 
|
||||||
|
| |||||||
|
|
The Following is a list of the Microsoft Windows service details. Data is sourced from Microsoft.comActive Directory (Local Security Authority)
Active Directory runs under the LSASS
process and includes the authentication and
replication engines for Windows 2000 and
Windows Server 2003 domain controllers.
Domain controllers, client computers and
application servers require network
connectivity to Active Directory over
specific hard-coded ports in addition to a
range of ephmeral TCP ports between 1024 and
65536 unless a tunneling protocol is used to
encapsulate such traffic, An encapsulated
solution might consist of a VPN gateway
located behind a filtering router using
Layer 2 Tunneling Protocol (L2TP) together
with IPsec. In this encapsulated scenario,
you must allow IPsec Encapsulating Security
Protocol (ESP) (IP protocol 50), IPsec
Network Address Translator Traversal NAT-T (UDP
port 4500), and IPsec Internet Security
Association and Key Management Protocol (ISAKMP)
(UDP port 500) through the router as opposed
to opening all the ports and protocols
listed below. Finally, the port used for
Active Directory replication may be
hard-coded as described in 224196:
Restricting Active Directory replication
traffic to a specific port.
Application Layer Gateway Service
This subcomponent of the Internet Connection
Sharing (ICS)/Internet Connection Firewall (ICF)
service provides support for plug-ins that
allow network protocols to pass through the
firewall and work behind Internet Connection
Sharing. Application Layer Gateway (ALG)
plug-ins can open ports and change data
(such as ports and IP addresses) that are
embedded in packets. File Transfer Protocol
(FTP) is the only network protocol with a
plug-in that is included with Windows Server
2003, Standard Edition, and Windows Server
2003, Enterprise Edition. The ALG FTP
plug–in is designed to support active FTP
sessions through the network address
translation (NAT) engine that these
components use. The ALG FTP plug–in supports
these sessions by redirecting all traffic
that passes through the NAT and that is
destined for port 21 to a private listening
port in the range of 3000 to 5000 on the
loopback adapter. The ALG FTP plug–in then
monitors and updates FTP control channel
traffic so that the FTP plug-in can forward
port mappings through the NAT for the FTP
data channels. The FTP plug–in also updates
ports in the FTP control channel stream.
ASP.NET State Service
ASP.NET State Service provides support for
ASP.NET out-of-process session states.
ASP.NET State Service stores session data
out-of-process. The service uses sockets to
communicate with ASP.NET that is running on
a Web server.
Certificate Services
Certificate Services is part of the core
operating system. By using Certificate
Services, a business can act as its own
certification authority (CA). In this way,
the business can issue and manage digital
certificates for programs and protocols such
as Secure/Multipurpose Internet Mail
Extensions (S/MIME), Secure Sockets Layer
(SSL), Encrypting File System (EFS), IPsec,
and smart card logon. Certificate Services
relies on RPC and on DCOM to communicate
with clients by using random TCP ports that
are higher than port 1024.
Cluster Service
The Cluster service controls server cluster
operations and manages the cluster database.
A cluster is a collection of independent
computers that act as a single computer.
Managers, programmers, and users see the
cluster as a single system. The software
distributes data among the nodes of the
cluster. If a node fails, other nodes
provide the services and data that was
formerly provided by the missing node. When
a node is added or repaired, the cluster
software migrates some data to that node.
Computer Browser
The Computer Browser system service
maintains an up-to-date list of computers on
your network and supplies the list to
programs that request it. The Computer
Browser service is used by Windows-based
computers to view network domains and
resources. Computers that are designated as
browsers maintain browse lists that contain
all shared resources that are used on the
network. Earlier versions of Windows
programs, such as My Network Places, the
net view command, and Windows Explorer,
all require browsing capability. For
example, when you open My Network Places on
a computer that is running Microsoft Windows
95, a list of domains and computers appears.
To display this list, the computer obtains a
copy of the browse list from a computer that
is designated as a browser.
DHCP Server
The DHCP Server service uses the Dynamic
Host Configuration Protocol (DHCP) to
automatically allocate IP addresses. By
using this service, you can adjust the
advanced network settings of DHCP clients.
