Windows 2003 system services

Team uCertify

Windows Server 2003 comes with many system services that have different functionalities in the operating system. When Windows Server 2003 is first installed, the default system services are created and are configured to run when the system starts.

Windows Server 2003 also has many additional optional services such as Certificate Services. These services are not installed during the default installation of Windows Server 2003.

The optional services can be added to existing Windows Server 2003 computers by using Add/Remove Programs or the Windows Server 2003 Configure Your Server Wizard, or by creating a customized automated installation of Windows Server 2003.

The service or application running on the Windows 2003 Server can be a point from where hackers and intruders may attack. Therefore, the services and applications that are not required in an environment should be disabled or removed.

If additional services are enabled, they may also have dependencies that require further services. All of the services needed for a specific server role are added in the policy for the server role that it performs in an organization. For example, if Microsoft SQL Server is going to be used for storing customer data on the back-end of a Web application, then SQL Server needs to be installed. A Group Policy that applies to that new server role in this case will also need to be created that sets the SQL Services service to Automatic. Setting the service to Automatic will start the service automatically when the computer starts. The system services settings can be configured in Windows Server 2003 at the following location within the Group Policy Object Editor:

Computer Configuration\Windows Settings\Security Settings\System Services\

Following are some important system services of Windows Server 2003:


The Alerter system service notifies specific users and computers of administrative alerts. It is used to send alert messages to the specified users that are connected to the network. If the service is stopped, programs that use administrative alerts will not receive them.

Automatic Updates

The Automatic Updates system service is used for downloading and installing critical Windows updates.

Background Intelligent Transfer Service

The Background Intelligent Transfer Service (BITS) system service is a background file transfer mechanism and queue manager. It is used for transferring files asynchronously between a client and an HTTP server. Requests to the BITS service are submitted and the files are transferred using an idle network bandwidth so that other network-related activities, such as browsing, are not affected.

Certificate Services

The Certificate Services service is a part of the core operating system that enables a business to act as its own certification authority (CA) and issue and manage digital certificates.

MS Software Shadow Copy Provider

The MS Software Shadow Copy Provider service manages software for file shadow copies taken by the Volume Shadow Copy service. A shadow copy enables users to create a copy of a disk volume that represents a consistent read-only point in time, for that volume. This point in time then stays constant and allows an application, such as NTBACKUP, to copy data from the shadow copy to tape. If this service is disabled, software-based volume shadow copies cannot be managed.

Cluster Service

The Cluster Service is used for controlling server cluster operations and for managing the cluster database. The Cluster Service spreads data and computation among the nodes of the cluster. When a node fails, other nodes provide the services and data formerly provided by the missing node. When a node is added or repaired, the Cluster Service software migrates some data and computation to that node.

Computer Browser

The Computer Browser service is used to maintain an up-to-date list of computers on the network. It also supplies the list to programs that are requesting it. The Computer Browser service is used by Windows-based computers that need to view network domains and resources.


The DHCP service is used to allocate IP addresses and to enable advanced configuration of network settings such as DNS servers and WINS servers to DHCP clients automatically. It prevents an administrator from having to manually configure static IP addresses for individual resources. DHCP service enables a computer to function as a DHCP server and configure DHCP-enabled client computers on the network. DHCP, which runs on a server, enables the automatic, centralized management of IP addresses, and other TCP/IP configuration settings for the network's client computers.

Distributed File System

The Distributed File System (DFS) service is used to manage logical volumes distributed across a local or wide area network. It permits the linking of servers and shares into a simpler, more meaningful name space. DFS provides improved load sharing and data availability.

DNS Client service

The DNS Client service is used to resolve and cache DNS names for a computer. The DNS client service must be running on every computer that performs DNS name resolution. Resolving DNS names is essential for locating domain controllers in Active Directory domains. Running the DNS client service is also critical for locating devices identified using DNS name resolution.

DNS Server service

The DNS Server service is used to enable DNS name resolution by answering queries and update requests for DNS names. The presence of a DNS server is necessary for locating devices identified using DNS names and domain controllers in Active Directory. It enables users to use friendly names to locate computers and other resources on an IP network. TCP/IP uses IP addresses to locate and connect to hosts, but for users, it is easier to use names instead of IP addresses to locate or connect to a site. For example, users will be more comfortable in using the host name rather than using its IP address

Event Log service

The Event Log service is used to enable event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be disabled.

File Replication Service (FRS)

The File Replication Service (FRS) is used to enable files to be automatically copied and maintained simultaneously on multiple servers. If the File Replication Service is disabled, file replication will not occur, and server data will not synchronize. In the case of a domain controller, stopping the FRS service might adversely affect the domain controller's functionality.

IIS Admin Service

IIS Admin Service is used to manage the IIS metabase that holds IIS configuration data. It is used to update the following components of a Web server:

Windows operating system registry for World Wide Web Publishing Service

FTP Publishing Service

Simple Mail Transfer Protocol (SMTP) service

Network News Transfer Protocol (NNTP) service.

IIS Admin Service is used by operating systems to expose the IIS metabase to other applications, including the core components of IIS, applications that are built on IIS, and third-party applications that are independent of IIS, such as management or monitoring tools.

If this service is stopped, administrators cannot run Web, FTP, NNTP, or SMTP sites or configure IIS, and the MMC IIS snap-in appears blank. Moreover, if this service is disabled, any services that explicitly depend on this service will fail to start.

IMAPI CD - Burning COM service

The IMAPI CD-Burning COM service is used to manage CD burning through the Image Mastering Applications Programming Interface (IMAPI) COM interface and to perform CD-R writes when requested by the user through Windows Explorer, Windows Media Player, and third-party applications that use this API.

