Solved

Prevent Service Removal

Posted on 2006-07-05
5
641 Views
Last Modified: 2012-06-27
Is there any way in Windows XP to prevent someone who has domain admin rights to remotely stop/uninstall a service running on my computer?
0
Comment
Question by:Mustadio
  • 3
5 Comments
 
LVL 9

Expert Comment

by:bigjimbo813
ID: 17045869
disable your admin shares. They can re-enable them through domain GPO.

Other option would be to firewall your computer.

I dont reccomend this if your not a Domain Admin yourself.
0
 
LVL 24

Expert Comment

by:Kenneniah
ID: 17045888
Technically yes, there are ways. However I will not post any, first of all because I have no way of knowing if you have a valid reason to override your Domain Admins. And second, even if you did, posting this kind of information here could allow someone else to override their company's policies.

If you have a specific valid reason for this, you should talk to your IT department about your concerns. In my company, any attempt such as this to block Domain Admins, Group Policy, and/or any security procedures is grounds for termination.
0
 

Author Comment

by:Mustadio
ID: 17046037
I am domain admin too.
We have a service running on our computers.  When a domain admin connects to someone's computer and disconnects, it removes the service.  However, we want to be able to prevent this service removal from Domain Admins' computers without enabling/disabling this feature every time.
0
 
LVL 24

Accepted Solution

by:
Kenneniah earned 75 total points
ID: 17046169
Ok, that makes sense. That's strange that it gets removed though. Does the service actually get deleted or just stopped?

Either way, setting the security descriptor for the service should take care of it.
Using sc.exe....
sc <server> sdset <service name> <SD in SDDL format>

One way to figure out the SDDL you need is to open Security Templates in mmc, and make a new template. In that template, go to "System Services" and pick any service and set security as desired. (Remove delete rights from administrators etc.). Then save the template and open it with notepad to copy the SDDL from it.
0
 
LVL 24

Expert Comment

by:Kenneniah
ID: 17046198
Or if that service shows up in Security Templates (basically if that service is installed on the system you are running the mmc on), set up security for the service there blocking admins from deleting and/or stopping if necessary.

Then deploy either using it directly in a GPO, or copying and running secedit as outlined at http://www.windowsecurity.com/articles/Baselining-Security-Templates.html
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Migration of Exchange mailbox can be done with the ExProfre.exe tool. But at times, when the ExProfre.exe tool migrates the Exchange Server user profile, it results in numerous synchronization problems. Synchronization error messages appear in the e…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now