Best Practices
For Windows 2000 and Windows XP computers, carefully evaluate which services are required to support your organization s software applications. Disable any services you are certain you will not need in order to minimize the potential attack surface of the computer.
These are the recommended minimum services to run:
Service | Setting |
COM+ Event System | Manual |
DHCP Client | Automatic (if needed) |
DNS Client | Automatic |
Event Log | Automatic |
Logical Disk Manager | Automatic |
Logical Disk Manager Administrative Service | Manual |
Net Logon | Automatic |
Network Connections | Manual |
Performance Logs and Alerts | Manual |
Plug and Play | Automatic |
Protected Storage | Automatic |
Remote Procedure Call (RPC) | Automatic |
Remote Registry Service | Automatic (required for Microsoft Baseline Security Analyzer) |
Security Accounts Manager | Automatic |
Server | Automatic |
System Event Notification (SENS) | Automatic |
TCP/IP NetBIOS Helper Service | Automatic |
Windows Management Instrumentation Driver Extensions | Manual |
Windows Time Service (W32Time) | Automatic |
Workstation | Automatic |
Domain Controllers require these additional services:
Service | Setting |
Distributed File System (DFS) | Automatic |
DNS Server | Automatic |
File Replication | Automatic |
Kerberos Key Distribution Center | Automatic |
NTLM Security Support Provider | Automatic |
Remote Procedure Call (RPC) Locator | Automatic |