System Services for the Windows Server 2003 Family and Windows XP Operating Systems
Services on the Windows Operating System Platforms
On This PageAlerterService Name: Alerter Executable Name: svchost.exe -k LocalService Log On As: LocalService Description: The Alerter service notifies selected users and computers of administrative alerts. Use the Alerter service to send alert messages to specified users that are connected on your network. Alert messages warn users about security, access, and user session problems. Alert messages are sent as messages from a server to a user's computer. The Messenger service must be running on the user's computer for the user to receive alert messages. If this service is stopped or disabled, applications that use the NetAlertRaise or NetAlertRaiseEx APIs will be unable to notify a user or computer (by a message box from the messenger service) that the administrative alert took place. See also Messenger. Available on: Windows XP Home, Windows XP Professional; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition. Installed through: Default operating system installation Startup type: Disabled Service status: Stopped This service depends on the following system components: Workstation The following system components depend on this service: None Port Numbers used: TCP: 2869, dynamic UDP: 1900 Application Layer Gateway ServiceService Name: ALG Executable Name: ALG.EXE Log On As: LocalService Description This subcomponent of the Internet Connection Sharing (ICS) / Internet Connection Firewall (ICF) service provides support for independent software vendors (ISVs) to write protocol plug-ins that allow their proprietary network protocols to pass through the firewall and work behind ICS. Application Layer Gateway plug-ins have the power to open ports and change data (such as ports and IP addresses) embedded in packets. File Transfer Protocol (FTP) is the only network protocol that has a plug-in shipping with Windows Server 2003 Standard Edition and Windows Server 2003 Enterprise Edition. The service listens for outgoing FTP traffic from an FTP client. It extracts the port that the FTP client is expecting to receive data from and creates an appropriate dynamic port mapping for the FTP data channel If this service is disabled, the Internet Connection Firewall and Internet Connection Sharing service will not start. The ALG service will start when set to manual if the Internet Connection Firewall and Internet Connection Sharing service is started. Available on: Windows XP Home, Windows XP Professional; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition. Installed through: Default operating system installation Startup type: Manual Service status: Stopped This service depends on the following system components: None The following system components depend on this service: Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS) IP Port Numbers used: TCP: 21, dynamically allocated Application ManagementService Name: AppMgmt Executable Name: svchost.exe -k netsvcs Log On As: LocalSystem Description: Provides software installation services, such as Assign, Publish, and Remove. This service processes requests to enumerate, install, and remove applications deployed via a corporate network. When you click Add in Add/Remove Programs on a computer joined to a domain, the program calls this service to retrieve the list of your deployed applications. The service is also called when you use Add/Remove Programs to install or remove an application, and in cases when a component (such as the shell or Component Object Model (COM)), makes an install request for an application to handle a file extension, COM class, or ProgID that is not present on the computer. The service is started by the first call made to it—it does not terminate once started. If this service is disabled, deployed application information will not be retrieved nor will this information appear with Add/Remove Programs, Add New Programs. No programs are available on the network will be displayed in the Add programs from your network dialog box. Stopping this service is not possible once started. This service must be disabled to prevent it from starting if not required. Available on: Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition. Installed through: Default operating system installation Startup type: Manual Service status: Stopped This service depends on the following system components: None The following system components depend on this service: None IP Port Numbers used: None ASP .NET State ServiceService Name: Aspnet_state Executable Name: aspnet_state.exe Log On As: Network Service Description: ASP State Service provides support for out-of-process session states for ASP. ASP has a concept of session state – a listing of values associated with the client session is accessible from ASP pages through the Session property. There are three options provided to store session data: In process; SQL database; and out-of-process. The ASP State Service stores session data out-of-process. The service communicates with ASP using sockets. If this service is stopped or disabled, out of process requests will not be processed. Available on: Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition. Installed Through: Add/Remove Windows Components, Application Server, ASP.NET Startup type: Manual Service status: Stopped This service depends on the following system components: None The following system components depend on this service: None IP Port Numbers used: TCP: 42424 Automatic UpdatesService Name: Wuauserv Executable Name: svchost.exe -k netsvcs Log On As: LocalSystem Description: Enables the download of updates from Microsoft’s Windows Update Web site. This service keeps your computer up-to-date automatically with the latest updates, drivers and enhancements from Microsoft. You no longer have to search for critical updates and information; Windows Update delivers them directly to your computer if configured. Windows recognizes when you are online and uses your Internet connection to search for downloads from the Windows Update page on the Microsoft Web site. A message appears on your desktop to let you know when new updates are available. The Automatic Update feature can be turned off through the Systems setting in the Control Panel or by right mouse clicking My Computer and selecting Properties. You can also use the MMC Group Policy Object Editor snap in administrative template to configure an intranet server to host updates from the Microsoft Update Web sites. This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network. Stopping or disabling this service has no effect on the rest of the operating system. The user will have to update their computer manually from the Windows