Sign in with
Sign up | Sign in
Your question

Stopping Domain users disabling anti-virus services on dom..

Last response: in Windows 2000/NT
Share
Anonymous
August 12, 2004 7:51:41 PM

Archived from groups: microsoft.public.win2000.security (More info?)

We currently run Sophos Antivirus on our network froma CID - Some of my more
savvy users have an annoying habit of turning off the Sophos Service from
the services menu to free up system resources on their local PC's. I would
like to be able to prevent them from doing this. Is there any way I can do
this via Group Policy by making that particular service controllable by the
Domain Admin or the Sophos Sweep Account?

Many Thanks,

Michael Hewson MCP

More about : stopping domain users disabling anti virus services dom

Anonymous
August 12, 2004 7:51:42 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Do they have local admin rights? Rescind them.

I haven't used Sophos - I use Officescan, and one of the options in setup is
to prohibit any user from stopping the AV service unless they know the setup
password - even local admins can't do it.


Michael Hewson wrote:
> We currently run Sophos Antivirus on our network froma CID - Some of
> my more savvy users have an annoying habit of turning off the Sophos
> Service from the services menu to free up system resources on their
> local PC's. I would like to be able to prevent them from doing this.
> Is there any way I can do this via Group Policy by making that
> particular service controllable by the Domain Admin or the Sophos
> Sweep Account?
>
> Many Thanks,
>
> Michael Hewson MCP
Anonymous
August 12, 2004 7:51:42 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Absolutely, but only if your users are not in the local Administrators
group. If they're there, you can still try to stop them, but
Administrators can always undo anything you can do.

To do this, you can launch MMC.EXE and add/remove snap in, add
security templates and security configuration MMCs, create a template
that disables services [note that by default you only see services
that are installed on the workstation you're on, but you can add other
services by editing the template file manually], save the template,
use the security config MMC to create a new database and import the
template to it, close the MMC, copy the database from the
windowsroot\security\database\ folder, then use the secedit /configure
/verbose /db "x:\foldername\databasename.sdb" command to import the
database. This last step of applying the group policy template
probably requires local Admin privileges to run, so you could
alternatively import the template into AD group policy and apply it
that way, if you have AD, or you could set up a Task Scheduler job and
enter the ID and password of an Administrator-equivalent account to
run a script to apply the GP.

A few hitches: when creating the group policy template using the MMC
GUI, you only see the services installed on the machine you're working
on [although you could edit an .INF template file manually in Notepad
if you know the name of the service if you wish]. Second, AFAIK, in
order to be able to change permissions via GP, you will have to
specify that the service is set to startup: "Automatic," so that
unless you take special action, everyone getting this GP policy gets
the service re-set to start Automatically. Third, I believe your
permissions that you apply will always overwrite and remove the
permissions that are currently on the service. This might not be a
problem for you here, but I mention it just in case. It can
definitely make things tricky if you are trying to use GP to modify
the permissions on, say, the root of the C: drive.


"Michael Hewson" <spikeyboy64@hotmail.com> wrote in message news:<OVtmivHgEHA.536@TK2MSFTNGP11.phx.gbl>...
> We currently run Sophos Antivirus on our network froma CID - Some of my more
> savvy users have an annoying habit of turning off the Sophos Service from
> the services menu to free up system resources on their local PC's. I would
> like to be able to prevent them from doing this. Is there any way I can do
> this via Group Policy by making that particular service controllable by the
> Domain Admin or the Sophos Sweep Account?
>
> Many Thanks,
>
> Michael Hewson MCP
Related resources
Anonymous
August 13, 2004 12:07:44 AM

Archived from groups: microsoft.public.win2000.security (More info?)

I agree with Ms Lanwench, but FYI you can configure security on services in security
policy for domain or Organizational Unit. It would be under computer
configuration/Windows settings/security settings/services I believe. The link below
goes into more detail. Disabling a service is just one example of what a user who is
a local administrator can do.--- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;256345

"Michael Hewson" <spikeyboy64@hotmail.com> wrote in message
news:o VtmivHgEHA.536@TK2MSFTNGP11.phx.gbl...
> We currently run Sophos Antivirus on our network froma CID - Some of my more
> savvy users have an annoying habit of turning off the Sophos Service from
> the services menu to free up system resources on their local PC's. I would
> like to be able to prevent them from doing this. Is there any way I can do
> this via Group Policy by making that particular service controllable by the
> Domain Admin or the Sophos Sweep Account?
>
> Many Thanks,
>
> Michael Hewson MCP
>
>
Anonymous
August 13, 2004 4:27:31 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Thanks Steve - thats great - just the job.

"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:k6QSc.275483$JR4.202710@attbi_s54...
>I agree with Ms Lanwench, but FYI you can configure security on services in
>security
> policy for domain or Organizational Unit. It would be under computer
> configuration/Windows settings/security settings/services I believe. The
> link below
> goes into more detail. Disabling a service is just one example of what a
> user who is
> a local administrator can do.--- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;256345
>
> "Michael Hewson" <spikeyboy64@hotmail.com> wrote in message
> news:o VtmivHgEHA.536@TK2MSFTNGP11.phx.gbl...
>> We currently run Sophos Antivirus on our network froma CID - Some of my
>> more
>> savvy users have an annoying habit of turning off the Sophos Service from
>> the services menu to free up system resources on their local PC's. I
>> would
>> like to be able to prevent them from doing this. Is there any way I can
>> do
>> this via Group Policy by making that particular service controllable by
>> the
>> Domain Admin or the Sophos Sweep Account?
>>
>> Many Thanks,
>>
>> Michael Hewson MCP
>>
>>
>
>
!