Win7 Ultimate 64 bit Services to Disable



  • I have decided not to migrate to Ubuntu at the moment, simply because all my work is on Win 7 (6 computers) and I don't have time to ascend yet another learning curve.

    Now, I have just installed the latest version of pfSense (2.1.4) and was wondering which Windows services I should disable and turn over to pfSense.

    (I could add more specificity to my question but will keep it quite general for now.)

    Btw, you folks are really tolerant of newbie questions and most helpful. For what it's worth, I have found Linux and pfSense guys tend to be a cut above, if I'm not being socially inappropriate in saying so.  ???



  • Your Windows domain relies on an AD controller, and AD relies on DNS.  You're better off leaving your Windows domain controller to handle DNS and DHCP.

    Edit: I just re-read this again and realized that you weren't talking about a domain environment.  The only overlap between Windows 7 and pfSense is the firewall, and you should leave your Windows firewall on unless you have a good reason to disable it.  Multiple layers of security and such.



  • Multiple layers of security

    You sound like my Cisco instructor, who really drills that into us.  :)

    I was actually wondering more about the NAT. Disable in Win7 or let Win7 NAT duke it out with NAT in pfSense?



  • What specifically are you talking about when you refer to NAT and Windows 7?



  • Win7 has a built-in NAT as does pfSense. My question is why would I keep both enabled?

    Well, recently and since I've installed pfSense, I'm having the oddest problems with my Win7 Work Group network. One example: Right now I only have 2 computers up and running, one says it's on Network 4 and the other says it's on Network 2. The computer on Network 4 can see the directories on Network 2, but not vice versa. Other network screwups as well, but that's one right now.

    So often, I need to open "Network and Sharing" and have Windows diagnose and repair the problems. Logic tells me that there must be too many variables in play such that both pfSense and Windows (on each computer) are battling for control.

    That situation is discussed over at Practically Networked http://www.practicallynetworked.com/networking/fixing_double_nat.htm

    Also here http://superuser.com/questions/88049/translate-port-for-two-clients-accessing-the-same-resource-on-a-remote-network-u

    Disclaimer: I have not gotten deeply into pfSense yet, so that may be a factor.



  • @incurablegeek:

    Win7 has a built-in NAT as does pfSense. My question is why would I keep both enabled?

    Windows 7 does nat …..
    Well, I learned something ......

    Let's say it this way:
    By a new computer with Windows 7 installed.
    Start it up.
    Give it a name and a network neighborhood name.
    Hook it up to your LAN (LAN handled by pfSEnse).
    Surf on the net.

    @incurablegeek:

    Well, recently and since I've installed pfSense, I'm having the oddest problems with my Win7 Work Group network. One example: Right now I only have 2 computers up and running, one says it's on Network 4 and the other says it's on Network 2. The computer on Network 4 can see the directories on Network 2, but not vice versa. Other network screwups as well, but that's one right now.

    This strange Windows network naming issue isn't really one.
    Windows just identified a "new gateway" (your pfSEnse box) and gives it a generated name.
    It start with "Network 1", etc.
    The next time, when you hook it up to another network (or: you changed the router for pfSEnse), the network name will change.
    This name isn't really important for end users and has nothing to do with network sharing.

    @incurablegeek:

    So often, I need to open "Network and Sharing" and have Windows diagnose and repair the problems. Logic tells me that there must be too many variables in play such that both pfSense and Windows (on each computer) are battling for control.

    Internet access boxesand such, pfSEnse, do NOT take part in the neighborhood network concept.
    The neighborhood is being handled by all your PC's behind the switch - pfSEnse doesn't even 'speak' 'Window neighborhood ' language - and you are advised to block all "neighborhood" communication so it doesn't ends up on the WAN …
    Concrete example:
    Give tour Windows 7 each a "fixed IP" (no DHCP).
    Hook them all up together - without any pfSEnse or router or modem, or what so ever.
    This means : your mini network has no Internet connection.
    But neighborhood network works.



  • Gertjan, you helped me on another thread. Much appreciate.

    Give your Windows 7 each a "fixed IP" (no DHCP).

    Now that is an interesting idea. Give each of my computers and end devices a static IP. That would eliminate the need for NAT on the Windows computers and surrender it to pfSense where I think NAT, etc. belongs.

    Is that what you are saying?

    Some background on my "present" (definitely will change) setup: WAN through pfSense Network Appliance out single LAN NIC to Cisco SG300 10 port Managed Switch out to each computer and end device. Have 2 more NIC's in the pfSense box (not yet being used).


Log in to reply