Remove unnecessary windows components
To reduce the attack surface of the Cisco TMS server, ensure that Windows Components that are not
required by Cisco TMS are not installed.
Go to Windows Start > Control Panel >Add or Remove Programs > Add/Remove Windows
Components. The following table lists the Windows Components. An N in the Include column
indicates that the component should be unchecked in the Windows Components Wizard. To display
subcomponents, highlight the Windows Component and click the Details button.
Table 2 Windows components
Component
Accessories and Utilities
Application Server
Certificate Services
E-mail Services
Fax Services
Indexing Services
Internet Explorer Enhanced Security
Configuration
Management and Monitoring Tools
Networking Services
Other Network and File Services
Remote Installation Services
Remote Storage
Security Configuration Wizard
Terminal Server
Terminal Services Licensing
UDDI Services
Update Root Certificates
Cisco TMS Secure Server Configuration Guide 13.0
Subcomponent
Application Server Console
ASP.NET
Enable network COM+ access
Enable network DTC access
Internet Information Services
Message Queuing
For administrator groups
For all other user groups
Connection Manager Administration
Kit
Connection Point Services
Network Monitor Tools
Simple Network Management
Protocol
WMI SNMP Provider
WMI Windows Installer Provider
Securing Windows Server 2003 tasks
Include
N
N
Y
Y
N
Y (see second
table for details)
N
N
N
N
N
Y
Y
N
N
N
Y
N
N
N
N
N
N
Y
N
N
N
Y
Page 14 of 34