| Performance Logs and
Alerts |
Handles and performance logs and alerts which are
configured with Perfmon.exe. The service will stop automaticly if there
is no performance data to collect.
Note in Win2k3 this service run in the "Network Service" context, and
cannot monitor a performance counter running in "Local System" context
(Like SMS). One can handle this by changing the "Log On" properties for
this service to "Local System Account". |
| |
| Plug and Play (PnP) |
| Enables automatic detection, installation and
activation of new PnP devices attached to the computer. |
| |
| Print Spooler |
Is used to print files
local or from remote, and to store/send print
job to available print devices.
The Printer Spooler also allows one to pool
together several printers attached to the
machine and make them act like one printer.
Note it is not possible to print documents or
install printers if this service is not started.
It will instead give an error message (The usual
solution is to start the service or
reinstall printer drivers):
Printer operation
cannot continue due to lack of resources.
The print subsystem is unavailable
Spooler subsystem app has encountered a
problem and needs to close.
Operation cannot be completed.
To configure the priority of
the print spooler threads use these DWORD
registry values:
[HKEY_LOCAL_MACHINE
\SYSTEM \CurrentControlSet \Control \Print]
SpoolerPriority = 1 (0 = Normal, 1 = Higher,
0xFFFFFFFF = Lower)
SchedulerThreadPriority = 1 (0 = Normal, 1 =
Higher, 0xFFFFFFFF = Lower)
PortThreadPriority = 1 (0 = Normal, 1 =
Higher, 0xFFFFFFFF = Lower)
To configure the output to
the EventLog:
[HKEY_LOCAL_MACHINE
\SYSTEM \CurrentControlSet \Control \Print
\Providers]
EventLog = 0 (0 = Disabled, 1 = Errors, 2 =
Warnings, 4 = Informative, 7 = All)
To configure whether to make
a notify popup when print job finished. Open
Control Panel => Printers => File-menu =>
Server-Properties -> Advanced-Tab -> Untick
"Notify when remote documents are printed".
(This should be reflected with this registry
key)
[HKEY_LOCAL_MACHINE
\SYSTEM \CurrentControlSet \Control \Print
\Providers]
NetPopup = 0 (0 = Disabled, 1 = Enabled)
To configure whether shared
printers should use bandwidth to announce
themselves to the entire network (Internet
included):
[HKEY_LOCAL_MACHINE
\SYSTEM \CurrentControlSet \Control \Print]
DisableServerThread = 1 (1 = Hidden, 0 =
Visible in Network Neighborhood)
|
|
|
|
| Protected Storage |
Is used to encrypt and
store secure information like this
- SSL certificates
- Passwords for
programs (like Outlook, Outlook Express,
etc.)
- Info stored by
Profile Assistant
- Info maintained by MS
Wallet
- Digitally signed
S/MIME keys.
Note if this service is set
to manual it will cause Outlook Express to take
a long time to start, because it has to wait for
this service to load first.
Note if this service is stopped or disabled,
private keys will be inaccessible, certificate
server will not operate, S/MIME & SSL will not
work and smart card logon will fail. |
|
|
|
| QoS RSVP |
Quality of Service(QoS) ReSerVation Protocol(RSVP)
can help QoS aware programs and control applets, to get enough of the
bandwidth.
This is done by providing network signaling and local traffic control
setup functionality. |
| |
| Remote Access Auto
Connection Manager |
Automaticly creates a connection to a remote network, whenever a
program references a remote DNS or NETBIOS name or address.
The service can bring up a dialog which offers to make a dial-up or
virtual private network (VPN) connection to a remote computer. |
| |
| Remote Access
Connection Manager |
Used to connecting, maintaining and disconnecting dial-up and VPN
connections from your computer to the Internet or other remote networks.
With Win2k the VPN module was extended to support Layer 2 Tunnel
Protocol (L2TP) connections with
Internet Protocol Security (IPSec) for higher security. |
| |
| Remote Desktop Help
Session Manager |
| Manages and controls
Remote Assistance. If this service is stopped, Remote Assistance
will be unavailable. |
| |
| Remote Procedure Call
(RPC) |
The service provides the endpoint mapper and
other miscellaneous RPC services.