Update Web site located at http://v4.windowsupdate.microsoft.com/en/default.asp. Available on: Windows XP Home, Windows XP Professional; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition. Installed through: Default operating system installation Installed By: Default Startup type: Automatic Service status: Started This service depends on the following system components: None The following system components depend on this service: None IP Port Numbers used: TCP: 80 Background Intelligent Transfer ServiceService Name: BITS Executable Name: svchost.exe -k netsvcs Log On As: LocalSystem Description: Use Background Intelligent Transfer Service (BITS) to transfer files asynchronously between a client and an HTTP server. BITS is a background file transfer mechanism and queue manager. Requests to the BITS service are submitted and the files are transferred uses idle network bandwidth so that other network related activities, such as browsing, are not affected. BITS suspends the transfer if a connection is lost or if the user logs off. BITS persists transfer information while the user is logged off, across network disconnects, and during machine restarts. When the user logs on, BITS resumes the user's transfer job. BITS uses a queue to manage file transfers. You can prioritize transfer jobs within the queue and specify whether the files are transferred in the foreground or background. Background transfers are optimal in that BITS uses idle network bandwidth to transfer the files and will increase or decrease the rate (throttle) at which files are transferred based on the amount of idle network bandwidth available. If a network application begins to consume more bandwidth, BITS decreases its transfer rate to preserve the user's interactive experience. BITS provides one foreground and three background priority levels that you can use to prioritize transfer jobs. Higher priority jobs preempt lower priority jobs; whereas, jobs at the same priority level share transfer time (round-robin scheduling prevents a large job from blocking the transfer queue). Lower priority jobs do not receive transfer time until all higher priority jobs are complete or in an error state. The BITS service can be demand started when set to manual and the first job is submitted. When all outstanding jobs are completed, the BITS service will stop. When stopped: If the service is stopped, features such as Automatic Update, and MSN Explorer will be unable to automatically download programs and other information until the BITS service has started. When disabled: If this service is disabled, any services that explicitly depend on this service will fail to transfer files if they do not have a fail safe mechanism to transfer files directly through other methods such as Internet Explorer. Available on: Windows XP Home, Windows XP Professional; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition. Installed through: Default operating system installation Installed By: Default Startup type: Manual Service status: Stopped This service depends on the following system components: Remote Procedure Call The following system components depend on this service: None IP Port Numbers used: TCP: 80 Certificate ServiceService Name: CertSvc Executable Name: CERTSVC.EXE Log On As: LocalSystem Description: Part of the core operating system that enables a business to act as if its own certificate authority (CA), and issue and manage digital certificates for applications such as Secure/Multipurpose Internet Mail Extensions (S/MIME), Secure Sockets Layer (SSL), Encrypting File System (EFS), IP Security (IPSEC), and smartcard log on. If this service is stopped or disabled, certificate requests will not be accepted and the Certificate Revocation Lists (CRLs) and delta CRLs will not be published. If this service is paused or stopped long enough for CRLs to expire, validation of existing certificates will fail. For more information about S/MIME and SSL, see "Certificate Services" in the Windows Server Distributed Services Guide. Available on: Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition. Installed through: Add/Remove Windows Components, Certificate Service Startup type: Automatic Service status: Started This service depends on the following system components: None The following system components depend on this service: None IP Port Numbers used: TCP: 1117 Client Service for NetWareService Name: NWCWorkstation Executable Name: svchost.exe -k netsvcs Log On As: LocalService Description: Provides access to files and directories as well as resources on NetWare networks. With Client Service for Netware, you can access file and print resources on Netware Servers that are running Novell Directory Services (NDS) or bindery security (Netware versions 3.x or 4.x) from your computer. The Client Service for Netware does not support the IP protocol and therefore cannot be used to interoperate with NetWare 5.x in an IP-only environment. To do this, you must load the IPX protocol onto the Netware 5.x server, or use a redirector that is compatible with Netware Core Protocol (NCP) and supports native IP. If this service is stopped or disabled, access to file and print resources on NetWare networks will no longer function unless the Novell Client for NetWare is installed. Available on: Windows XP Home Edition; Windows XP Professional Edition; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition. Installed through: Add-on via Network Connections, Client Startup type: Automatic Service status: Started This service depends on the following system components: None The following system components depend on this service: None IP Port Numbers used: UDP: 213 (IPX Over IP) ClipbookService Name: ClipSrv Executable Name: clipsrv.exe Log On As: LocalSystem Description: Enables the Clipbook Viewer to create and share "pages" of data to be viewed by remote computers. This service depends on the (NetDDE) Network Dynamic Data Exchange service to create the actual file shares that other computers can connect to, while the Clipbook application and service allow users to create the pages of data to share. This service is disabled by default. When this service is disabled and Clipbrd.exe is launched, Clipbrd.exe can still be used to view the local Clipboard (where data is stored when a user highlights text and then goes to the Edit menu and selects Copy, or types Ctrl+C). Available on: Windows XP Home Edition; Windows XP Professional Edition; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition. Installed through: Default operating system installation Installed by: Default Startup type: Disabled Service status: Stopped This service depends on the following system components: Network DDE Network DDE DSDM The following system components