System Services

Applies To: Windows Server 2003 with SP2, Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

System Services

This security setting allows you to define the startup mode (manual, automatic, or disabled) and access permissions for all services (Start, Stop, or Pause). You can also edit other security properties of the service, such as which user or group accounts have permission to read, write, delete, or execute inheritance settings or auditing and ownership permission by clicking Edit Security.

Location

GPO_name\Computer Configuration\Windows Settings\Security Settings\System Services\

Default Values

Discussion

System services are processes that normally run in the background. An administrator uses the Services snap-in to manage system services directly. To manage system services through security policy, administrators can use the System Services security setting.

This security setting does not appear in the local Group Policy object.

If you choose to set system service startup to Automatic, perform adequate testing to verify that the services can start without user intervention.

For performance optimization, set unnecessary or unused services to Manual.

Notes on actions while applying the policy:

• When you set the startup mode to Disabled and the service is running, the security policy client stops the service.

• When you set the startup mode to Automatic and the service isn't running, the security policy client starts the service.

To find descriptions of each individual service (including what happens when you stop it from running), see the “System Services chapter of Threats and Countermeasures: Security Settings” in Windows Server 2003 and Windows XP, which can be downloaded from the Microsoft Web site.