For example, you can configure network
settings such as Domain Name System (DNS)
servers and Windows Internet Name Service
(WINS) servers. You can establish one or
more DHCP servers to maintain TCP/IP
configuration information and to provide
that information to client computers.
Distributed File System
The Distributed File System (DFS) integrates
disparate file shares that are located
across a local area network (LAN) or wide
area network (WAN) into a single logical
namespace. The DFS service is required for
Active Directory domain controllers to
advertise the SYSVOL shared folder.
Distributed Link Tracking Server
The Distributed Link Tracking Server system
service stores information so that files
that are moved between volumes can be
tracked to each volume in the domain. The
Distributed Link Tracking Server service
runs on each domain controller in a domain.
This service enables the Distributed Link
Tracking Client service to track linked
documents that have been moved to a location
in another NTFS file system volume in the
same domain.
Distributed Transaction Coordinator
The Distributed Transaction Coordinator (DTC)
system service is responsible for
coordinating transactions that are
distributed across multiple computer systems
and resource managers, such as databases,
message queues, file systems, or other
transaction-protected resource managers. The
DTC system service is required if
transactional components are configured
through COM+. It is also required for
transactional queues in Message Queuing
(also known as MSMQ) and SQL Server
operations that span multiple systems.
DNS Server
The DNS Server service enables DNS name
resolution by answering queries and update
requests for DNS names. DNS servers are
required to locate devices and services that
are identified by using DNS names and to
locate domain controllers in Active
Directory.
Event Log
The Event Log system service logs event
messages that are generated by programs and
by the Windows operating system. Event Log
reports contain information that can be
useful in diagnosing problems. Reports are
viewed in Event Viewer. The Event Log
service writes events that are sent by
programs, by services, and by the operating
system to log files. The events contain
diagnostic information in addition to errors
that are specific to the source program, the
service, or the component. The logs can be
viewed programmatically through the event
log APIs or through the Event Viewer in an
MMC snap-in.
Microsoft Exchange Server and Outlook clients
Versions of Microsoft Exchange Server and
Exchange clients have various port and
protocol requirements. These requirements
depend upon which version of Exchange Server
or Exchange client is in use. 270836 (http://support.microsoft.com/kb/270836/) Exchange Server static port mappings
Outlook 2003 clients support direct
connectivity to Exchange servers by using
RPC. However, these clients can also
communicate with Exchange 2003 servers that
are hosted on Windows Server 2003-based
computers on the Internet. The use of RPC
over HTTP communication between Outlook and
Exchange server eliminates the need to
expose unauthenticated RPC traffic across
the Internet. Instead, traffic between the
Outlook 2003 client and the Exchange Server
2003 computer is tunneled within HTTPS
packets over TCP port 443 (HTTPS). http://www.microsoft.com/exchange/library (http://www.microsoft.com/exchange/library) For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base: 270836 (http://support.microsoft.com/kb/270836/) Exchange 2000 and Exchange 2003 static port mappings 278339 (http://support.microsoft.com/kb/278339/) TCP/UDP ports used by Exchange 2000 Server 280132 (http://support.microsoft.com/kb/280132/) Exchange 2000 Windows 2000 connectivity through firewalls 282446 (http://support.microsoft.com/kb/282446/) DSProxy configuration for static ports on Exchange cluster 827330 (http://support.microsoft.com/kb/827330/) How to troubleshoot client RPC over HTTP connection issues in Office Outlook 2003 833401 (http://support.microsoft.com/kb/833401/) How to configure RPC over HTTP on a single server in Exchange Server 2003 Exchange Server can also provide support for other protocols, such as SMTP, Post Office Protocol 3 (POP3), and IMAP.
Fax Service
Fax Service, a Telephony API (TAPI)–compliant
system service, provides fax capabilities.
By using Fax Service, users can send and
receive faxes from their desktop programs by
using either a local fax device or a shared
network fax device.
File Replication
The File Replication service (FRS) is a
file-based replication engine that
automatically copies updates to files and
folders between computers that are
participating in a common FRS replica set.
FRS is the default replication engine that
is used to replicate the contents of the
SYSVOL folder between Windows 2000-based and
Windows Server 2003-based domain controllers
that are located in a common domain. FRS may
be configured to replicate files and folders
between targets of a DFS root or link by
using the DFS Administration tool.
