Is there a group policy that will remove the "server" service from the list of Windows services on a Windows XP SP 3 computer?

Posted on 2011-04-29
Last Modified: 2012-05-11
Is there a group policy that will remove the "server" service from the list of Windows services on a Windows XP SP 3 computer?

If so, how can this Group Policy be enabled on Server 2003 or Server 2008 Active Directory domain?

The users in my organization are required to have administrator rights on their computers. There is no way I can take these rights away from them.

However, our company policy prohibits users from sharing anything on their computers with other domain users.

The only way to effectively enforce this policy is to remove (or at least disable) the server service on the user’s Windows XP, Windows Vista, and Windows 7 computers.

All of the users in my IT consulting company are very computer literate and know how to turn Windows services on and off.

However, I am the only one with domain administrator rights, so I will be able to block these types of things out with a properly implemented group policy.

Is there any group policy or other option that will enable me to do this?
Question by:Knowledgeable
    LVL 15

    Accepted Solution

    Yes, you can create a GPO - Group Policy Object for this.

    What you need to do is create OU and add all the user's PCs into this OU. The next step then is to create the GPO and give this a discriptive name such as Windows "Server" Service Disabled so any other engineer will know what this is for future reference.

    Now you need to edit the GPO. Go to Computer Configuration > Windows Settings > System Services > In the right hand pane scroll down the Server Service. Right click on the Server Service and select properties and then click Define this policy setting and tick the radio button on Disabled.

    The next step is to link the GPO to the OU that you created. Then open the command prompt and type gpupdate /force and press enter. This will become effective the next time users logoff and then log back on.

    Test this out first and see how it goes and if there are any problems please let me know.


    LVL 1

    Assisted Solution

    Not sure offhand how to strictly disable access to certain services.

    But you can deploy a logon script which executes the following :

    sc config LanmanServer start= disabled (note the space between = and disabled)

    However a user may open up services and turn it back on for the session. You could prevent MMC access if appropriate to prevent it. If they are savvy they could also open up a dos prompt and issue a variation of the command above. What are the odds ? Not sure


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
    If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
    This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
    This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now