[Webinar] Streamline your web hosting managementRegister Today

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 305
  • Last Modified:

Is there a group policy that will remove the "server" service from the list of Windows services on a Windows XP SP 3 computer?

Is there a group policy that will remove the "server" service from the list of Windows services on a Windows XP SP 3 computer?

If so, how can this Group Policy be enabled on Server 2003 or Server 2008 Active Directory domain?

The users in my organization are required to have administrator rights on their computers. There is no way I can take these rights away from them.

However, our company policy prohibits users from sharing anything on their computers with other domain users.

The only way to effectively enforce this policy is to remove (or at least disable) the server service on the user’s Windows XP, Windows Vista, and Windows 7 computers.

All of the users in my IT consulting company are very computer literate and know how to turn Windows services on and off.

However, I am the only one with domain administrator rights, so I will be able to block these types of things out with a properly implemented group policy.

Is there any group policy or other option that will enable me to do this?
2 Solutions
Yes, you can create a GPO - Group Policy Object for this.

What you need to do is create OU and add all the user's PCs into this OU. The next step then is to create the GPO and give this a discriptive name such as Windows "Server" Service Disabled so any other engineer will know what this is for future reference.

Now you need to edit the GPO. Go to Computer Configuration > Windows Settings > System Services > In the right hand pane scroll down the Server Service. Right click on the Server Service and select properties and then click Define this policy setting and tick the radio button on Disabled.

The next step is to link the GPO to the OU that you created. Then open the command prompt and type gpupdate /force and press enter. This will become effective the next time users logoff and then log back on.

Test this out first and see how it goes and if there are any problems please let me know.


Not sure offhand how to strictly disable access to certain services.

But you can deploy a logon script which executes the following :

sc config LanmanServer start= disabled (note the space between = and disabled)

However a user may open up services and turn it back on for the session. You could prevent MMC access if appropriate to prevent it. If they are savvy they could also open up a dos prompt and issue a variation of the command above. What are the odds ? Not sure


Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now