depend on this service: None IP Port Numbers used: None Cluster ServiceService Name: ClusSvc Executable Name: Clussvc.exe Log On As: Domain account specified when cluster service is configured Description: Server clusters provide high availability and scalability for mission-critical applications such as databases, messaging systems, and file and print services. If one of the nodes in a cluster becomes unavailable either due to planned downtime for maintenance or unplanned downtime due to failure of a node, the operating system or an application, another node takes over to provide the service to the end-user—a process known as failover. When failover occurs, users who are accessing the cluster service continue to access the service, and are unaware that it is now being provided from a different server (node). Supports for up to 8-node server clusters in both Enterprise Server and Datacenter Server, however, a cluster cannot be made up of nodes running both Windows Server 2003 Enterprise Server and Windows Datacenter Server, they must all be running either Enterprise server or Datacenter server. A server cluster can be operated with some nodes running Windows 2000 and others running Windows Server as part of a rolling upgrade scenario. Server clusters can be set up as one of three different configurations:
If this service is stopped or disabled, the cluster service itself and any applications or services hosted by the cluster service will be stopped. Available on: Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition. Installed through: Default operating system installation Startup type: Automatic Service status: Not started until the first node of a cluster is configured. This service depends on the following system components: Network Connections Remote Procedure Call Windows Time Network Cluster Driver The following system components depend on this service: None IP Port Numbers used: TCP: 3343 UDP: 1204, 1094, 2036, 2008, 3343 COM+ Event SystemService Name: EventSystem Executable Name: svchost.exe -k netsvcs Log On As: LocalSystem Description: Provides automatic distribution of events to subscribing COM (Component Object Model) components. COM+ Events extend the COM+ programming model to support late-bound events or method calls between the publisher or subscriber and the event system. Instead of repeatedly polling the server, the event system notifies interested parties as information becomes available. COM+ Events handle most of the event semantics for the publisher and subscriber. Publishers offer to publish event types, and subscribers request event types from specific publishers. Subscriptions are maintained outside both the publisher and subscriber and are retrieved when needed. This simplifies the programming model. The subscriber does not need to contain the logic for building subscriptions—building a subscription is as easy as building a COM component. The life cycle of the subscription is separate from that of either the publisher or the subscriber. Subscriptions can be built prior to either the subscriber or publisher being made active. If the service is disabled, you will be prompted to also stop the SENS (System Event Notification) service as well since SENS is dependent upon this service and logon and log off notifications will not occur and other inbox applications, such as Volume Snapshot service, will not work correctly. Available on: Windows XP, Home Edition; Windows XP, Professional Edition; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition. Installed through: Default operating system installation Startup type: Manual Service status: Started This service depends on the following system components: Remote Procedure Call The following system components depend on this service: System Event Notification Window Internet Name Service (WINS) DHCP Server COM+ System Application IP Port Numbers used: None COM+ System ApplicationService Name: COMSysApp Executable Name: dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} Log On As: LocalSystem Description: The COM+ system application hosts COM+ services and manages COM+ application configuration and tracking. COM+ applications will not work if the COM+ system application is disabled, also you will not be able to administer anything to do with COM+ or OLE registrations on the system. If you disable the MS DTC (Microsoft Distributed Transaction) service, any COM+ system applications will fail because this service needs local transactions to maintain its state. Available on: Windows XP Home, Windows XP Professional; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition. Installed through: Default operating system installation Startup type: Manual Service status: Stopped This service depends on the following system components: Remote Procedure Call COM+ Event System The following system components depend on this service: None IP Port Numbers used: None Computer BrowserService Name: Browser Executable Name: svchost.exe -k netsvcs Log On As: LocalSystem Description: Maintains an up-to-date list of computers on your network, and supplies the list to programs that request it. The Computer Browser service is used by Windows-based computers that need to view network domains and resources. Computers designated as browsers maintain browse lists, which contain all shared resources used on the network. Earlier versions of Windows applications, such as My Network Places, the NET VIEW command, and the Microsoft Windows NT Explorer, all require browsing capability. There are several different roles a computer may perform in a browsing environment. Under some conditions (such as failure or shutdown of a computer designated for a specific browser role) browsers—or potential browsers—may change to a different role of operation. Windows NT assigns the following special roles to computers running the Computer Browser service:
If this service is stopped or disabled, computer browsing features will not be available. Available on: Windows XP Home, Windows XP Professional; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition. Installed through: Default operating system installation Startup type: Automatic Service status: Started This service depends on the following system components: Server Workstation The following system components depend on this service: None IP Port Numbers used: TCP: 139 UDP: 137(browsing requests of NETBIOS over TCP/IP), 138 (browsing datagram responses of NetBios over TCP/IP) Cryptographic ServicesService Name: CryptSvc Executable Name: svchost.exe -k netsvcs Log On As: LocalSystem Description: Provides key management services for your computer. The Cryptographic Service is comprised of three management services: Catalog Database Service, Protected Root Service, and Key Service.