File Server for Macintosh
By using the File Server for Macintosh
system service, Macintosh computer users can
store and access files on a computer that is
running Windows Server 2003. If this service
is turned off or blocked, Macintosh clients
cannot access or store files on that
computer.
FTP Publishing Service
FTP Publishing Service provides FTP
connectivity. By default, the FTP control
port is 21. However, you can configure this
system service through the Internet
Information Services (IIS) Manager snap-in.
The default data (that is used for active
mode FTP) port is automatically set to one
port less than the control port. Therefore,
if you configure the control port to port
4131, the default data port is port 4130.
Most FTP clients use passive mode FTP. This
means that the client initially connects to
the FTP server by using the control port,
the FTP server assigns a high TCP port
between ports 1025 and 5000, and then the
client opens a second connection to the FTP
server for transferring data. You can
configure the range of high ports by using
the IIS metabase.
Group PolicyTo successfully apply Group Policy, a client must be able to contact a domain controller over the DCOM, ICMP, LDAP, SMB, and RPC protocols. If any one of these protocols are unavailable or blocked between the client and a relevant domain controller, policy will not apply or refresh. For a cross-domain logon, where a computer is in one domain, and the user account is in another, these protocols may be required for the client, the resource domain, and the account domain to communicate. ICMP is used for slow link detection. For more information about slow link detection, click the following article number to view the article in the Microsoft Knowledge Base: 227260 (http://support.microsoft.com/kb/227260/) How a slow link is detected for processing user profiles and Group Policy System service name: Group Policy
HTTP SSL
The HTTP SSL system service enables IIS to
perform SSL functions. SSL is an open
standard for establishing an encrypted
communications channel to help prevent the
interception of critical information, such
as credit card numbers. Although this
service is designed to work on other
Internet services, it is primarily used to
enable encrypted electronic financial
transactions on the World Wide Web (WWW).
You can configure the ports for this service
through the Internet Information Services (IIS)
Manager snap-in.
Internet Authentication Service
Internet Authentication Service (IAS)
performs centralized authentication,
authorization, auditing, and accounting of
users who are connecting to a network. These
users can be on a LAN connection or on a
remote connection. IAS implements the
Internet Engineering Task Force (IETF)
standard Remote Authentication Dial-In User
Service (RADIUS) protocol.
Internet Connection Firewall (ICF)/Internet Connection Sharing (ICS)
This system service provides NAT,
addressing, and name resolution services for
all computers on your home network or your
small-office network. When the Internet
Connection Sharing feature is enabled, your
computer becomes an "Internet gateway" on
the network, and other client computers can
then share one connection to the Internet,
such as a dial-up connection or a broadband
connection. This service provides basic DHCP
and DNS services but will work with the
full-featured Windows DHCP or DNS services.
When ICF and Internet Connection Sharing act
as a gateway for the rest of the computers
on your network, they provide DHCP and DNS
services to the private network on the
internal network interface. They do not
provide these services on the
external-facing interface.
Kerberos Key Distribution Center
When you use the Kerberos Key Distribution
Center (KDC) system service, users can log
on to the network by using the Kerberos
version 5 authentication protocol. As in
other implementations of the Kerberos
protocol, the KDC is a single process that
provides two services: the Authentication
Service and the Ticket-Granting Service. The
Authentication Service issues ticket
granting tickets, and the Ticket-Granting
Service issues tickets for connection to
computers in its own domain.
License Logging
The License Logging system service is a tool
that was originally designed to help
customers manage licenses for Microsoft
server products that are licensed in the
Server Client Access License (CAL) model.
License Logging was introduced with
Microsoft Windows NT Server 3.51. By
default, the License Logging service is
disabled in Windows Server 2003. Because of
legacy design constraints and evolving
license terms and conditions, License
Logging may not provide an accurate view of
the total number of CALs that are purchased
compared to the total number of CALs that
are used on a particular server or across
the enterprise. The CALs that are reported
by License Logging may conflict with the
interpretation of the End-User License
Agreement (EULA) and with Product Use Rights
(PUR). License Logging will not be included
in future versions of the Windows operating
system. Microsoft recommends that only users
of the Microsoft Small Business Server
family of operating systems enable this
service on their servers.