Indexing Service

The Indexing Service is used to index contents and properties of files on local and remote computers. It provides quick access to files through a flexible querying language. The Indexing Service also enables quick searching of documents on local and remote computers and a search index for content shared on the Web.

Internet Authentication Service

Internet Authentication Service (IAS) performs centralized connection authentication, authorization, and accounting for dial-up and virtual private network (VPN), remote access, and router-to-router connections.

License Logging Service

The License Logging service logs client access license usage for server services or programs such as IIS, Terminal Services, SQL Server, etc. Disabling the License Logging service does not log the usage of client access license for these server services or programs.

Logical Disk Manager Service

The Logical Disk Manager service is used to detect and monitor new hard disk drives. It sends the disk volume information to the Logical Disk Manager Administrative Service for configuration. This service watches Plug and Play events for new drives that are detected and passes volume and disk information to the Logical Disk Manager Administrative Service to be configured.


The Messenger system service is used to send and receive messages transmitted by administrators or by the Alerter service.

Microsoft POP3 Service

The Microsoft POP3 Service is used to provide e-mail transfer and retrieval services. Administrators use the POP3 service for storing and managing e-mail accounts on the mail server.


The Netlogon system service is used to maintain a secure channel between a computer and the domain controller for authenticating users and services. If this service is disabled, computers on the network will not authenticate users and services, and the domain controller will not register DNS records. Disabling this service will also deny NTLM authentication requests, and, in case of domain controllers, they will not be discoverable by client computers.

Network News Transport Protocol (NNTP)

The Network News Transport Protocol (NNTP) service allows computers running Windows Server 2003 to act as a news server. It is used to post, distribute, and retrieve network news messages from NNTP servers and NNTP clients on the Internet.

Performance Logs and Alerts

The Performance Logs and Alerts service is used to collect performance data from local or remote computers based on preconfigured schedule parameters. It then writes the data to a log or triggers an alert.

Plug and Play

The Plug and Play service is used to enable a computer to recognize and adapt hardware changes with little or no user input.

Print Spooler

The Print Spooler service is used for managing all local and network print queues and for controlling all print jobs.

Remote Access Connection Manager

The Remote Access Connection Manager service is used to manage dial-up and VPN connections from a computer to the Internet or other remote networks.

Remote Installation

Remote Installation Services (RIS) is used to install a copy of the operating system throughout the organization from a remote location. It helps reduce the Total Cost of Ownership (TCO).

Remote Procedure Call (RPC)

The Remote Procedure Call (RPC) service is a secure inter-process communication (IPC) mechanism. It is used to enable data exchange and invocation of functionality residing in a different process. Different processes can occur on the same computer, the local area network (LAN), or across the Internet. This service should not be disabled. Disabling the Remote Procedure Call (RPC) service will prevent the operating system from loading numerous services that are dependent on it.

Remote Registry Service

The Remote Registry Service is used to enable remote users to modify registry settings on a computer. Remote Registry service is mainly used by remote administrators and performance counters. If the Remote Registry Service is disabled, modifying the registry will only be allowed on the local computer.

Removable Storage

The Removable Storage service is used to manage and list removable media and to operate automated removable media devices. This service maintains a catalog of identifying information for removable media used by a computer, including cartridge tapes and CDs. This service is required for system backups by using NTBACKUP.EXE.

Routing and Remote Access

Routing and Remote Access Service (RRAS) is a single integrated service that provides both remote access and multiprotocol routing. RRAS provides extensive support for demand-dial routing that allows users to connect to the Internet, connect remote offices, and implement router-to-router virtual private network (VPN) connections.

Server service

The Server service provides RPC support, file, print, and named pipe sharing over the network.

Simple Mail Transport Protocol (SMTP)

The Simple Mail Transport Protocol (SMTP) service is used for transferring e-mails between the intranet and the Internet.

Task Scheduler

The Task Scheduler service is used to enable users to configure and schedule automated tasks on a computer. It monitors whatever criteria users choose and performs the task when the criteria have been met.

TCP/IP Print Server

The TCP/IP Print Server service is used to enable TCP/IP-based printing using the Line Printer Daemon protocol.

Terminal Services

Terminal Services provides multi-session environment that allows remote computers to access Windows-based programs running on a server. When a user runs a program on a Terminal Server, the application execution takes place on the server, and only the keyboard, mouse, and display information are transmitted over the network. Each user sees only his individual session, which is managed transparently by the server operating system, and is independent of any other client session.

Terminal Services Licensing

The Terminal Services Licensing service is used to install a licensed server and to provide registered client licenses when connecting to a Terminal Server.

Volume Shadow Copy

The Volume Shadow Copy service is used to manage and implement Volume Shadow copies used for backup and other purposes.

Windows Installer

The Windows Installer service is used to manage the installation and removal of applications by applying a set of centrally defined setup rules during the installation process.

Windows Internet Name Service (WINS)

Windows Internet Name Service (WINS) is a name resolution service that registers and resolves NetBIOS names to IP addresses used on the network. WINS is a Microsoft standard and is used only on networks that comprise of Windows hosts.

Windows Media Services

The Windows Media Services service is used to provide streaming media services over IP-based networks.

This site is no longer updated.

Click this link to have updated technology news and articles.

About the Author
2006 All rights reserved
uCertify was formed in 1996 with an aim to offer high quality educational training software and services in the field of information technology to its customers. uCertify provides exam preparation solutions for the certification exams of Microsoft, CIW, CompTIA, Oracle, Sun and other leading IT vendors. To know more about uCertify, please visit

More articles