The Deep description on Windows Services
We have tried our best efforts to explore the deepth of windows services and all the given information is gathered from Microsoft notes (As its microsoft product)
|
| 61.Service Name:-NNTPSVC |
| Executable Name:-INETINFO.EXE |
| Log On As:-LocalSystem |
Description:-NNTP is a member of the TCP/IP suite of protocols used to distribute network news messages to NNTP servers and clients (newsreaders) on the Internet. NNTP is designed so that news articles are stored on a server in a central database, thus enabling a user to select specific items to read.
You can use a news client such as Outlook Express to retrieve newsgroups from the server and read headers or bodies of the articles in each newsgroup. You can then post news back to the NNTP server.
If the service is stopped or disabled, client computers will not be able to retrieve and read posts. If the IIS Admin service is stopped, the NNTP service will stop as well.
|
| Avaliable on OS:-Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition. |
| Installed through:-Add/Remove Programs, Add/Remove Windows Components, Application Server, Internet Information Services (IIS). |
| Startup type:-Automatic |
| Service status:-Started |
| This service depends on the following system components:-Event Log,
IIS Admin Service,
Security Accounts Manager,
Remote Procedure Call
|
| The following system components depend on this service:- None |
| Port Numbers used:-TCP: 119, 563 (SSL) |
|
| 62.Service Name:-NtLmSsp |
| Executable Name:-lsass.exe |
| Log On As:-System |
Description:-: Local Security Authority (LSA) for the system. The NT LM Security Support Provider name used above and in the Services panel in the Administrative Tools is a historical holdover.
The LSA is responsible for two major tasks: authentication and management of local security policy objects.
The LSA handles all authentication requests on the local system through the use of multiple security service providers. It provides interactive authentication for users as well as non-interactive authentication for services. The LSA uses a variety of security service providers which provide several different authentication protocols. Each of these providers is in a different dll loaded by the LSA.
- Kerberos - the preferred authentication protocol in Windows 2000, Windows XP and Windows Server 2003 (kerberos.dll)
- SChannel - SSL & TLS (schannel.dll)
- Digest (wdigest.dll)
- NTLM - LM, NTLM and NTLMv2 (msv1_0.dll)
The second major function of the LSA is to store and manage security objects. These objects include the access tokens for users, local security policy, and the trusted domains. For example, all ACL checks use information from the LSA.
This is a critical system process. If it is stopped or disabled, all user and system authentication will stop and all security policy checks will fail. In short, the system would no longer function. For this reason, the administration tools will not allow an administrator to stop this process.
|
| Avaliable on OS:-Windows 2000, Windows XP Home, Windows XP Professional; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition. |
| Installed through:-Default |
| Startup type:-System Component started automatically and cannot be stopped. |
| Service status:-Started |
| This service depends on the following system components:-services.exe |
| The following system components depend on this service:-Telnet,
Windows Internet Name Service (WINS),
RPC, LPC, Kerberos
|
| Port Numbers used:-LSA users RPC/TCP and thus uses a port dynamically assigned by the RPC endpoint mapper. |
|
| 63.Service Name:-Sysmonlog |
| Executable Name:-Smlogsvc.exe |
| Log On As:-NetworkService |
| Description:-Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. The Performance Logs and Alerts service starts and stops each named performance data collection based on the information contained in the named log collection setting.
If the service is running and is then stopped, currently running data collections will terminate and no future scheduled collections will take place. If started, this service will stop automatically if there is no performance data to collect.
|
| Avaliable on OS:-Windows XP Home, Windows XP Professional; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition and Windows Server 2003, Web Edition. |
| Installed through:-Default operating system installation |
| Startup type:-Manua |
| Service status:-Stopped |
| This service depends on the following system components:-Network DDE, Network DDE DSDM |
| The following system components depend on this service:- None |
| Port Numbers used:-TCP: 139 |
|
