hpntbast101_4
- 4 -
Remove unused network services
Remove all unused services with the Network application in
the Control Panel. This should leave you with a configuration
looking like the picture to the right.
Only the RPC configuration for the port mapper (RpcSs) is
left. IIS will not start without it.
Note that when you remove the Workstation service, you will
get a message every time you start the Network application in
Control Panel: Windows NT Networking is not installed. Do
you want to install it now? Ignore this question by answering
NO.
Another caveat is that User Manager for Domains
(usrmgr.exe) stops working when the Workstation service is
not running. Replace it with User Manager (musrmgr.exe)
from NT Workstation.
Disable NETBIOS
By unbinding the WINS Client in the Network application
from all adapters, we get rid of all listeners on the NETBIOS
ports. Network -> Bindings -> All protocols -> WINS Client -
> Disable.
Also disable the WINS Client driver in Control Panel ->
Devices -> WINS Client -> Disable.
Configure TCP/IP filters
Configure TCP/IP-security by specifying what ports are
allowed inbound (TCP or UDP) on each network adapter. This
is done in the Network application -> Protocols -> TCP/IP ->
Advanced -> Enable Security -> Configure.
Example: Web-server
The configuration shown to the right allows only connections
to tcp/80.
No UDP is accepted. IP protocol 6 is TCP.
Disable unused services
Everything should be disabled but the following (excluding any applications we want running on the system of
course).
Disable all but the services below is a good idea.
·
EventLog
·
NT LM Security Support Provider
·
Plug and Play
·
Protected Storage
·
Remote Procedure Call (RPC) Service
The processes that should be running are these:
smss.exe
Session Manager