Message Queuing
The Message Queuing system service is a
messaging infrastructure and development
tool for creating distributed messaging
programs for Windows. These programs can
communicate across heterogeneous networks
and can send messages between computers that
may be temporarily unable to connect to each
other. Message Queuing helps provide
security, efficient routing, support for
sending messages within transactions,
priority-based messaging, and guaranteed
message delivery.
Messenger
The Messenger system service sends messages
to or receives messages from users and
computers, administrators, and the Alerter
service. This service is not related to
Windows Messenger. If you disable the
Messenger service, notifications that are
sent to computers or users who are currently
logged on the network are not received.
Additionally, the net send command
and the net name command no longer
function.
Microsoft Exchange MTA Stacks
In Microsoft Exchange 2000 Server and
Microsoft Exchange Server 2003, the Message
Transfer Agent (MTA) is frequently used to
provide backward-compatible message transfer
services between Exchange 2000 Server-based
servers and Exchange Server 5.5-based
servers in a mixed-mode environment.
Microsoft Operations Manager 2000
Microsoft Operations Manager (MOM) 2000
delivers enterprise-class operations
management by providing comprehensive event
management, proactive monitoring and
alerting, reporting, and trend analysis.
After you install MOM 2000 Service Pack 1
(SP1), MOM 2000 no longer uses a clear text
communications channel, and all traffic
between the MOM agent and the MOM server is
encrypted over TCP port 1270. The MOM
Administrator console uses DCOM to connect
to the server. This means that
administrators who manage the MOM server
over the network must have access to random
high TCP ports.
Microsoft POP3 Service
Microsoft POP3 Service provides e-mail
transfer and retrieval services.
Administrators can use this service to store
and manage e-mail accounts on the mail
server. When you install Microsoft POP3
Service on the mail server, users can
connect to the mail server and can retrieve
e-mail by using an e-mail client that
supports the POP3 protocol, such as
Microsoft Outlook.
MSSQLSERVER
MSSQLSERVER is a system service in Microsoft
SQL Server 2000. SQL Server provides a
powerful and comprehensive data management
platform. You can configure the ports that
each instance of SQL Server uses by using
the Server Network Utility.
MSSQL$UDDI
The MSSQL$UDDI system service is installed
during the installation of the Universal
Description, Discovery, and Integration
(UDDI) feature of the Windows Server 2003
family of operating systems. MSSQL$UDDI
provides UDDI capabilities in an enterprise.
The SQL Server database engine is the core
component of MSSQL$UDDI.
Net Logon
The Net Logon system service maintains a
security channel between your computer and
the domain controller to authenticate users
and services. It passes the user's
credentials to a domain controller and
returns the domain security identifiers and
user rights for the user. This is typically
referred to as pass-through authentication.
Net Logon is configured to start
automatically only when a member computer or
domain controller is joined to a domain. In
the Windows 2000 Server and Windows Server
2003 families, Net Logon publishes service
resource locator records in the DNS. When
this service runs, it relies on the Server
service and on the Local Security Authority
service to listen for incoming requests. On
domain member computers, Net Logon uses RPC
over named pipes. On domain controllers, it
uses RPC over named pipes, RPC over TCP/IP,
mailslots, and Lightweight Directory Access
Protocol (LDAP).
NetMeeting Remote Desktop Sharing
The NetMeeting Remote Desktop Sharing system
service allows authorized users to remotely
access your Windows desktop from another
personal computer over a corporate intranet
by using Windows NetMeeting. You must
explicitly enable this service in
NetMeeting. You can disable or shut down
this feature by using an icon in the Windows
notification area.
Network News Transfer Protocol (NNTP)
The Network News Transfer Protocol (NNTP)
system service allows computers that are
running Windows Server 2003 to act as news
servers. Clients can use a news client, such
as Microsoft Outlook Express, to retrieve
newsgroups from the server and to read the
headers or the bodies of the articles in
each newsgroup.
Performance Logs and Alerts
The Performance Logs and Alerts system
service collects, based on preconfigured
schedule parameters, performance data from
local or remote computers and then writes
that data to a log or triggers a message.
