Home > Articles > Programming > Windows Programming

  • Print
  • + Share This
From the author of

Fewer Services on the Menu

Compared to Windows NT, Windows 2000 Server includes far more services that are installed and started by default—especially on domain controllers. On one standard Windows 2000 domain controller, I counted 65 services that were running. An additional 24 services were installed but were not started. That's a large number of services installed on one domain controller! Microsoft has warned us for years to eliminate unneeded services and protocols to secure the servers. Needless to say, this huge number of services is a serious security concern for most organizations because hackers can exploit these services. As a result, Microsoft has made several changes to the security model.

First, services.exe will no longer contain any code that's not related to security. In addition, Microsoft has announced that they will be reducing the number of services that are running by default in Windows .NET servers. By some accounts, compared to Windows 2000 there will be as many as 20 fewer services running on Windows .NET servers.

Another step toward securing the services and the way they operate has to do with how much privilege each service has. Today, most services run under a built-in privileged service account known as local system. This account has pretty much all the administrative privileges. Users cannot log on as this account, but this service account has complete control over your computer. If intruders gain access to this account, they can wreak havoc not only on your computer, but potentially on the entire network.

The service account philosophy has changed in .NET Server. Now we will have two service accounts: a local service account and a network service account. Most services will run under the credentials of one of these two service accounts. The local service account will be limited to the local computer and won't have any access to the network. The network service account will be able to interact with the network using the computer's machine account credentials. This model will offer improved security and give administrators more control over the services running on the network.

  • + Share This
  • 🔖 Save To Your Account