If this service is disabled, administrators will not be able to enroll for machine certificates and auto enrollment will not be able to automatically acquire the default set of machine certificates. Also, WFP and driver signing will not be able to check the signatures of the operating system files. Available on: Windows XP Home, Windows XP Professional; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition. Installed through: Default operating system installation Startup type: Automatic Service status: Started This service depends on the following system components: Remote Procedure Call The following system components depend on this service: None IP Port Numbers used: None DHCP ClientService Name: Dhcp Executable Name: svchost.exe -k netsvcs Log On As: NetworkService Description: Dynamic Host Configuration Protocol (DHCP) Client manages network configuration by registering and updating IP addresses and Domain Name Server (DNS) names for your computer. You do not have to manually change the IP settings when a client, such as a roaming user, wanders throughout the network. The client is automatically given a new IP address regardless of the subnet it reconnects to—as long as a DHCP server is accessible from each of those subnets. There is no need to manually configure settings for DNS or Windows Internet Name Service (WINS). The DHCP server can give these settings to the client, as long as the DHCP server has been configured to issue such information. To enable this option on the client, simply select the Obtain DNS Server Address Automatically option button. There are no conflicts caused by duplicate IP addresses. If this service is stopped or disabled, you will not be able to obtain an IP address from a DHCP Server and you will have to configure a static IP address on the local machine. If this service is set to manual it will not demand start. See also DHCP Server, Manage Your Server, Configure Your Server. Available on: Windows XP Home, Windows XP Professional; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition. Installed through: Default operating system installation Startup type: Automatic Service status: Started This service depends on the following system components: AFD Networking Support Environment TCP/IP Protocol Driver IPSEC Driver The following system components depend on this service: WinHTTP Web Proxy Auto-Discovery Service IP Port Numbers used: TCP: 68 UDP: 67, 68, 1029 DHCP ServerService Name: DHCPServer Executable Name: tcpsvcs.exe Log On As: LocalSystem Description: The DHCP Server service allocates IP addresses and allows the advanced configuration of network settings such as DNS servers, WINS servers to DHCP clients automatically. DHCP uses a client-server model. The network administrator establishes one or more DHCP servers that maintain TCP/IP configuration information and provide it to clients. The server database includes the following:
Dynamic Host Configuration Protocol (DHCP) is an IP standard designed to reduce the complexity of administering address configurations by using a server computer to centrally manage IP addresses and other related configuration details used on your network. The Windows Server family provides the DHCP service, which enables the server computer to perform as a DHCP server and configure DHCP-enabled client computers on your network as described in the current DHCP draft standard, RFC 2131. DHCP includes the Multicast Address Dynamic Client Assignment Protocol (MADCAP) which is used to perform multicast address allocation. When registered clients are dynamically assigned IP addresses through MADCAP, they can participate efficiently in the data stream process, such as for real-time video or audio network transmissions. With a DHCP server installed and configured on your network, DHCP-enabled clients can obtain their IP address and related configuration parameters dynamically each time they start and join your network. DHCP servers provide this configuration in the form of an address-lease offer to requesting clients. With a DHCP server installed and configured on your network, DHCP-enabled clients can obtain their IP address and related configuration parameters dynamically each time they start and join your network. DHCP servers provide this configuration in the form of an address-lease offer to requesting clients. If the DHCP Server service is stopped or disabled off, DHCP clients will not automatically receive IP addresses or network settings. See also DHCP Client, Configure Your Server, Manage Your Server. Available on: Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition. Installed through: Configure Your Server, Manage Your Server, Add/Remove Windows Components Startup type: Automatic Service status: Started This service depends on the following system components: Event Log Remote Procedure Call Security Accounts Manager COM+ Event System TCP/IP Protocol Driver IPSEC Driver The following system components depend on this service: None IP Port Numbers used: TCP: 7, 9, 13, 17, 19, 135 (DHCP Manager) 515, 2535, 2856 UDP: 67, 68 Distributed File SystemService Name: DFS Executable Name: dfssvc.exe Log On As: LocalSystem Description: The Distributed File System (DFS) service manages logical volumes distributed across a local or wide area network. DFS is a single hierarchical file system, the contents of which are distributed across the network. DFS provides a logical tree structure for file system resources that may be anywhere on the network. Since the DFS tree is a single point of reference, regardless of the actual location of the underlying resources, you can access network resources based on a meaningful representation of the data. You no longer need to know and specify the actual physical location of files distributed across the network. If the DFS service is stopped or disabled, users will be unable to access network data through the logical namespace and any attempt to configure a DFS root using the MMC DFS snap in will result in an RPC error. In order to for users to access the data, users will need to know the names of all the servers and shares in the namespace, and access each of these targets independently. Available on: Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition. Installed through: Default Startup type: Automatic Service status: Started This service depends on the following system components: Server Workstation Remote Procedure Call (RPC) Security Account Manager MUP DFS Driver The following system components depend on this service: None IP Port Numbers used: TCP: 137 (name lookup), 139 UDP: None Distributed Link Tracking ClientService Name: Trkwrks Executable Name: svchost.exe -k netsvcs Log On As: LocalSystem Description: Maintains links between the NTFS file system files within a computer or across computers in a network domain. The DLT Client service ensures that shortcuts and OLE (Object Linking and Embedding) links continue to work after the target file is renamed or moved. When a shortcut to a file on an NTFS v5 volume is created, distributed link tracking stamps a unique object identifier (ID) into the target file, known as the link source. Information about the object ID is also stored within the referring file, known as the link client. Distributed link tracking can use this object ID to locate the link source file in any combination of the following scenarios that occur within a Windows domain:
Distributed link tracking also attempts to maintain links even when they do not occur within a domain, such as cross-domain, within a workgroup, or on a single computer that is not connected to a network. Links can always be maintained in these scenarios when a link source is moved within a computer, or when the network shared folder on the link source computer is changed. Typically, links can be maintained when the link source is moved to another computer, though this form of tracking is less reliable over time. Distributed link tracking uses different services for client and server:
Note: The DLT Client service monitors activity on NTFS volumes and stores maintenance information in a file called Tracking.log, which is located in a hidden folder called System Volume Information at the root of each volume. This folder is protected by permissions that allow only the system to have access to it. The folder is also used by other Windows services, such as Indexing Service. If the DLT Client service is disabled, you won’t be able to track links. Likewise, users on other computers won’t be able to track links for documents on your computer. See also Distributed Link Tracking Server. Available on: Windows XP Home, Windows XP Professional; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition. Installed through: Default operating system installation Startup type: Automatic Service status: Started This service depends on the following system components: Remote Procedure Call The following system components depend on this service: None IP Port Numbers used: None Distributed Link Tracking ServerService Name: TrkSrv Executable Name: svchost.exe -k netsvcs Log On As: LocalSystem Description: The distributed link tracking server runs on each domain controller in a domain. The service accepts notifications of file and volume moves from the tracking service on a computer and allows the distributed link tracking client to query a link source's current location. This server service maintains information in the DC about volumes and files which have been moved. The information on moves cannot grow above a certain size and it is automatically removed if it becomes unnecessary. The distributed link-tracking services are available only on NTFS, and are only available for link sources on NTFS 5.0 and later volumes. Thus if a link source is moved to a FAT volume, or if a link source is moved to a computer running Windows NT 4.0, the tracking information is lost. Additionally, if a link source is moved even between NTFS 5.0 volumes, but the computer performing the move is running an earlier version of Windows NT or Windows 95/98/Me, the link tracking information is lost. When the link tracking information is lost, no harm is done to the link-source file itself, it is simply not trackable by the distributed link-tracking services. Links to files on removable media are not maintained. Also, the tracking service does not recognize a new NTFS volume until the system is rebooted. A new volume might become available because of repartitioning, reformatting a FAT volume to NTFS, or connecting a new external drive. The service accepts notifications of file and volume moves from the tracking service on a computer and allows the distributed link tracking client to query a link source's current location. If the DLT server service is stopped or disabled, links maintained by the DLT Client service will be unreliable. The "NtfsDisableDomainLinkTracking" policy should be enabled in the File system policy group to prevent DLT clients from repeatedly trying to reach the disabled service. See also Distributed Link Tracking Client. Available on: Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition. Installed through: Default operating system installation Startup type: Disabled Service status: Stopped This service depends on the following system components: Remote Procedure Call The following system components depend on this service: None IP Port Numbers used: None Distributed Transaction CoordinatorService Name: MSDTC Executable Name: msdtc.exe Log On As: NetworkService Description: Coordinates transactions that are distributed across multiple computer systems and/or resource managers, such as databases, message queues, file systems, or other transaction-protected resource managers. The Distributed Transaction Coordinator is necessary if transactional components are going to be configured through Component Services (COM+). It is also required for transactional queues in Message Queuing (MSMQ) and Microsoft SQL Server operations that span multiple systems. Stopped or disabling this service prevents the transactions described above from occurring. Available on: Windows XP Home, Windows XP Professional; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition. Installed through: Default operating system installation Startup type: Automatic Service status: Started This service depends on the following system components: Remote Procedure Call Security Accounts Manager The following system components depend on this service: None IP Port Numbers used: None DNS ClientService Name: Dnscache Executable Name: svchost.exe -k NetworkService Log On As: NetworkService Description: The Domain Name System (DNS) client service resolves and caches DNS names. The DNS client service must be running on every computer that will perform DNS name resolution. The ability to resolve DNS names is crucial for locating domain controllers in Active Directory domains. The DNS client service is also critical for locating devices identified using DNS name resolution. The DNS Client service running on Windows implements the following features:
If the DNS client service is stopped or disabled on your computer, you may not be able to locate the domain controllers of the Active Directory domains and will no longer be able to locate the devices identified using DNS names. See also DNS Server. Available on: Windows XP Home, Windows XP Professional; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition. Installed through: Default operating system installation Startup type: Automatic Service status: Started This service depends on the following system components: TCP/IP Protocol Driver IPSEC Driver The following system components depend on this service: None IP Port Numbers used: TCP: 53 DNS ServerService Name: DNS Executable Name: dns.exe Log On As: LocalSystem Description: Enables DNS name resolution by answering queries and update requests for DNS names. Presence of the DNS servers is crucial for locating devices identified using DNS names and locating domain controllers in Active Directory. If there is no authoritative DNS for a particular portion of the namespace, then locating devices in that portion of the namespace will fail. Not having the authoritative DNS server for the DNS namespace used to resolve Active Directory domains results in an inability to locate the domain controllers for such domain. If this service is stopped or disabled, DNS name or device resolution will not be reliable. See also DNS Client, Configure Your Server, Manage Your Server. Available on: Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition. Installed through: Add/Remove Windows Components, Networking Services; Configure Your Server, Manage Your Server. Startup type: Automatic Service status: Started This service depends on the following system components: Remote Procedure Call AFD Networking Support Environment TCP/IP Protocol Driver IPSEC Driver The following system components depend on this service: None IP Port Numbers used: TCP: 53, 139 (DNS ADMINISTRATION) 1024, 1043, 1067, 1068 UDP: 53, 1046, 1045 Error Reporting ServiceService Name: ERSvc Executable Name: svchost.exe –k netsvcs Log On As: LocalSystem Description: The Error Reporting Service provides an infrastructure for collecting, storing and reporting kernel mode, operating system and application faults to Microsoft. Error reporting helps Microsoft track and address errors. You can configure error reporting to send Microsoft specific error information and to generate reports for operating system errors, Windows component errors or program errors. An operating system error causes the computer to display a blue screen with error codes. A program or component error causes the program or component to stop working. If you have an Internet connection, you can report these errors directly to Microsoft. You can configure error reporting to respond to program errors in one of two ways: as soon as an error occurs, the error reporting dialog box can prompt any user to send the error to Microsoft, or the next time an administrator logs on, the error reporting dialog box can prompt the administrator to send the error report to Microsoft. Windows treats operating system errors and unplanned shutdowns differently from the way it does program errors. When operating system errors or unplanned shutdowns occur, Windows writes the error information to a log file. The next time an administrator logs on, the error reporting dialog box prompts them to report the error. When you send an error report to Microsoft over the Internet, you provide technical information that programming groups at Microsoft use to enhance future versions of the product. This data is used for quality control purposes only and is not used for tracking individual users or installations for any marketing purpose. If information is available to help you solve the problem, Windows displays an Error Reporting dialog box with a link to that information. Alternatively, if your organization has configured Group Policy, administrators in your information technology (IT) department can use Corporate Error Reporting to collect and report to Microsoft only those errors that they think are important. Administrators configure workstations and servers for Corporate Error Reporting by enabling the Report Errors policy setting and configuring the Corporate upload file path to the local file server where the Corporate Error Reporting tool is installed. When errors occur, they are automatically redirected to this file server. Administrators can then review the error information, identify the important data, and submit it to Microsoft using the Corporate Error Reporting tool. You can download the Corporate Error Reporting tool from the Office XP Resource Kit Web site (http://www.microsoft.com/office/). If error reporting is stopped or disabled, users will not be given the option to report errors. If Display Error Notification is enabled, users will still get a message indicating that a problem occurred, but will not have the option to report this information to Microsoft or a local network share. Available on: Windows XP Home, Windows XP Professional; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition. Installed through: Default operating system installation Startup type: Automatic Service status: Started This service depends on the following system components: Remote Procedure Call The following system components depend on this service: None IP Port Numbers used: TCP: 80 Event LogService Name: Eventlog Executable Name: services.exe Log On As: LocalSystem Description: This service logs event messages issued by programs and the Windows operating system. Event Log reports contain information that can be useful in diagnosing problems. Reports are viewed in Event Viewer. The Event Log service writes events sent by applications, services, and the operating system to log files. The events contain diagnostic information in addition to errors specific to the source application, service, or component. The logs can be viewed programmatically through the Event Log APIs or through the Event Viewer in an MMC (Microsoft Management Console) snap-in. By default, a computer running Windows 2000 Server, Windows XP and Windows Server 2003, records events in three kinds of logs: Application log
Security log
System log
A computer running a Windows Server 2003 family operating system configured as a domain controller records events in two additional logs: Directory service log
File Replication service log
A computer running Windows configured as a Domain Name System (DNS) server records events in an additional log: DNS server log
If the event log is disabled, you will be unable to track events, which will significantly reduce the ability to successfully diagnose system problems. In addition security events will not be audited and you will not be able to view previous event logs using the MMC event viewer snap in. Available on: Windows XP Home, Windows XP Professional; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition. Installed through: Default operating system installation Startup type: Automatic Service status: Started This service depends on the following system components: None The following system components depend on this service: DHCP Server File Replication Network News Transfer Protocol (NNTP) Simple Mail Transfer Protocol (SMTP) SNMP Service SNMP Trap Service Windows Internet Name Services (WINS) Windows Management Instrumentation IP Port Numbers used: TCP: 139 Fast User Switching CompatibilityService Name: FastUserSwitchingCompatibility Executable Name: svchost.exe -k netsvcs Log On As: LocalSystem Description: Provides management services for applications that require assistance in a multiple user environment. This