Based on the information that is contained
in the named log collection setting, the
Performance Logs and Alerts service starts
and stops each named performance data
collection. This service only runs if at
least one performance data collection is
scheduled.
Print Spooler
The Print Spooler system service manages all
local and network print queues and controls
all print jobs. Print Spooler is the center
of the Windows printing subsystem. It
manages the print queues on the system and
communicates with printer drivers and
input/output (I/O) components, such as the
USB port and the TCP/IP protocol suite.
Remote Installation
You can use the Remote Installation system
service to install Windows 2000, Windows XP,
and Windows Server 2003 on Pre-Boot
eXecution Environment (PXE) remote
boot-enabled client computers. The Boot
Information Negotiation Layer (BINL)
service, the primary component of Remote
Installation Server (RIS), answers PXE
client requests, checks Active Directory for
client validation, and passes client
information to and from the server. The BINL
service is installed when you either add the
RIS component from Add/Remove Windows
Components, or select it when you initially
install the operating system.
Remote Procedure Call (RPC)
The Remote Procedure Call (RPC) system
service is an interprocess communication (IPC)
mechanism that enables data exchange and
invocation of functionality that reside in a
different process. The different process can
be on the same computer, on the LAN, or in a
remote location, and can be accessed over a
WAN connection or over a VPN connection. The
RPC service serves as the RPC endpoint
mapper and Component Object Model (COM)
Service Control Manager. Many services
depend on the RPC service to start
successfully.
Remote Procedure Call (RPC) Locator
The Remote Procedure Call (RPC) Locator
system service manages the RPC name service
database. When this service is turned on,
RPC clients can locate RPC servers. This
service is turned off by default.
Remote Storage Notification
The Remote Storage Notification system
service notifies users when they read from
or write to files that are only available
from a secondary storage media. Stopping
this service prevents this notification.
Remote Storage Server
The Remote Storage Server system service
stores infrequently used files on a
secondary storage medium. If you stop this
service, users cannot move or retrieve files
from the secondary storage media.
Routing and Remote Access
The Routing and Remote Access service
provides multiprotocol LAN-to-LAN,
LAN-to-WAN, VPN, and NAT routing services.
Additionally, the Routing and Remote Access
service also provides dial-up and VPN remote
access services. Although Routing and Remote
Access can use all the following protocols,
the service typically uses only a subset of
them. For example, if you configure a VPN
gateway that lies behind a filtering router,
you will probably use only one technology.
If you use L2TP with IPsec, you must allow
IPsec ESP (IP protocol 50), NAT-T (UDP on
port 4500), and IPsec ISAKMP (UDP on port
500) through the router.
Server
The Server system service provides RPC
support and file, print, and named pipe
sharing over the network. The Server service
allows the sharing of local resources, such
as disks and printers, so that other users
on the network can access them. It also
allows named pipe communication between
programs that are running on the local
computer and on other computers. Named pipe
communication is memory that is reserved for
the output of one process to be used as
input for another process. The
input-accepting process does not have to be
local to the computer.
SharePoint Portal Server
With the SharePoint Portal Server system
service, you can develop an intelligent
portal that seamlessly connects users,
teams, and knowledge so that people can take
advantage of relevant information across
business processes. Microsoft SharePoint
Portal Server 2003 provides an enterprise
business solution that integrates
information from various systems into one
solution through single sign-on and
enterprise application integration
capabilities.
Simple Mail Transfer Protocol (SMTP)
The Simple Mail Transfer Protocol (SMTP)
system service is an e-mail submission and
relay agent. It accepts and queues e-mail
for remote destinations, and it retries at
specified intervals. Windows domain
controllers use the SMTP service for
intersite e-mail-based replication. The
Collaboration Data Objects (CDO) for the
Windows Server 2003 COM component can use
the SMTP service to submit and to queue
outbound e-mail.
Simple TCP/IP ServicesSimple TCP/IP Services implements support for the following protocols:
System service name: SimpTcp
SMS Remote Control Agent
SMS Remote Control Agent is a system service
in Microsoft Systems Management Server (SMS)
2003. SMS Remote Control Agent provides a
comprehensive solution for change and for
configuration management for the Microsoft
operating systems. With this solution,
organizations can provide relevant software
and updates to users.
SNMP Service
SNMP Service allows incoming Simple Network
Management Protocol (SNMP) requests to be
serviced by the local computer. SNMP Service
includes agents that monitor activity in
network devices and report to the network
console workstation. SNMP Service provides a
method of managing network hosts (such as
workstation or server computers, routers,
bridges, and hubs) from a centrally-located
computer that is running network management
software. SNMP performs management services
by using a distributed architecture of
management systems and agents.
SNMP Trap Service
SNMP Trap Service receives trap messages
that are generated by local or by remote
SNMP agents and then forwards those messages
to SNMP management programs that are running
on your computer. SNMP Trap Service, when
configured for an agent, generates trap
messages if any specific events occur. These
messages are sent to a trap destination. For
example, an agent can be configured to
initiate an authentication trap if an
unrecognized management system sends a
request for information. Trap destinations
include the computer name, the IP address,
or the Internetwork Packet Exchange (IPX)
address of the management system. The trap
destination must be a network-enabled host
that is running SNMP management software.
SQL Analysis Server
The SQL Analysis Server system service is a
component of SQL Server 2000. With SQL
Analysis Server, you can create and manage
OLAP cubes and data mining models. The
analysis server may access local or remote
data sources for creating and storing cubes
or data mining models.
SQL Server: Downlevel OLAP Client Support
This system service is used by SQL Server
2000 when the SQL Analysis Server service
has to support connections from downlevel (OLAP
Services 7.0) clients. These are the default
ports for OLAP services that are used by SQL
7.0.
SSDP Discovery Service
SSDP Discovery Service implements Simple
Service Discovery Protocol (SSDP) as a
Windows service. SSDP Discovery Service
manages receipt of device presence
announcements, updates its cache, and passes
these notifications along to clients with
outstanding search requests. SSDP Discovery
Service also accepts registration of event
callbacks from clients, turns these into
subscription requests, and monitors for
event notifications. It then passes these
requests along to the registered callbacks.
This system service also provides hosted
devices with periodic announcements.
Currently, the SSDP event notification
service uses TCP port 5000. Starting with
the next Windows XP service pack, it will
rely on TCP port 2869.
Systems Management Server 2.0Microsoft Systems Management Server (SMS) 2003 provides a comprehensive solution for change and configuration management for Microsoft operating systems. With this solution, organizations can provide relevant software and updates to users quickly and cost-effectively.
TCP/IP Print Server
The TCP/IP Print Server system service
enables TCP/IP–based printing by using the
Line Printer Daemon (LPD) protocol. The LPD
service on the server receives documents
from Line Printer Remote (LPR) utilities
that are running on UNIX computers.
TelnetThe Telnet system service for Windows provides ASCII terminal sessions to Telnet clients. A Telnet server supports two types of authentication and supports the following four types of terminals:
American National Standards Institute
(ANSI) System service name: TlntSvr
Terminal Services
Terminal Services provides a multi-session
environment that allows client devices to
access a virtual Windows desktop session and
Windows-based programs that are running on
the server. Terminal Services allows
multiple users to be connected interactively
to a computer.
Terminal Services Licensing
The Terminal Services Licensing system
service installs a license server and
provides licenses to registered clients when
the clients connect to a terminal server (a
server that has Terminal Server enabled).
Terminal Services Licensing is a low-impact
service that stores the client licenses that
have been issued for a terminal server, and
then tracks the licenses that have been
issued to client computers or terminals.
Terminal Services Session Directory
The Terminal Services Session Directory
system service allows clusters of
load-balanced terminal servers to correctly
route a user's connection request to the
server where the user already has a session
running. Users are routed to the
first-available terminal server, regardless
of whether they are running another session
in the server cluster. The load-balancing
functionality pools the processing resources
of several servers by using the TCP/IP
networking protocol. You can use this
service with a cluster of terminal servers
to increase the performance of a single
terminal server by distributing sessions
across multiple servers. Terminal Services
Session Directory keeps track of
disconnected sessions on the cluster and
makes sure that users are reconnected to
those sessions.
