เรามา Hardening Service ของ Windows 2008 กันเถอะครับ ...​ ไม่ใช้ตัวไหนก็ปิดไปซะ ..

Now Windows 2008 ships with fewer services that set to automatically start up than previous operating systems but seems to still have a lot of services setup to start manually that I will never need. For a server OS I think a lot of these things should be off by default and turned on when you add the proper role/feature to windows. On the other hand shipping with the print spooler off will probably generate a lot of support calls.
Automatic Services

Here are all the services I disabled that were set to automatic startup. By disabling these services I limit my attack surface area which can prevent or limit exploitation of the server.

DHCP Client
DHCP is used to auto configure a computers IP settings. Most servers will have a static IP address so this service is unnecessary.

DNS Client
The Domain Name System Client service caches the result of domain name lookups and registers the server with its parent DNS server. Turning this off will slow DNS lookups but could also be used against us in a DNS cache poisoning attack. Note that turning this service off still allows the computer to do DNS lookups.

Distributed Link Tracking Client  
Distributed links are things like shell shortcuts and OLE links. This service will track if a linked file has been moved/renamed. As linked files would be more common on a desktop OS I disabled this.

Human Interface Device Access
Allows keyboard/mouse/other hot buttons and other multimedia devices to interact with windows

IP Helper
Provides IPv6 connectivity over an IPv4 network. As I am still strictly IPv4 right now I disabled this service.

Print Spooler
Server has no printers.

Remote Registry
This service allows registry access to authenticated remote users. Even though this is blocked by the firewall and ACLs this service should be turned off if you have no reason to allow remote registry access.

***Secondary Login***
This service allows the "run as" command to run a service as a different user. I am not sure how this affects UAC in windows 2008 so I have left it on for now but may disable this one in the future.

Server
Supports file,print, and named-pipe sharing. Something this server should not do.

TCP/IP NetBIOS Helper
This allows NetBIOS communications over a routed network. As this server is stand alone and should not need to do NetBIOS communications it has been disabled.

Workstation
Maintains client network connections via the SMB protocol.

Windows Error Reporting Service
This service facilitates the notification and reporting of errors to Microsoft.

Windows Remote Management
WinRM is a remote management protocol running over web services
Manual Services

These services are not running by default. Instead when a program or application requests their functionality they will startup. These should be harder to exploit but I have still disabled them as this server should not need the functionality they provide.

Terminal Services Configuration
This service allows TS/Remote desktop to do activities that require the "SYSTEM" context.

Application Management
Processes software management requests deployed via group policy.

Remote Access Auto Connection Manager
Creates a connection to a remote network whenever a program references a remote name.

Remote Access Connection Manager
Manages VPN connections to remote networks.

Resultant Set Of Policy Provider
Simulates the application of Group Policy settings.

Smart Card
Manages access to smart cards readers.

Smart Card Removal Policy
Allows the system to lock the computer when the smart card is removed.

Special Administration Console Helper
Allows administrators to remotely access a command prompt.

Telephony
Provides TAPI support for programs.

WinHTTP Web Proxy Auto-Discovery Service
This allows applications that use WinHTTP to send HTTP requests to use the proper configuration.

Application Layer Gateway Service
Provides 3rd party plugins for Internet Connection Sharing

Certificate Propagation
Propagates certificates from smart cards

Function Discovery Provider Host
Allows resources to be published over the network. This main use for this is with the Media Centre Extender Service.

Function Discovery Resource Publication
Publishes computer+resources so that they can be discovered over the network

Link-Layer Topology Discovery Mapper
Creates a network map of devices and PCs on the network.

Microsoft iSCSI Initiator Service
Allows the management of Internet SCSI sessions. This is usually used with storage area networks

Microsoft Fibre Channel Platform Registration Service
I could not find much on this. I don't have and fibre devices so I felt this was safe to disable.

Multimedia Class Scheduler
Enables prioritization of work mainly for multimedia applications.

NetLogon
Maintains a channel between computer and domain controller.

Portable Device Enumerator Service
Enables applications to synchronize content with removable devices.

Secure Socket Tunnelling Protocol Service
Provides SSL Tunnelling to remote servers.

SNMP Trap
Receives messages over the Simple Network Management Protocol and routes them to SNMP software on the computer.

Web Management Service
enables remote management of the web server, sites, and applications on this machine.

Windows Audio
Manages audio.

Windows Audio Endpoint Builder
Manages audio devices.

Windows Colour System
Third party colour management.

อ้างอิงจาก :  http://www.haveyougotwoods.com/archive/2008/03/17/windows-2008-service-hardening.aspx