Member server Domain controller Infrastructure server IIS server Windows 2000 services that can be disabled • • • • • • • • Service Description Startup Ramifications if disabled COM+ Event Services Allows management of Component Services by providing automatic distribution of events to subscribing COM components Manual System Event Notification stops working, which means that logon and logoff notifications will not take place. Other applications, such as Volume Snapshot service, will not work correctly. DHCP Client Allows the system to automatically obtain IP addressing information, WINS server information, routing information, etc., and is required to update records in Dynamic DNS The system will be unable to obtain an IP address, WINS Automatic information, etc., from a DHCP server and will need to be configured with a static address. DHCP Server Distributes TCP/IP and WINS information to requesting clients Automatic Distributed File System Manages volumes that are replicated to other domain controllers on the network, such as the SYSVOL volume present on all domain controllers Users will be unable to access distributed files using the Automatic Dfs namespace and will instead need to specifically targe an individual server to get the required information. Distributed Link Tracking Client Ensures that shortcuts and OLE links continue to work after Link tracking will be unavailable. Users on other the target file is renamed or moved by maintaining links in the Automatic computers won't be able to track links on this computer. file system • • • • DNS Client Resolves and caches DNS names, allowing the system to The system will be unable to resolve a name and will be communicate with canonical names rather than strictly by IP Automatic able to communicate only via IP address. A client may be • address unable to communicate with its domain controller. • • • DNS Server Performs the name-to-IP address lookup both for itself and clients; required on the server to allow clients to use Active Directory services • • Event Log Administrators won't be able to view logs, including the Allows event log messages to be viewed in Event log to assis Automatic security log, increasing the difficulty of diagnosing in problem resolution problems and detecting security breaches. • • File Replication Used by services to replicate files to different servers on the File replication will not take place, which can result in an Automatic network; used especially by the Dfs service impaired domain controller. IIS Admin Enables administration of an Internet Information Services Web server Automatic Kerberos Key Distribution Center Allows users with an appropriate client to log on to the network using Kerberos v5 Automatic Users will be unable to log in to the domain. Logical Disk Manager Waits for new drives to be added and passes required information to the LDM administrative service; required to ensure dynamic disk information is up to date Automatic New disks will not be detected by the system. • • • • Logical Disk Manager Administrative Service Starts and allows configuration to take place when a new drive is detected or a partition/drive is configured Manual • • • • Netlogon Allows pass-through authentication to take place between a The server will be unable to properly participate in the client and a domain controller or between domain controllers; Automatic domain and will reject NT LAN Manager (NTLM) required for domain participation requests. • • • • Network Connections Manages the network and dial-up connections for the server, Manual including network status notification and configuration Network configuration will not be possible; new connections can't be created and services that need network information may fail. • • • • NT LM Security Support Provider Allows clients to log on using NT LAN Manager (NTLM) authentication Automatic Users with versions of Windows prior to Windows 2000 will be unable to log in to the network. • NT LM Security Support Provider (NTLMSSP) Allows users to log on to the network using NTLM Automatic Users with versions of Windows prior to Windows 2000 will be unable to log in to the network. • • Performance Logs and Alerts Collects performance data for the computer or other computers and writes it to a log or displays it on the screen Manual Performance information will no longer be logged or displayed. • • • • Plug and Play The system will be unstable and incapable of detecting Allows an administrator to add hardware to a server and have Automatic hardware changes. the server automatically detect and configure it • • • • Protected Storage Protects sensitive information such as private keys from exposure except to allowed persons and services Automatic Protected information will be inaccessible. • • • • Remote Procedure Call (RPC) Allows processes to communicate internally and across the network with each other Automatic The system will not boot. Don't disable this service. • • • • Remote Registry Service Provides a mechanism to remotely manage the system registry Remote systems will be unable to connect to the local Automatic registry. Hfnetchk uses this mechanism. Disabling it can affect the patch utility's operation. • • • • RPC Locator Systems that are running third-party utilities looking for RPC information will be unable to find it. OS components Provides RPC name services similar to DNS services for IP Automatic do not use this service, but programs such as Exchange do. Security Accounts Manager Stores account information for local security accounts, which, when started, allows other services to access the SAM Automatic Services that rely on requests to the SAM database will not function properly. • • • • Server Allows the sharing of local resources such as files and printers, as well as named pipe communication Automatic Resources can't be shared, RPC requests will be denied, and named pipe communication will fail. • • • • System Event Notification Required to record entries in the event logs; notifies COM+ subscribers about logon and power-related events Automatic Certain notifications will no longer work. For example, synchronization won't work, as it depends on connectivity • information and Network Connect/Disconnect and Logon/Logoff notifications. • • • TCP/IP NetBIOS Helper Service Required for software distribution in a Group Policy (may be NetBIOS over TCP/IP clients including Netlogon and used to distribute patches) and provides support for NetBIOS Automatic Messenger might stop responding. Disabling may also over TCP/IP and NetBIOS name lookups affect the ability to share resources. • • • W3SVC Allows the server to share Web content (IIS) Windows Management Instrumentation Driver Provides system management information; required to implement performance alerts using Performance Logs and Manual Alerts System management and performance information will be • unavailable. • • • Windows Time (or W32Time) Uses NTP to keep computers in the domain synchronized; critical for Kerberos authentication to consistently function Automatic Time synchronization won't take place, which may cause Kerberos identification tokens to be marked as expired and discarded by a server, resulting in inaccessible resources. • • • Windows Internet Name Service (WINS) Provides NetBIOS naming services; required for networks with clients running versions of Windows prior to Windows 2000 Automatic Older clients will be unable to obtain NT domain information and use domain resources. Workstation The computer will be unable to connect to remote Provides network connections and communications using the Automatic Microsoft Network services Microsoft Network resources. Clients will be unable to obtain addressing information, which could result in a loss of network connectivity. • • Access to resources must be made by IP address and no Automatic by name. There could be serious implications for Active Directory lookups. • • IIS can't be administered, and Web, FTP, and other Internet services will not run. None; runs only when needed. • • • • • Automatic Clients can't obtain information with a Web browser. • • • • • • • Windows 2000 Network Administration Windows 2000 delivers many advantages as well as headaches. When e-mail viruses strike or your client network connections fail, what do you do? Our editors have identified the most common Windows 2000 administration issues and have pulled together proven solutions to help you make the most of Windows 2000 on your network. Your organization relies heavily on Windows technology. Get the one resource that delivers the information you need to meet your daily issues. Whether you're maximizing Active Directory, securing your servers, or preparing your network for Windows XP, you'll be prepared for it all with TechRepublic's Windows 2000 Network Administration! This comprehensive guide delivers information on how to: Install Windows 2000 over a network Prepare for Windows XP upgrades Create audit policies Manage Active Directory Troubleshoot DNS and other networking problems z Solve Outlook issues z z z z z Order Today! YES! Please send my copy of Windows 2000 Network Administration. I'll receive my CD-ROM at the special rate of only $89 plus $5.95 s&h ($8.95 s&h Canada, $12.95 s&h international). Bonus: Free shipping in the U.S. if I pay now! If I'm not completely satisfied, I can return my copy within 30 days for a full refund.