HostedDB - Dedicated UNIX Servers

hpntbast101_4 - 4 - Remove unused network services Remove all unused services with the Network application in the Control Panel. This should leave you with a configuration looking like the picture to the right. Only the RPC configuration for the port mapper (RpcSs) is left. IIS will not start without it. Note that when you remove the Workstation service, you will get a message every time you start the Network application in Control Panel: ”Windows NT Networking is not installed. Do you want to install it now?” Ignore this question by answering NO. Another caveat is that User Manager for Domains (usrmgr.exe) stops working when the Workstation service is not running. Replace it with User Manager (musrmgr.exe) from NT Workstation. Disable NETBIOS By unbinding the WINS Client in the Network application from all adapters, we get rid of all listeners on the NETBIOS ports. Network -> Bindings -> All protocols -> WINS Client - > Disable. Also disable the WINS Client driver in Control Panel -> Devices -> WINS Client -> Disable. Configure TCP/IP filters Configure TCP/IP-security by specifying what ports are allowed inbound (TCP or UDP) on each network adapter. This is done in the Network application -> Protocols -> TCP/IP -> Advanced -> Enable Security -> Configure. Example: Web-server The configuration shown to the right allows only connections to tcp/80. No UDP is accepted. IP protocol 6 is TCP. Disable unused services Everything should be disabled but the following (excluding any applications we want running on the system of course). Disable all but the services below is a good idea. · EventLog · NT LM Security Support Provider · Plug and Play · Protected Storage · Remote Procedure Call (RPC) Service The processes that should be running are these: smss.exe Session Manager