2.7 Given a scenario, apply workstation security options and hardening techniques.
📘CompTIA A+ Core 2 (220-1202)
In a computer, services are background programs that run to provide specific functions. For example, a service might allow printing, network file sharing, email, or automatic updates.
However, not all services are needed all the time. Some services may be unused or unnecessary in certain environments. Leaving these services running can increase security risks and slow down the system. Therefore, disabling unused services is an important part of workstation security and hardening.
Why Disable Unused Services?
- Reduce Security Risks
- Each running service is a potential target for attackers.
- Example: If a computer has a remote desktop service running but no one uses it, an attacker could exploit it to gain access.
- Disabling unnecessary services reduces the number of entry points for attackers.
- Improve System Performance
- Services consume system resources (CPU, memory).
- Turning off services you don’t need can make the system faster and more responsive.
- Simplify System Management
- Fewer active services make troubleshooting easier.
- You have better control over which features are running on the workstation.
Common Windows Services You Might Disable (If Not Needed)
Note: Only disable services you know are not required for your environment. Some are critical for system operation.
| Service | Purpose | When to Disable |
|---|---|---|
| Print Spooler | Manages printing tasks | If the computer doesn’t need to print |
| Remote Desktop / Remote Registry | Allows remote access | If no remote management is required |
| Bluetooth Support | Manages Bluetooth devices | On PCs without Bluetooth or if not used |
| Fax | Manages faxing | On computers not using fax functionality |
| Windows Media Player Network Sharing | Shares media over network | If media sharing is not required |
| Telnet / FTP Services | Allows remote connections | Disable in modern secure environments; use SSH or SFTP if needed |
How to Disable Unused Services in Windows
There are two main ways to disable services:
1. Using Services Console
- Press Windows + R, type
services.msc, and press Enter. - In the Services window, find the service you want to disable.
- Right-click → Properties.
- Set Startup type to Disabled.
- Click Stop if the service is currently running.
- Click OK to save.
2. Using Task Manager
- Press Ctrl + Shift + Esc to open Task Manager.
- Go to the Services tab.
- Right-click the service → Stop to temporarily stop it.
- For permanent disabling, go through Services Console as above.
How to Decide Which Services to Disable
- Ask yourself: “Do I need this service to perform my daily tasks?”
- Critical services to keep running: Windows Update, antivirus services, network services required for your work, print spooler if printing is needed.
- Services to consider disabling: Features or protocols not used in your environment, like old networking protocols (Telnet, FTP), fax, Bluetooth if not used, and media sharing.
✅ Tip for Exam: Remember the goal is security hardening. Anything that is not used but running is a potential vulnerability, so disabling it makes the system safer.
Key Points for CompTIA Exam
- Definition: Services are background processes that provide functions like networking, printing, and remote management.
- Purpose of disabling unused services: Reduce security risks, improve performance, simplify system management.
- Tools used:
services.msc(Services console), Task Manager, or PowerShell commands. - Best practice: Only disable services that are not needed. Some services are critical to the operating system.
Quick Memory Aid
- Security → Reduce attack surface
- Performance → Free resources
- Simplicity → Easier management
Think: SPS → Security, Performance, Simplicity.
This covers everything you need to know for the exam under 2.7: Apply workstation security options and hardening techniques → Disable unused services.
