![]() Perfomon.exeResource and Performance Monitor runs only if perfomance monitoring is on, not critical Winlogon.exeWindows Logon Application critical to maintain user sessions Wininit.exeWindows Start-Up Application critical SystemNT Kernel & System yes indeed pretty critical ) Net.TCP Port Sharing Service, as far as I know related to UAC Ism.exe (RDP Clip Monitor) Local Session Manager critical Isass.exeLocal Security Authority Process critical LogonUI.exeWindows Logon User Interface Host as far as I know, only used for RDP sessions Inetinfo.exeInternet Information Services IIS 7.0 only needed for webservers with IIS I've added some comments on your list below:Ĭsrss.exeClient Server Runtime Process indeed criticalĭwm.exeDesktop Window Manager only needed when GUI is a requirement, runs as the logged on userĮxplorer.exeWindows Explorer only needed when GUI is a requirement, runs as the logged on user You might focus on processes launched by the system account, the network service account, the local service account or any configured service account on the server On the delivered service what proceses are critical.Īn angle of attack might be to install the server(s) with their critical services and then list the processes remotely (without logging on!) using a tool like pslist.exe You should first define what you think is a critical proces: for example in your list, explorer.exe and inetinfo.exe are not really critical fo the OS to run.Įven more, explorer.exe is a user-proces that only runs for a logged on user (which might be critical if is a terminal server) and that is not needed even when a user is logged on (you can try: logon, open task manger and kill explorer.exe).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |