Check for Unnecessary Services

Issue

Services that are listed in the security report are contained in the services.txt file and were found to be installed on the scanned computers. The state of each of these services (enabled or disabled) is listed in the Results Details page. The user should determine whether the services found to be installed or running are necessary and if they should be disabled given the service functionality is not required. For example, if the telnet service is found to be installed and enabled, but users are not required to remotely connect via telnet to that specific computer, this service should be disabled.

The services.txt file, included with MBSA in the installation folder, can be edited such that the tool will check the status of each service listed in the file. To add or change services from the default list, edit the services.txt file with Notepad or Microsoft Word and type the service name for each service you would like to scan. The service names can be found by viewing the properties of a service in the Services Control Panel applet.

Solution

Use the Services Control Manager to disable the running services that the user confirms should not be running on the computer.  Services that are enabled but not required to be can pose a security risk to the computer.

Instructions

To disable services in Windows XP or Windows 2000

  1. Click Start, point to Settings, point to Control Panel.
  2. Double-click Administrative Tools, and then click Services.
  3. Double-click the service that you want to disable.
  4. Click Stop to stop the service.
  5. Under Startup type, click Disabled.

To disable services in Windows NT 4.0

  1. Click Start, point to Programs, click Settings, and then click Control Panel.
  2. In Control Panel, double-click Services.
  3. Double-click the service that you want to disable.
  4. Click Stop to stop the service.
  5. Under Startup type, click Disabled.

Important:  If you are running Small Business Server (SBS), there are services listed in MBSA that are core to your server functionality.  These are the Simple Mail Transport Protocol (SMTP) and World Wide Web Publishing services.  Do not disable these services on SBS servers.

© 2002 Microsoft Corporation. All rights reserved.