When the Remote Desktop Services is started, it is running as NT Authority\NetworkService in a shared process of svchost.exe along with other services. In Windows 10 it is starting only if the user, an application or another service starts it. ![]() Remote Desktop Services is a Win32 service. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService %SystemRoot%\System32\svchost.exe -k NetworkService To prevent remote use of your computer, clear the checkboxes on the Remote tab of the System properties control panel item. Remote Desktop and Remote Desktop Session Host Server depend on this service. Remove or disable any services that are not required.Remote Desktop Services (TermService) Defaults in Windows 10Īllows users to connect interactively to a remote computer. World Wide Web Publishing Service - Automaticĭocument the services required for the system to operate. Remote Desktop Services UserMode Port - ManualĪpplication Host Helper Service - Automatic Network Policy Server - Automatic (Delayed Start) Virtual Machine Management Service - Automatic Hyper-V Networking Management Service - Automatic Hyper-V Image Management Service - Automatic Windows Presentation Foundation Font Cache 3.0.0.0 - Manual Kerberos Key Distribution Center - Automatic These major roles may include sub-roles not addressed here.Īctive Directory Certificate Services - AutomaticĪctive Directory Domain Services - AutomaticĪctive Directory Web Services - Automatic ![]() The following services for roles are addressed in the Microsoft Windows Server 2008 R2 Security Guide, Windows Server 2008 R2 Attack Service Reference.xlsx. WinHTTP Web Proxy Auto-Discovery Service - Manual Windows Update - Automatic (Delayed Start) Windows Remote Management (WS-Management) - Automatic (Delayed Start) Windows Management Instrumentation - Automatic Windows Driver Foundation - User-mode Driver Framework - Manual System Event Notification Service - Automatic Special Administration Console Helper - Manual Software Protection - Automatic (Delayed Start) Smart Card Removal Policy - Automatic (Manual is the default) Secure Socket Tunneling Protocol Service - Manual Resultant Set of Policy Provider - Manual Remote Procedure Call (RPC) Locator - Manual Remote Desktop Services UserMode Port Redirector - Manual ![]() Remote Access Connection Manager - Manual Remote Access Auto Connection Manager - Manual Problem Reports and Solutions Control Panel Support - Manual Portable Device Enumerator Service - Manual Network Store Interface Service - Automatic Microsoft Software Shadow Copy Provider - Manual Microsoft iSCSI Initiator Service - Manual Microsoft Fibre Channel Platform Registration Service - Manual Link-Layer Topology Discovery Mapper - Manual KtmRm for Distributed Transaction Coordinator - Manual Internet Connection Sharing (ICS) - Disabled IKE and AuthIP IPsec Keying Modules - Manual Health Key and Certificate Management - Manual This can be used as a basis for documenting the services necessary.Īpplication Layer Gateway Service - Manualīackground Intelligent Transfer Service - Manualĭesktop Window Manager Session Manager - Automaticĭiagnostic Policy Service – Automatic (Delayed Start)ĭistributed Link Tracking Client - Automaticĭistributed Transaction Coordinator - Automatic (Delayed Start)Įxtensible Authentication Protocol - Manualįunction Discovery Provider Host - Manualįunction Discovery Resource Publication - Manual The following tables list the default services for a baseline installation and those for common roles as a reference. Services for Windows Server 2008 R2 roles are managed automatically, adding those necessary for a particular role. Respond to any User Account Control prompts. The following can be used to view the services on a system: If the site has not documented the services required for their system(s), this is a finding. Individual services specifically required to be disabled per the STIG are identified in separate requirements. Exceptions for individual systems should be identified separately by system. Services common to multiple systems can be addressed in one document. The Site’s list will be provided for any security review. Organizations will develop their own list of services which will be documented and justified with the IAO. Required services will vary between organizations, and on the role of the individual system. Windows Server 2008 R2 Member Server Security Technical Implementation Guide Compromising a service could allow an intruder to obtain system permissions and open the system to a variety of attacks. Some services may be run under the local System account, which generally has more permissions than required by the service. Unnecessary services increase the attack surface of a system.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |