Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Prevent Service Removal

Posted on 2006-07-05
5
Medium Priority
?
651 Views
Last Modified: 2012-06-27
Is there any way in Windows XP to prevent someone who has domain admin rights to remotely stop/uninstall a service running on my computer?
0
Comment
Question by:Mustadio
  • 3
5 Comments
 
LVL 9

Expert Comment

by:bigjimbo813
ID: 17045869
disable your admin shares. They can re-enable them through domain GPO.

Other option would be to firewall your computer.

I dont reccomend this if your not a Domain Admin yourself.
0
 
LVL 24

Expert Comment

by:Kenneniah
ID: 17045888
Technically yes, there are ways. However I will not post any, first of all because I have no way of knowing if you have a valid reason to override your Domain Admins. And second, even if you did, posting this kind of information here could allow someone else to override their company's policies.

If you have a specific valid reason for this, you should talk to your IT department about your concerns. In my company, any attempt such as this to block Domain Admins, Group Policy, and/or any security procedures is grounds for termination.
0
 

Author Comment

by:Mustadio
ID: 17046037
I am domain admin too.
We have a service running on our computers.  When a domain admin connects to someone's computer and disconnects, it removes the service.  However, we want to be able to prevent this service removal from Domain Admins' computers without enabling/disabling this feature every time.
0
 
LVL 24

Accepted Solution

by:
Kenneniah earned 300 total points
ID: 17046169
Ok, that makes sense. That's strange that it gets removed though. Does the service actually get deleted or just stopped?

Either way, setting the security descriptor for the service should take care of it.
Using sc.exe....
sc <server> sdset <service name> <SD in SDDL format>

One way to figure out the SDDL you need is to open Security Templates in mmc, and make a new template. In that template, go to "System Services" and pick any service and set security as desired. (Remove delete rights from administrators etc.). Then save the template and open it with notepad to copy the SDDL from it.
0
 
LVL 24

Expert Comment

by:Kenneniah
ID: 17046198
Or if that service shows up in Security Templates (basically if that service is installed on the system you are running the mmc on), set up security for the service there blocking admins from deleting and/or stopping if necessary.

Then deploy either using it directly in a GPO, or copying and running secedit as outlined at http://www.windowsecurity.com/articles/Baselining-Security-Templates.html
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We have adopted the strategy to use Computers in Student Labs as the bulletin boards. The same target can be achieved by using a Login Notice feature in Group policy but it’s not as attractive as graphical wallpapers with message which grabs the att…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question