<div>
Thanks. &nbsp;Looks like all permissions you listed were correct except Interactive. &nbsp;If you set it to Full Access then the logged in user has permissions to stop the service. &nbsp;Changed Interactive to just have Read permissions.
</div>


Thanks.  Looks like all permissions you listed were correct except Interactive.  If you set it to Full Access then the logged in user has permissions to stop the service.  Changed Interactive to just have Read permissions.

<div>
<div class="content wysiwyg-content">
I am trying to use an Active Directory GPO to restrict the ability for users to stop a Windows System service. &nbsp; The Windows service currently runs under the LOCAL SYSTEM account. In the GPO setting for the service under the Security configuration I have allowed the SYSTEM builtin group account Full permissions and INTERACTIVE builtin group account Read permissions. &nbsp;The service is set to &quot;Automatic&quot; startup. &nbsp;However, now the service no longer starts on the users' computers and if they try to start the service they receive an &quot;Access Denied&quot; error message, which is expected since I've removed their ability to start or stop the service themselves. &nbsp;However, I still need the service to start automatically under the Local System account. &nbsp; What permissions am I missing from the GPO?
</div>
</div>


I am trying to use an Active Directory GPO to restrict the ability for users to stop a Windows System service.   The Windows service currently runs under the LOCAL SYSTEM account. In the GPO setting for the service under the Security configuration I have allowed the SYSTEM builtin group account Full permissions and INTERACTIVE builtin group account Read permissions.  The service is set to "Automatic" startup.  However, now the service no longer starts on the users' computers and if they try to start the service they receive an "Access Denied" error message, which is expected since I've removed their ability to start or stop the service themselves.  However, I still need the service to start automatically under the Local System account.   What permissions am I missing from the GPO?

Group Policy permissions for Windows System Services

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

OS Security

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.