how to stop users from stopping radmin server or change settings using GPO?

how can i stop users from stopping radmin server or change settings using GPO?
in other words, i want to deploy the radmin server 3.1 in my organization but i don't want users to be able to stop the radmin server or change the settings.
is it possible to do so from the group policy?
or can i modify the radmin msi file to do that?
help please.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Vadim RappCommented:
> or can i modify the radmin msi file to do that?

In MSI by limiting permissions on the installed files, so if stopping the server involves running some program, or modifying files involves editing a file, that's who it's possible. But local admin users probably still can kill any process from task manager. For more detailed answer, you'll have to explain how it is possible to stop your radmin server and how to change the settings.
DAL_GroupAuthor Commented:
you can either right click the icon on the tray and then click "Stop radmin server" or "settings for Radmin server".
and another way: go to all programs => Radmin server 3 => Stop radmin server or settings for Radmin server.

i don't want users to be able to do that.
thank you for the help.

Vadim RappCommented:
I think, only if radmin server¹ has setting like "show tray icon". If that setting exists and is controlled by registry setting, then it's possible to create transform with that registry setting, so when it's installed, it does not show tray icon.

¹) of which I have no idea
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

DAL_GroupAuthor Commented:
it doesn't have such a setting.
but even if it does how can i change the registry from the GPO?
when i go to Computer configurations => windows settings => security settings => registry, and i right click it then click add key, it gives me the keys without the ability to modify them.
i want to add the registry key because i can modify its security settings, take all privileges from the users and just give them to the administrators, but nothing happened.
see the photo attached.
Vadim RappCommented:
You don't change registry setting from GPO. You would alter installation package so that the installation would install that registry setting. For that, you would create so called Transform, which would be then deployed along with the installation - see tab "modifications" in the deployment package. But if there's no such setting in the program, there's absolutely nothing you can do. If the program is programmed to do X no matter what, then the only way to preclude it  from that is not to run the program. Even if you somehow managed to block program's access to the tray, it would almost certainly crash, since it's programmed to use it.
Vadim RappCommented:
...speaking of configuring registry access in GPO - even though it's not hte best idea (transform would be better), I don't see why it wouldn't work. I actually was able to configure security for any key I wanted.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DAL_GroupAuthor Commented:
this is exactly what i did, but it gave me a mixed results, some users in a specific computers can stop the server and some can't.
i'm totally lost.
but thank you for the help.
Vadim RappCommented:
on the computers where users were able to make the change when they shouldn't, I would verify the actual permissions in regedit, and tried to make the change by regedit manually. If they can't but still were able to change settings of the program, it only means that the settings are elsewhere. I would then use filemon or regmon monitoring writes during the change to find out where.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.