbook |
Disabled |
This service is unnecessary to the WSUS environment. |
|
COM+ Event System |
Manual |
The COM+ event system might be used in the Web-based application. |
|
Computer Browser |
Automatic |
The computer browser service is required on interactive workstations. |
|
DHCP Client |
Automatic |
DHCP is necessary to have an IP address on the WSUS server. |
|
Distributed File System |
Disabled |
DFS is used for file sharing across multiple servers, which is not needed for WSUS. |
|
Distributed Link Tracking Client |
Disabled |
This service is only appropriate if a domain has distributed link tracking configured. |
|
Distributed Link Tracking Server |
Disabled |
This service is only appropriate if a domain has distributed link tracking configured. |
|
Distributed Transaction Coordinator |
Disabled |
This service is only appropriate if a domain has distributed link tracking configured. |
|
DNS Client |
Automatic |
DNS is necessary for IP-address-to-name resolution. |
|
Event Log |
Automatic |
The Event Log service is important for logging events on the system and provides critical auditing information. |
|
File Replication |
Disabled |
This service is used for file replication and synchronization, which is not necessary for WSUS. |
|
IIS ADMIN service |
Automatic |
This service is required for WSUS administration. |
|
Indexing Service |
Manual |
This service is used by IIS. |
|
Intersite Messaging |
Disabled |
This service only needs to be enabled on domain controllers. |
|
Internet Connection Firewall / Internet Connection Sharing |
Manual |
This service is required if the local ICF firewall is being used. |
|
IPSEC Services |
Automatic |
This service is required if IPsec has been utilized. |
|
Kerberos Key Distribution Center |
Disabled unless functioning as a domain controller |
This service is enabled by default in order to join and authenticate to Windows Server 2003 domain controllers. |
|
License Logging Service |
Disabled |
This service is used on systems where application licensing must be tracked. |
|
Logical Disk Manager |
Automatic |
This service is used in logical disk management. |
|
Logical Disk Manager Administrative Service |
Manual |
This service is used in logical disk management. |
|
Messenger |
Disabled |
This service is only necessary if NetBIOS messaging is being used. |
|
Net Logon |
Automatic |
This service is necessary to belong to a domain. |
|
NetMeeting Remote Desktop Sharing |
Disabled |
NetMeeting is an application that allows collaboration over a network. It is used on interactive workstations, and should be disabled for servers as it presents a security risk. |
|
Network Connections |
Manual |
This service allows network connections to be managed centrally. |
|
Network DDE |
Disabled |
Network DDE is a form of interprocess communication (IPC) across networks. Because it opens network shares and allows remote access to local resources, it should be disabled unless explicitly needed. |
|
Network DDE DSDM |
Disabled |
Network DDE is a form of interprocess communication (IPC) across networks. Because it opens network shares and allows remote access to local resources, it should be disabled unless explicitly needed. |
|
NTLM Security Support Provider |
Manual |
The NTLM Security Support Provider is necessary to authenticate users of remote procedure call (RPC) services that use transports such as TCP and UDP. |
|
Performance Logs and Alerts |
Manual |
This service is only necessary when logs and alerts are used. |
|
Plug and Play |
Automatic |
Plug and Play is needed if the system uses Plug-and-Play hardware devices. |
|
Print Spooler |
Disabled |
This service is necessary if the system is used for printing. |
|
Protected Storage |
Automatic |
This service must be enabled because the IIS Admin service depends on it. |
|
Remote Access Auto Connection Manager |
Disabled |
Enable this service only for RAS servers. |
|
Remote Access Connection Manager |
Disabled |
Enable this service only for RAS servers. |
|
Remote Procedure Call (RPC) |
Automatic |
This service is required for RPC communications. |
|
Remote Procedure Call (RPC) Locator |
Manual |
This service is required for RPC communications. |
|
Remote Registry |
Manual |
Remote Registry is a key target for attackers, viruses, and worms, and should be set to manual unless otherwise needed, where the server can enable it. |
|
Removable Storage |
Manual |
For a dynamic server, this service is necessary. |
|
Routing and Remote Access |
Disabled |
Enable this service only for RAS servers. |
|
Security Accounts Manager |
Automatic |
This service should be enabled, as it manages local accounts. |
|
Server |
Automatic |
This service should be enabled or disabled as necessary. The service supports file, print, and named-pipe sharing over the network for this computer. |
|
Smart Card |
Manual |
Because users will not be using smart cards for two-factor logon authentication, this service is unnecessary and should be disabled or set to manual. |
|
System Event Notification |
Automatic |
This service is needed for COM+ events. |
|
Task Scheduler |
Manual |
This service should be enabled/disabled as necessary. The service enables a user to configure and schedule automated tasks on this computer. |
|
TCP/IP NetBIOS Helper |
Automatic |
This service is used in Windows networking for computers running an operating system earlier than Windows Server 2003. |
|
Telephony |
Disabled |
This service is not necessary in this environment because telephony devices are not used. |
|
Telnet |
Disabled |
The telnet service should be disabled and its use strongly discouraged. |
|
Terminal Services |
Manual |
Terminal services should be enabled or disabled as necessary. |
|
Uninterruptible Power Supply |
Manual |
This service is necessary if a UPS is used. |
|
Windows Installer |
Manual |
Users may choose to use Windows Installer to install .msi packages on the system, and therefore this service should be set to manual. |
|
Windows Management Instrumentation |
Manual |
WMI provides extended management capabilities. |
|
Windows Management Instrumentation Driver Extensions |
Manual |
WMI Driver Extensions allow monitoring of NIC connection state in the taskbar. |
|
Windows Time |
Automatic |
External time synchronization is required for Kerberos key exchange in Active Directory environments. |
|
Workstation |
Automatic |
The workstation service is necessary for Windows networking. |
