Solved

Prevent Service Removal

Posted on 2006-07-05
5
645 Views
Last Modified: 2012-06-27
Is there any way in Windows XP to prevent someone who has domain admin rights to remotely stop/uninstall a service running on my computer?
0
Comment
Question by:Mustadio
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 9

Expert Comment

by:bigjimbo813
ID: 17045869
disable your admin shares. They can re-enable them through domain GPO.

Other option would be to firewall your computer.

I dont reccomend this if your not a Domain Admin yourself.
0
 
LVL 24

Expert Comment

by:Kenneniah
ID: 17045888
Technically yes, there are ways. However I will not post any, first of all because I have no way of knowing if you have a valid reason to override your Domain Admins. And second, even if you did, posting this kind of information here could allow someone else to override their company's policies.

If you have a specific valid reason for this, you should talk to your IT department about your concerns. In my company, any attempt such as this to block Domain Admins, Group Policy, and/or any security procedures is grounds for termination.
0
 

Author Comment

by:Mustadio
ID: 17046037
I am domain admin too.
We have a service running on our computers.  When a domain admin connects to someone's computer and disconnects, it removes the service.  However, we want to be able to prevent this service removal from Domain Admins' computers without enabling/disabling this feature every time.
0
 
LVL 24

Accepted Solution

by:
Kenneniah earned 75 total points
ID: 17046169
Ok, that makes sense. That's strange that it gets removed though. Does the service actually get deleted or just stopped?

Either way, setting the security descriptor for the service should take care of it.
Using sc.exe....
sc <server> sdset <service name> <SD in SDDL format>

One way to figure out the SDDL you need is to open Security Templates in mmc, and make a new template. In that template, go to "System Services" and pick any service and set security as desired. (Remove delete rights from administrators etc.). Then save the template and open it with notepad to copy the SDDL from it.
0
 
LVL 24

Expert Comment

by:Kenneniah
ID: 17046198
Or if that service shows up in Security Templates (basically if that service is installed on the system you are running the mmc on), set up security for the service there blocking admins from deleting and/or stopping if necessary.

Then deploy either using it directly in a GPO, or copying and running secedit as outlined at http://www.windowsecurity.com/articles/Baselining-Security-Templates.html
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Dell XPS 1640 Laptop motherboard replacement 31 181
XP Install woes 17 119
Remote Exchange powershell-ing 25 125
Event ID: 5719 / Source: NETLOGON 9 182
Disclosure: Use this tutorial only when no other options helps to get Windows XP running without any problems and you don't want to format the drive. The back up of the data is the responsible of the user, however there is a description of how t…
We have adopted the strategy to use Computers in Student Labs as the bulletin boards. The same target can be achieved by using a Login Notice feature in Group policy but it’s not as attractive as graphical wallpapers with message which grabs the att…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question