Disabling “unnecessary” services on a system is sometimes a very subjective process. If you were in the IT field in 2003, then you most likely remember the critical hotfix (MS03-043) that was released for a vulnerability in the Messenger service. Since that patch, many (if not most) environments have made disabling that service a standard practice. Other services are also turned off, based on the server’s role, whether it is in the DMZ or on the Internal network etc. This is all part of good system configuration and maintenance – in terms of both reducing the attack surface and eliminating unnecessary overhead.