Remote Procedure Call (RPC) is a protocol used
by the Windows operating system. RPC provides an
inter-process communication mechanism that
allows a program running on one computer to
seamlessly execute code on a remote system. The
protocol itself is derived from the Open
Software Foundation (OSF) RPC protocol, but with
the addition of some Microsoft specific
extensions. By default this service accepts
connections at TCP port 135.
Note if by accident having configured the
service to be Disabled, then one have to
boot in safemode and and set the service to
Automatic. If the
service applet doesn't work one can either
do it through the
registry or with
Msconfig
Note to configure the behavior and access to
this service run this command:
DcomCnfg.exe
|
|
|
|
| Remote Procedure Call
(RPC) Locator |
Name service provider that maintains a database
with available RPC services on the server, where local RPC services can
register themselves. A client can then contact the RPC locator on the
server to locate and access the wanted RPC service.
This service is used by IIS to register what computers available for
remote administration. |
| |
| Remote Registry
Service |
| Allows remote registry manipulation, for
authorized users. |
| |
| Removable Storage |
Manages removable media, drives, and libraries.
This is not needed for CD\DVD\Floppy drives, but is intended for Tape
drives.
Note if having set this service to Manual or Disabled and starting
Ntbackup, then a warning will popup about "Removable storage not
running". This is only means that Ntbackup will not be able to access
any tape-drives for backup/restore of files. |
| |
| Resultant Set of
Policy Provider (RSoP) |
| Enables you to connect to a Windows domain
controller, access the Windows Management Instrumentation (WMI) database
for that computer, and simulate RSoP for Group Policy settings that
would be applied to a user or computer located in Active Directory on a
Windows 2000 or later domain. |
| |
| Routing and Remote
Access Service (RRAS) |
The service offers:
- Routing service of LAN-to-LAN,
LAN-to-WAN, virtual private network (VPN)
and network address translation (NAT).
The routing possibilities of RRAS is more
advanced than those provided by
Internet Connection Sharing (Both using
the same NAT module)
- Filtering according to filter rules
which can be configured by tools like
NetSh and Routemon(WinNT4)
- Remote access via dial-up(PPP) and
VPN connections. Related
Configure PPP/VPN MTU Size
When disabled the option "Incoming Connections"
will disappear from "Network Connections"
Control Panel. |
|
|
|
| RunAs Service /
Secondary Logon |
Enables starting processes under alternate
credentials.
It is good idea not to be logged in as a user
with too many privileges, like the administrator
account. Since all programs (Also malicious)
will automaticly be launched with the user's
privileges.
With this service it is possible to still be
running administrative tasks, while logged in as
a standard user.
To activate the "Run As..." feature hold down
shift while right clicking a shortcut or an
exe-file. Or change the properties for the
shortcut to "Run as different user"
Note to hide the option to run a program as
another user set this DWORD value:
[HKEY_LOCAL_MACHINE \SOFTWARE \Microsoft
\Windows \CurrentVersion \policies
\Explorer]
HideRunAsVerb = 1
More Info
MS KB Q830568
Note with Win2k SP4 a new policy was created
making it possible to configure what
accounts(Default:Adminitrators and SYSTEM),
which are allowed to impersonate other accounts:
- Open Control Panel and open
Administrative Tools and double click
Local Security Policy
- Expand Local Policies and click
User Rights Assignment
- In the right pane double click
Impersonate a client after authentication
- Press Add... to enable other
users to impersonate other accounts
More Info
MS KB Q821546
Note one can also run applications as another
user from the command line using "RUNAS", though
it will prompt for password unless using
Sanur or
CPUA. To see all options available:
runas /?
More Info
MS KB Q294676
Note in WinNT4 one can use the Super User
Service Starter SUSS.EXE and the tool SU.EXE
(Found in the NT reskit):
SUSS.EXE -install
ECHO Password | SU.EXE Username UserMgr.exe
SU_USERNAME - Environment variable for
default user name to SU.
SU_PASSWORD - Environment variable for
password to SU. Avoids password prompting.
SU_DOMAIN - Environment variable for domain
name referenced by SU.
SU_COMMANDLINE - Environment variable for
command line run by SU.
SU_DESKTOP - Environment variable for
windowstation and desktop targeted by SU.
More Info
MS KB Q829640
Note another way of running an application as
another user is to create a
scheduled task where it is possible to
specify username and password. |
|
|
|
