You are currently offline, waiting for your internet to reconnect

List of services that are needed to run a security-enhanced IIS computer

This article was previously published under Q189271
The following list outlines which services are required, as well as thosethat are NOT required, and those that MAY be required, to run InternetInformation Server (IIS) version 4.0 on a secure server. Your particularnetwork or system configuration can change some of the parameters. Forexample, some intranets require WINS and DHCP.
The more services running on a computer, the more entry points theremay be available to malicious attack. A service is a potential entry pointbecause it processes client requests. To help reduce this risk, you shoulddisable unnecessary system services.

NOTE: This is an abridged version of the contents of the security chapterfrom the Internet Information Server 4.0 Resource Kit.


  • Event Log
  • IIS Admin Service
  • License Logging Service
  • Protected Storage
  • Remote Procedure Call (RPC) Service
  • Server
  • Windows NT Server or Windows NT Workstation
  • Windows NTLM Security Support Provider
  • Workstation
  • World Wide Web Publishing Service

May Be Required

  • Certificate Authority (required to issue certificates)
  • Content Index (required if using Index Server)
  • FTP Publishing Service (required if using FTP service; it's highly recommended that FTP and Web services run on different servers)
  • NNTP Service (required if using NNTP Service)
  • Plug and Play (recommended, but not required)
  • Remote Access Services (required if you use dial-up access)
  • RPC Locator (required if doing remote administration)
  • Server Service (can be disabled, but required to run User Manager)
  • SMTP Service (required if using SMTP Service)
  • Telephony Service (required if access is by dial-up connection)
  • Uninterruptible Power Supply (UPS) (optional; but it is recommended that you use a UPS)
  • Workstation (optional; important if you have UNC virtual roots)

Not Required by Most Installations

  • Alerter
  • ClipBook Server
  • Computer Browser
  • DHCP Client
  • Messenger
  • NetBIOS Interface
  • Net Logon
  • Network DDE & Network DDE DSDM
  • Network Monitor Agent
  • NWLink NetBIOS
  • NWLink IPX/SPX Compatible Transport (not required unless you don't have TCP/IP or another transport)
  • Simple TCP/IP Services
  • Spooler
  • TCP/IP NetBIOS Helper
  • WINS Client (TCP/IP)
Additional recommendation: Do not install application software ordevelopment tools on your server.
safety protection safe hacks hack overview guide guidelines guideline minimum requirements suggested suggest suggestion attacks protected www

Article ID: 189271 - Last Review: 08/20/2004 18:31:00 - Revision: 4.0

Microsoft Internet Information Server 4.0

  • kbhowto KB189271