Creating a GPO to Disable Services on Windows Servers |
Jul
14
|
« DCPROMO on Windows Server 2008 | How to Configure IIS SMTP Server to forward emails using a Gmail account » |
I have 5 SharePoint Servers; I would like to disable a couple unused and unnecessary services on all of them.
Create Organizational Unit (OU)
The first thing I am going to do is create an OU (Organizational Unit) in AD and add these servers to the OU
Within “Active Directory Users and Computers” right click the domain
Choose “New”
Choose “Organizational Unit”
To read more about creating basic OU structures please read: http://technet.microsoft.com/en-us/library/cc728229%28WS.10%29.aspx
I am going to call this OU “SharePoint Servers” since this is for my SharePoint Servers
Press “OK”
I dragged and dropped my five SharePoint farm servers from the Computer container to the SharePoint Servers OU
Select the “SharePoint Servers” and verify the servers are in the OU
Create Group Policy Object (GPO)
To read more about GPO’s please read: http://technet.microsoft.com/en-us/library/cc782678%28WS.10%29.aspx
From the Administrative Tools menu choose “Group Policy Management”
Expand the Domain and Select the OU, in this case I am Selecting “SharePoint Servers”
Right Click and select “Create a GPO in this domain, and Link it hereÔò¼├┤Ôö£├ºÔö¼┬¼”
We will name this GPO “Disable Services”
Press “OK”
The New GPO will show up in the SharePoint Server OU on the right side of the screen where the list of GPO’s are located
Right Click and select “Edit”
Navigate to Computer Configuration > Windows Settings > System Services
Double click the Service which you wish to change
Check on “Define this policy setting” and select “Disabled”
Press “OK”
Repeat this process for all services you wish to disable.
Repeat the last step for all services you wish to disable.
Close out of the Group Policy Management Editor
Close out of the Group Policy Management Console
Testing
Service before GPO
I rebooted the server and the GPO was applied
I usually disable the following services on Windows Server 2008, for Windows 2003 Server there are a lot more services you can disable, which includes my favorite “Windows Audio”, why in the world would you need this running on a server?
- DHCP Client
- Print Spooler
- Windows Firewall