Trivial FTP DaemonThe Trivial FTP Daemon system service does not require a user name or a password and is an integral part of the Remote Installation Services (RIS). The Trivial FTP Daemon service implements support for the Trivial FTP Protocol (TFTP) that is defined by the following RFCs:
RFC 1350 - TFTP
Trivial File Transfer Protocol (TFTP) is a
file transfer protocol that is designed to
support diskless boot environments. The TFTP
service listens on UDP port 69 but responds
from a randomly allocated high port.
Therefore, enabling this port will let the
TFTP service receive incoming TFTP requests,
but will not let the selected server respond
to those requests. The service is free to
respond to any such request from any source
port it wishes, and the remote client will
then use that port for the duration of the
transfer. Communication is bidirectional. If
you need to enable this protocol through a
firewall, it may be useful to open UDP port
69 inbound. You can then rely on other
firewall features, which dynamically allow
the service to respond through temporary
holes on any other port.
Universal Plug and Play Device Host
The Universal Plug and Play Host discovery
system service implements all the components
that are required for device registration,
control, and the response to events for
hosted devices. The information that is
registered that pertains to a device (the
description, the lifetimes, and the
containers) are optionally stored to disk
and are announced on the network after
registration, or when the operating system
restarts. The service also includes the Web
server that serves the device, in addition
to service descriptions and a presentation
page.
Windows Internet Name Service (WINS)
Windows Internet Name Service (WINS) enables
NetBIOS name resolution. This service helps
you locate network resources by using
NetBIOS names. WINS servers are required
unless all domains have been upgraded to the
Active Directory directory service and
unless all computers on the network are
running Windows 2000 or later. WINS servers
communicate with network clients by using
NetBIOS name resolution. WINS replication is
only required between WINS servers.
Windows Media ServicesWindows Media Services in Windows Server 2003 replaces the following four services that are included in Windows Media Services versions 4.0 and 4.1:
Windows Media Monitor Service
Windows Media Services is now a single
service that runs on Windows Server 2003,
Standard Edition; Windows Server 2003,
Enterprise Edition; and Windows Server 2003,
Datacenter Edition. Its core components were
developed by using the COM, and it has a
flexible architecture that you can customize
for specific programs. It supports a greater
variety of control protocols, including Real
Time Streaming Protocol (RTSP), Microsoft
Media Server (MMS) protocol, and HTTP.
Windows Time
The Windows Time system service maintains
date and time synchronization on all Windows
XP and Windows Server 2003-based computers
on a network. This service uses Network Time
Protocol (NTP) to synchronize computer
clocks so that an accurate clock value, or
timestamp is assigned for network validation
and for resource access requests. The
implementation of NTP and the integration of
time providers help make Windows Time a
reliable and scalable time service for your
enterprise. For computers that are not
joined to a domain, you can configure
Windows Time to synchronize time with an
external time source. If this service is
turned off, the time setting for local
computers is not synchronized with a time
service in the Windows domain or with an
externally configured time service. Windows
Server 2003 uses NTP. NTP runs on UDP port
123. The Windows 2000 version of this
service uses Simple Network Time Protocol (SNTP).
SNTP also runs on UDP port 123.
World Wide Web Publishing Service
World Wide Web Publishing Service provides
the infrastructure that is necessary to
register, to manage, to monitor, and to
serve Web sites and programs that are
registered with IIS. This system service
contains a process manager and a
configuration manager. The process manager
controls the processes where custom
applications and Web sites reside. The
configuration manager reads the stored
system configuration for World Wide Web
Publishing Service and makes sure that
Http.sys is configured to route HTTP
requests to the appropriate application
pools or operating system processes. You can
configure the ports that are used by this
service through the Internet Information
Services (IIS) Manager snap-in. If the
administrative Web site is enabled, a
virtual Web site is created that uses HTTP
traffic on TCP port 8098.
Ports and protocolsThe following table summarizes the information from the "System services ports" section of this article. This table is sorted by port number instead of by the service name.
Active Directory port and protocol requirements
Application servers, client computers and
domain controllers that are located in
common or external forests have service
dependencies so that user and computer
initiated operations like domain join, logon
authentication, remote administration, and
Active Directory replication work correctly.
Such services and operations require network
connectivity over specific port and
networking protocols.
|
|
|
Questions or problems regarding this
Computer Help Forum
should
be directed to
[email protected]
|