service is responsible for activating the application compatibility shims for Fast User Switching. Fast User Switching allows multiple users to log on and run applications on a single machine. Some applications (usually non-Windows 2000 logo applications) are not able to run in this environment. We have created shims that allow these applications to run in a multiple user environment. This service only starts if there is more than one user logged on to the machine. It does not activate when there is only one user on the machine. Fast User Switching only works on Personal and Professional when joined to a workgroup. Thus, machines joined to a domain are not affected by this service. If the service is stopped or disabled, the shims* used to make applications work in a multiple user environment will not occur. You will not have application compatibility for known Fast User Switching issues. *Shims are application compatibility fixes which are used to address application compatibility issues reported to Microsoft. Available on: Windows XP Home, Windows XP Professional. Installed through: Default operating system installation Startup type: Manual Service status: Stopped This service depends on the following system components: Remote Procedure Call Terminal Services The following system components depend on this service: None IP Port Numbers used: None FaxService Name: Fax Executable Name: fxssvc.exe Log On As: LocalSystem Description: The Fax service, a TAPI-compliant service, provides fax capabilities from your computer. The Fax service allows users to send and receive faxes from their desktop applications using either a local fax device or a shared network fax device. The service offers the following features:
If stopped, the Fax service will automatically start when there are fax jobs pending in the queue and will stop when no longer needed to process fax requests. If the print spooler or telephony service is disabled, the Fax service will not start successfully. See also Print Spooler, Telephony. Available on: Windows XP Home, Windows XP Professional; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition. Installed through: Default operating system installation Installed by: Add/Remove Windows Components Startup type: Automatic Service status: Stopped This service depends on the following system components: Plug and Play Print Spooler Remote Procedure Call Telephony The following system components depend on this service: None IP Port Numbers used: None File ReplicationService Name: NtFrs Executable Name: ntfrs.exe Log On As: LocalSystem Description: Enables files to be automatically copied and maintained simultaneously on multiple servers. File Replication Service (FRS) is the automatic file replication service in Windows 2000 and the Windows Server 2003 family and its function is to replicate the volume (Sysvol) on all domain controllers. In addition, it can be configured to replicate files among alternate targets associated with the fault-tolerant Distributed File System (DFS). This service that provides multimaster file replication for designated directory trees between designated servers running Windows 2000 or Windows Server 2003. The designated directory trees must be on disk partitions formatted with the version of NTFS used within the Windows Server 2003 family. FRS is used by the Distributed File System (DFS) to automatically synchronize content between assigned replicas and by Active Directory to automatically synchronize content of the system volume information across domain controllers. If this service is stopped or disabled, file replication will not occur and server data will not be synchronized. Stopping the File Replication service on a domain controller may seriously impair a domain controllers ability to function. For more information about FRS, see "File Replication Service" in the Windows Server Distributed Services Guide. Available on: Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition. Installed through: Default operating system installation Startup type: Manual Service status: Stopped This service depends on the following system components: Event Log Remote Procedure Call COM+ Event System The following system components depend on this service: None IP Port Numbers used: TCP: dynamically allocated UDP: 1024 - 65535 File Server for MacintoshService Name: MacFile Executable Name: sfmsvc.exe Log On As: LocalSystem Description: This service enables Macintosh users to store and access files on a NTFS volume on a Windows Server. Encrypted files on an NTFS volume are not accessible from Macintosh clients. If this service is stopped or disabled, Macintosh clients will not be able to view NTFS shares. See also Print Server for Macintosh. Available on: Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition. Installed through: Add/Remove Windows Components Startup type: Automatic Service status: Started This service depends on the following system components: Workstation The following system components depend on this service: None IP Port Numbers used: TCP: 548 UDP: 548 FTP Publishing ServiceService Name: MSFtpsvc Executable Name: inetinfo.exe Log On As: NetworkService Description: Provides File Transfer Protocol (FTP) connectivity and administration through the Internet Information Service (IIS) snap-in. Features include bandwidth throttling, security accounts, and extensible logging. This includes the new FTP User Isolation feature, which allows users to access only their files on an FTP site. In addition, there is improved international support. If the service is stopped or disabled, the computer cannot function as an FTP server. Available on: Windows XP Professional; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition. Installed through: Add/Remove Windows Components, Application Server, Internet Information Services (IIS). Startup type: Automatic Service status: Started This service depends on the following system components: IIS Admin Service Remote Procedure Call Security Accounts Manager The following system components depend on this service: None IP Port Numbers used: TCP: 20 (data), 21 Help and SupportService Name: Helpsvc Executable Name: svchost.exe -k netsvcs Log On As: LocalSystem Description: Provides Help and Support application and framework functionality. The help service supports the Help and Support Center application and enables communication between the client application and the help data it accesses. This includes access to stores and services such as the taxonomy database that contains metadata and information about the help topics, the support automation framework that enables data collection for registered support providers, user history and preference information, and the search engine manager. When a user is interacting with the Help and Support Center features like search, index, table of contents, and so on, the service allows for data transaction