Tight Service List

I have an obsession with making virtual machines as tight as possible. I've been working on a Microsoft Windows "Server" 2003 R2 SP2 image for a while -- the production environment hasn't been upgraded to Linux yet. The screenshot shows how few processes are running, yet it still supports an application server that runs production code. I'm using the file sharing functions of the OS, so I can't disable that stack of dependencies. Once I logout (after taking the screenshot), the user session processes will be ended, leaving shell access via the OpenSSH daemon.

6370274-tight-windows-virtual-machine.png

Here are the services set to start automatically:

  • Apache

  • ColdFusion 9 Search/Solr, as needed

  • COM+ Event System

  • Cygwin OpenSSH

  • DHCP Client

  • DNS Client

  • Event Log

  • Macromedia JRun Admin

  • Macromedia JRun Default ColdFusion Instance

  • Performance Logs and Alerts

  • Plug and Play

  • Report Procedure Call (RPC)

  • Secondary Login

  • Security Accounts Manager

  • Server

  • System Event Notification

  • VirtualBox Guest Additions Service

  • Workstation

These services are set for manual startup, which means that might get started by something, however I don't want to disable them completely.

  • Application Experience Lookup Service

  • Application Layer Gateway Service

  • Application Management

  • Automatic Updates

  • Background Intelligent Transfer Service

  • COM+ System Application

  • Computer Browser

  • Cryptographic Services

  • DCOM Server Process Launcher

  • Distributed File System

  • Distributed Link Tracking Client

  • Distributed Transaction Coordinator

  • Error Reporting Service

  • File Replication

  • Help and Support

  • HTTP SSL

  • IPSEC Services

  • Logical Disk Manager

  • Logical Disk Manager Administrative Service

  • Microsoft Software Shadow Copy Provider

  • Net Logon

  • Network Connections

  • Network Provisioning Service

  • NT LM Security Support Provider

  • Portable Media Serial Number Service

  • Print Spooler

  • Protected Storage

  • Remote Access Auto Connection Manager

  • Remote Access Connection Manager

  • Remote Desktop Help Session Manager

  • Report Procedure Call (RPC) Locator

  • Remote Registry

  • Removable Storage

  • Resultant Set of Policy Provider

  • Smart Card

  • Special Administration Console Helper

  • Task Scheduler

  • TCP/IP NetBIOS Helper

  • Telephony

  • Uninterruptible Power Supply

  • Virtual Disk Service

  • Volume Shadow Copy

  • Windows Audio

  • Windows Installer

  • Windows Management Instrumentation

  • Windows Management Instrumentation Driver Extensions

  • Windows Time

  • Windows User Mode Driver Framework

  • Wireless Configuration

  • WMI Performance Adapter

These services are completely disabled:

  • Alerter

  • ClipBook

  • Distributed Link Tracking Server

  • Human Interface Device Access

  • IMAPI CD-Burning COM Service

  • Indexing Service

  • Intersite Messaging

  • Kerberos Key Distribution Center

  • License Logging

  • Messenger

  • NetMeeting Remote Desktop Sharing

  • Network DDE

  • Network DDE DSDM

  • Network Location Awareness (NLA)

  • Routing and Remote Access

  • Shell Hardware Detection

  • Telnet

  • Terminal Services

  • Terminal Services Session Directory

  • Themes

  • WebClient

  • Windows Firewall/Internet Connection Sharing (ICS)

  • Windows IMage Acquisition (WIA)

  • WinHTTP Web Proxy Auto-Discovery Service

Please excuse the double entendre in the post subject. I couldn't resist. :P