UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Services will be documented and unnecessary services will not be installed or will be disabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-3487 5.068 SV-32266r2_rule ECSC-1 Medium
Description
Unnecessary services increase the attack surface of a system. Some services may be run under the local System account, which generally has more permissions than required by the service. Compromising a service could allow an intruder to obtain system permissions and open the system to a variety of attacks.
STIG Date
Windows Server 2008 R2 Domain Controller Security Technical Implementation Guide 2012-09-05

Details

Check Text ( C-32712r2_chk )
Required services will vary between organizations, and on the role of the individual system. Organizations will develop their own list of services which will be documented and justified with the IAO. The Site’s list will be provided for any security review. Services common to multiple systems can be addressed in one document. Exceptions for individual systems should be identified separately by system.

Individual services specifically required to be disabled per the STIG are identified in separate requirements.

If the site has not documented the services required for their system(s), this is a finding.

The following can be used to view the services on a system:
Select “Start”.
Select “Run”.
Enter "Services.msc" in the run box.
Respond to any User Account Control prompts.


Services for Windows Server 2008 R2 roles are managed automatically, adding those necessary for a particular role. The following tables list the default services for a baseline installation and those for common roles as a reference. This can be used as a basis for documenting the services necessary.

Default Installation
Name - Startup Type
Application Experience - Manual
Application Identity - Manual
Application Information - Manual
Application Layer Gateway Service - Manual
Application Management - Manual
Background Intelligent Transfer Service - Manual
Base Filtering Engine - Automatic
Certificate Propagation - Manual
CNG Key Isolation - Manual
COM+ Event System - Automatic
COM+ System Application - Manual
Computer Browser - Disabled
Credential Manager - Manual
Cryptographic Services - Automatic
DCOM Server Process Launcher - Automatic
Desktop Window Manager Session Manager - Automatic
DHCP Client - Automatic
Diagnostic Policy Service – Automatic (Delayed Start)
Diagnostic Service Host - Manual
Diagnostic System Host – Manual
Disk Defragmenter - Manual
Distributed Link Tracking Client - Automatic
Distributed Transaction Coordinator - Automatic (Delayed Start)
DNS Client - Automatic
Encrypting File System (EFS) - Manual
Extensible Authentication Protocol - Manual
Function Discovery Provider Host - Manual
Function Discovery Resource Publication - Manual
Group Policy Client - Automatic
Health Key and Certificate Management - Manual
Human Interface Device Access - Manual
IKE and AuthIP IPsec Keying Modules - Manual
Interactive Services Detection - Manual
Internet Connection Sharing (ICS) - Disabled
IP Helper - Automatic
IPsec Policy Agent - Manual
KtmRm for Distributed Transaction Coordinator - Manual
Link-Layer Topology Discovery Mapper - Manual
Microsoft .NET Framework NGEN v2.0.50727_X64 - Manual
Microsoft .NET Framework NGEN v2.0.50727_X86 - Manual
Microsoft Fibre Channel Platform Registration Service - Manual
Microsoft iSCSI Initiator Service - Manual
Microsoft Software Shadow Copy Provider - Manual
Multimedia Class Scheduler - Manual
Netlogon - Manual
Network Access Protection Agent - Manual
Network Connections - Manual
Network List Service - Manual
Network Location Awareness - Automatic
Network Store Interface Service - Automatic
Performance Counter DLL Host - Manual
Performance Logs & Alerts - Manual
Plug and Play - Automatic
PnP-X IP Bus Enumerator - Disabled
Portable Device Enumerator Service - Manual
Power - Automatic
Print Spooler - Automatic
Problem Reports and Solutions Control Panel Support - Manual
Protected Storage - Manual
Remote Access Auto Connection Manager - Manual
Remote Access Connection Manager - Manual
Remote Desktop Configuration - Manual
Remote Desktop Services - Manual
Remote Desktop Services UserMode Port Redirector - Manual
Remote Procedure Call (RPC) - Automatic
Remote Procedure Call (RPC) Locator - Manual
Remote Registry - Automatic
Resultant Set of Policy Provider - Manual
Routing and Remote Access - Disabled
RPC Endpoint Mapper - Automatic
Secondary Logon - Manual
Secure Socket Tunneling Protocol Service - Manual
Security Accounts Manager - Automatic
Server - Automatic
Shell Hardware Detection - Automatic
Smart Card - Manual
Smart Card Removal Policy - Automatic (Manual is the default)
SNMP Trap - Manual
Software Protection - Automatic (Delayed Start)
Special Administration Console Helper - Manual
SPP Notification Service - Manual
SSDP Discovery - Disabled
System Event Notification Service - Automatic
Task Scheduler - Automatic
TCP/IP NetBIOS Helper - Automatic
Telephony - Manual
Thread Ordering Server - Manual
TP AutoConnect Service - Manual
TPM Base Services - Manual
UPnP Device Host - Disabled
User Profile Service - Automatic
Virtual Disk - Manual
Volume Shadow Copy - Manual
Windows Audio - Manual
Windows Audio Endpoint Builder - Manual
Windows Color System - Manual
Windows Driver Foundation - User-mode Driver Framework - Manual
Windows Error Reporting Service - Manual
Windows Event Collector - Manual
Windows Event Log - Automatic
Windows Firewall - Automatic
Windows Font Cache Service - Manual
Windows Installer - Manual
Windows Management Instrumentation - Automatic
Windows Modules Installer - Manual
Windows Remote Management (WS-Management) - Automatic (Delayed Start)
Windows Time - Automatic
Windows Update - Automatic (Delayed Start)
WinHTTP Web Proxy Auto-Discovery Service - Manual
Wired AutoConfig - Manual
WMI Performance Adapter - Manual
Workstation – Automatic

The following services for roles are addressed in the Microsoft Windows Server 2008 R2 Security Guide, Windows Server 2008 R2 Attack Service Reference.xlsx. These major roles may include sub-roles not addressed here.

Name - Startup Type
Active Directory Certificate Services
Active Directory Certificate Services - Automatic

Active Directory Domain Services
Active Directory Domain Services - Automatic
Active Directory Web Services - Automatic
DFS Namespace - Automatic
DFS Replication - Automatic
DNS Server - Automatic
Intersite Messaging - Automatic
Kerberos Key Distribution Center - Automatic
Net.Tcp Port Sharing Service - Disabled
Windows CardSpace - Manual
Windows Presentation Foundation Font Cache 3.0.0.0 - Manual

DHCP Server
DHCP Server - Automatic

DNS Server
DNS Server - Automatic

File Server
Server - Automatic
Workstation - Automatic

Hyper-V Server
Hyper-V Image Management Service - Automatic
Hyper-V Networking Management Service - Automatic
Virtual Machine Management Service - Automatic

Network Policy and Access Server
Network Policy Server - Automatic (Delayed Start)

Print Server
Print Spooler - Automatic

Remote Desktop Services Server
Remote Desktop Configuration - Manual
Remote Desktop Services - Automatic
Remote Desktop Services UserMode Port - Manual

Web Server (IIS)
Application Host Helper Service - Automatic
Windows Process Activation - Manual
World Wide Web Publishing Service - Automatic
Fix Text (F-28959r1_fix)
Document the services required for the system to operate. Remove or disable any services that are not required.