that supports all of these features. If this service is set to manual, launching Help and Support in the user interface will start this service. Disabling this service renders the Help and Support Center essentially unusable and the user will receive a message Windows cannot open Help and Support because a system service is not running. The user can access some topics at a high level that might have been cached on the local system, but most of the help and support application features cannot function without the help service enabled. *.HLP and *.CHM files located in the Windows\Help directory can still be viewed, however. Available on: Windows XP Home, Windows XP Professional; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition. Installed by: Default operating system installation Startup type: Automatic Service status: Started This service depends on the following system components: Remote Procedure Call The following system components depend on this service: None IP Port Numbers used: TCP: 80 HTTP SSLService Name: HTTPFilter Executable Name: lsass.exe Log On As: LocalSystem Description: Enables Internet Information Services (IIS) to perform Secure Sockets Layer (SSL) functions. SSL is a proposed open standard for establishing a secure communications channel to prevent the interception of critical information, such as credit card numbers. Primarily, it enables secure electronic financial transactions on the World Wide Web, although it is designed to work on other Internet services as well. If IIS is not installed, the HTTP SSL service will depend on the HTTP driver to perform SSL functions. If this service is stopped or disabled, If this service is stopped, the IIS service would stop . Any HTTP requests aimed for IIS would not be handled.. This service is called SSL for HTTP.SYS on Windows XP Professional. For more information about SSL, see "Secure Web Communications", in the Windows Server 2003 Resource Kit Internet Information Services Resource Guide. Available on: Windows XP Home, Windows XP Professional; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition. Installed through: Default operating system installation Startup type: Manual Service status: Stopped This service depends on the following system components: IIS Admin Service Remote Procedure Call Security Accounts Manager HTTP The following system components depend on this service: World Wide Web Publishing Service IP Port Numbers used: TCP: 43, 445 UDP: 443 Human Interface Device AccessService Name: Hidserv Executable Name: svchost.exe -k netsvcs Log On As: LocalSystem Description: This service provides generic access to specific functions contained within controls collections on HID (Human Interface Devices). It enables the use of predefined hot buttons on keyboards, remote controls and other multimedia devices. If the service is stopped or disable, the buttons on USB keyboards will not function (i.e., back, forward, volume up, down, previous track, next track), nor will the volume buttons on USB speakers. Available on: Windows XP Home, Windows XP Professional; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition. Installed through: Default operating system installation Startup type: Disabled Service status: Stopped This service depends on the following system components: Remote Procedure Call The following system components depend on this service: None IP Port Numbers used: None IAS Jet Database AccessService Name: IASjet Executable Name: svchost.exe –k iasjet Log On As: LocalSystem Description: The IAS Jet Database Access service uses the Remote Authentication Dial-in User Service (RADIUS) protocol to provide authentication, authorization, and accounting services. With IAS, you can centrally manage the authentication, authorization, and accounting of users. You can also use IAS to authenticate users in databases on your domain controller running Windows NT 4.0, Windows 2000, or Windows Server operating systems. IAS works equally well in homogeneous and heterogeneous networks running Windows Server operating systems. Internet Authentication Service (IAS) can be used as a RADIUS proxy to provide the routing of RADIUS messages between RADIUS clients (access servers) and RADIUS servers that perform user authentication, authorization, and accounting for the connection attempt. When used as a RADIUS proxy, IAS is a central switching or routing point through which RADIUS access and accounting messages flow. IAS records information in an accounting log about the messages that are forwarded. A RADIUS authentication, authorization, and accounting infrastructure consists of the following components: Access clients An access client is a device that requires some level of access to a larger network. Examples of access clients are dial-up or virtual private network (VPN) clients, wireless clients, or LAN clients connected to a switch. RADIUS clients (access servers) An access server is a device that provides some level of access to a larger network. An access server using a RADIUS infrastructure is also a RADIUS client, sending connection requests and accounting messages to a RADIUS server. Examples of access servers are:
RADIUS proxies A RADIUS proxy is a device that forwards or routes RADIUS connection requests and accounting messages between RADIUS clients (and RADIUS proxies) and RADIUS servers (or RADIUS proxies). The RADIUS proxy uses information within the RADIUS message, such as the User-Name or Called-Station-ID RADIUS attributes, to route the RADIUS message to the appropriate RADIUS server. A RADIUS proxy can be used as a forwarding point for RADIUS messages when the authentication, authorization, and accounting must occur at multiple RADIUS servers in different organizations. RADIUS servers A RADIUS server is a device that receives and processes connection requests or accounting messages sent by RADIUS clients or RADIUS proxies. In the case of connection requests, the RADIUS server processes the list of RADIUS attributes in the connection request. Based on a set of rules and the information in the user account database, the RADIUS server either authenticates and authorizes the connection and sends back an Access-Accept message or sends back an Access-Reject message. The Access-Accept message can contain connection restrictions that are implemented by the access server for the duration of the connection. User account database The user account database is the list of user accounts and their properties that can be checked by a RADIUS server to verify authentication credentials and user account properties containing authorization and connection parameter information. The user account databases that IAS can use are the local Security Accounts Manager (SAM), a Microsoft Windows NT 4.0 domain, or the Active Directory service. For Active Directory, IAS can provide authentication and authorization for user or computer accounts in the domain |
