Windows Services Permissions
- From: "Craig Mann" <craig.cm@xxxxxxxxxxxxxx>
- Date: Fri, 21 Oct 2005 12:13:54 +0100
Here's a question ...
Is it possible to deny a network of users access to their local services ie;
so that they cannot stop or start any services on their computer but still
allow the service to start so that it's associate application can run.
The scenario here is we have corporate anti-virus software installed and
some of our users don't like this because they feel the antivirus solution
slows down their computer and to get around this they disable the antivirus
service that runs the antivirus software.
What I would like to do is define a policy in the GPMC (Group Policy
Management Console - Windows 2003 Server) to prevent all users on the
network access to the antivirus service on their computer. I tested this
quite recently by defining a GPO for the services and setting Everyone deny
rights to the antivirus service. When the group policy got updated, nobody
had access to the service (which was a good thing) but, the antivirus
service also failed to run which resulted in the antivirus software not
performing as it should.
The antivirus services mainly uses the LocalSystem account. Can anyone
suggest if it's possible to alter the service's permissions in such a way by
defining a GPO to prevent user access to stop/start the service but allowing
it to start when the operating system loads so that the antivirus program
still runs as expected?
Regards
Craig
.
- Follow-Ups:
- Re: Windows Services Permissions
- From: Miha Pihler [MVP]
- Re: Windows Services Permissions
- Prev by Date: Re: Windows 2003 - SP1 - Network issue ? Help required
- Next by Date: Re: Cannot ping DC server
- Previous by thread: Incoming connections via modem - number of rings
- Next by thread: Re: Windows Services Permissions
- Index(es):
Relevant Pages
|
