Re: Implications of Uninstalling Server Service?
- From: "M. Burnett" <mb@xxxxxxxx>
- Date: Tue, 17 Oct 2006 19:06:12 +0000
Steve, I agree with you and I remember agreeing with that blog post when I first read it.
I am tired of bad advice blindly propagating from one security checklist to another. I am tired of explaining to clients why results on a vulnerability scan that some company did doesn't matter because they are leftovers from NT4. If anyone has ever tried to perfectly follow standards like those published by DISA or NSA you realized that the recommendations just aren't practical for many situations.
But when you consider that some very sensitive things are running Windows, why not take the time to do some extreme hardening--if you do it right? No one should be doing this stuff without careful research and testing. And you obviously can't blame Microsoft when things go wrong.
Ripping out the Server service admittedly is breaking a lot of compatibility for the security it gains, but there are so many thousands of files and registry keys that you can safely rip out of a dedicated server and feel pretty safe you aren't going to break anything in the future. Things like DirectPlay, NetMeeting, imaging services, sound recorder, msagent, address book, animated cursers, speech engines, in some cases modem and dialup support, joystick support, pcmcia drivers, web printing, fax imaging, etc. can all be removed without too much worry about breaking some future update or service pack.
And just for the record--this isn't for everyone. I also feel reasonably safe exposing a Windows 2003 server on the internet with nothing more than updates, a firewall, and minimal additional hardening.
"Steve Riley [MSFT]" <steve.riley@xxxxxxxxxxxxx> wrote in message news:Oj7x8zW8GHA.4740@xxxxxxxxxxxxxxxxxxxx:
I've never really understood these kinds of hacks. While it's always
interesting to discover such things, understand that you've just put
your system in a state that we do not test. There's no way we can
predict how the machine will behave, and certainly there's no guarantee
that any updates or service packs will install or perform properly.
See http://blogs.technet.com/steriley/archive/2005/11/08/414002.aspx for
a description of similar issues.
"M. Burnett" <mb@xxxxxxxx> wrote in message
Just in case you are interested, below is how you completely
Server service and File/Printer sharing. I wouldn't recommend
without testing, unless you know what you're doing, and you
having to reinstall windows if necessary, but I have done it on
extremely hardened standalone win2003 servers and it worked
that you always get extra errors in the event log when you start
with stuff like this but, depending on your server
can often ignore those errors.
Remove these files (in safe mode):
Remove these reg keys:
Again, I don't recommend doing this, I'm just showing you that
it can be
"Steve Riley [MSFT]" <steve.riley@xxxxxxxxxxxxx> wrote in
> It's perfectly OK to disable the service if you wish. I do
that on my
> own laptop. However, uninstalling it is untested, unsupported,
> even documented -- in other words, I don't know of any way to
> Steve Riley
> server hardening
> "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
> Well, unbinding F&P will meet your objective of preventing
> them from sharing those; but of course, if they could share
> them then they would be empowered to bind F&P back on
> to the interface (or to start the Server service)
> With the Server service not present or not started they would
> not be able to browse. I have seen corps that do
> want browse of neighborhood to not work.
> Anyway, RPC is not impacted and I have not seen Server
> service not installed, just disabled but installed.
> "Will" <westes-usc@xxxxxxxxxxxxxx> wrote in message
> > "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
> > news:OSKqNMs7GHA.4620@xxxxxxxxxxxxxxxxxxxxxxx
> >> You speak of uninstalling F&P service, and also of
> >> Server service, but I am again wondering whether you mean
> >> uninstall, or just unchecking (i.e. not binding) in the
> >> properties. Obviously if Server service is gone then all
> >> dependents are crippled (which, IIRC includes browser,
> >> seems odd at first until one thinks into how browser
> > The Subject line here was my error. I mean uninstalling
> > the
> > "File and Print Sharing" item in the list of items for each
> interface. Windows 2003 server
> > I had (maybe wrongly) assumed that uninstalling this item
> > uninstall the Server service, but I'm not sure and I am just
> > On some machines we don't want users sharing any part of the
> > or
> > any printer attached to the computer.
> > --
> > Will
> > windows hardening
- Re: Implications of Uninstalling Server Service?
- From: Steve Riley [MSFT]
- Re: Implications of Uninstalling Server Service?
- Prev by Date: Re: Implications of Uninstalling Server Service?
- Next by Date: Re: A big mistery...
- Previous by thread: Re: Implications of Uninstalling Server Service?
- Next by thread: Re: Implications of Uninstalling Server Service?