Solved

Prevent Service Removal

Posted on 2006-07-05
5
644 Views
Last Modified: 2012-06-27
Is there any way in Windows XP to prevent someone who has domain admin rights to remotely stop/uninstall a service running on my computer?
0
Comment
Question by:Mustadio
  • 3
5 Comments
 
LVL 9

Expert Comment

by:bigjimbo813
ID: 17045869
disable your admin shares. They can re-enable them through domain GPO.

Other option would be to firewall your computer.

I dont reccomend this if your not a Domain Admin yourself.
0
 
LVL 24

Expert Comment

by:Kenneniah
ID: 17045888
Technically yes, there are ways. However I will not post any, first of all because I have no way of knowing if you have a valid reason to override your Domain Admins. And second, even if you did, posting this kind of information here could allow someone else to override their company's policies.

If you have a specific valid reason for this, you should talk to your IT department about your concerns. In my company, any attempt such as this to block Domain Admins, Group Policy, and/or any security procedures is grounds for termination.
0
 

Author Comment

by:Mustadio
ID: 17046037
I am domain admin too.
We have a service running on our computers.  When a domain admin connects to someone's computer and disconnects, it removes the service.  However, we want to be able to prevent this service removal from Domain Admins' computers without enabling/disabling this feature every time.
0
 
LVL 24

Accepted Solution

by:
Kenneniah earned 75 total points
ID: 17046169
Ok, that makes sense. That's strange that it gets removed though. Does the service actually get deleted or just stopped?

Either way, setting the security descriptor for the service should take care of it.
Using sc.exe....
sc <server> sdset <service name> <SD in SDDL format>

One way to figure out the SDDL you need is to open Security Templates in mmc, and make a new template. In that template, go to "System Services" and pick any service and set security as desired. (Remove delete rights from administrators etc.). Then save the template and open it with notepad to copy the SDDL from it.
0
 
LVL 24

Expert Comment

by:Kenneniah
ID: 17046198
Or if that service shows up in Security Templates (basically if that service is installed on the system you are running the mmc on), set up security for the service there blocking admins from deleting and/or stopping if necessary.

Then deploy either using it directly in a GPO, or copying and running secedit as outlined at http://www.windowsecurity.com/articles/Baselining-Security-Templates.html
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question