AManoux
asked on
Group Policy permissions for Windows System Services
I am trying to use an Active Directory GPO to restrict the ability for users to stop a Windows System service. The Windows service currently runs under the LOCAL SYSTEM account. In the GPO setting for the service under the Security configuration I have allowed the SYSTEM builtin group account Full permissions and INTERACTIVE builtin group account Read permissions. The service is set to "Automatic" startup. However, now the service no longer starts on the users' computers and if they try to start the service they receive an "Access Denied" error message, which is expected since I've removed their ability to start or stop the service themselves. However, I still need the service to start automatically under the Local System account. What permissions am I missing from the GPO?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Answer partially correct.
ASKER