Disable program

Archived from groups: microsoft.public.win2000.security (More info?)

I am installing Mcafee personal firewall in windows 2000 Pro laptop, the
users need to have a power user account. How I can prevent them to stop or
disable the personal firewall.
5 answers Last reply
More about disable program
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    See if the firewall has the option to password protect settings or modify
    which user groups can change settings/disable. I know some personal
    firewalls such as the older Kerio could do that. I am not familiar with the
    Mcafee personal firewall though there are forums dedicated to Mcafee
    products.. There are other free for personal use firewalls such as Sygate
    that you may want to try also. --- Steve


    "EP" <EP@discussions.microsoft.com> wrote in message
    news:4B16B82A-2E56-4E92-A922-F29305009656@microsoft.com...
    >I am installing Mcafee personal firewall in windows 2000 Pro laptop, the
    > users need to have a power user account. How I can prevent them to stop or
    > disable the personal firewall.
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    Steve gives you some good pointers. One other thing that you might want to
    look into is the Security Configuration and Analysis Tool. This tool,
    loaded with the proper template, will allow you to change the permissions on
    the actual services themselves. This is one of the few ways to change
    permissions on services, and by far the easiest.

    CAUTION!! This procedure, though easy, is still very dangerous. You can
    quite easily render your system in a state that you did not intend. Be very
    certain that you have a good understanding of what is happening and what you
    are doing before you embark on this.

    http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/windows/xp/all/reskit/en-us/prdd_sec_fovn.asp

    http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_scmwhatis.mspx

    What you need to do is a bit complicated.

    1. Start > Run > Cmd, then type MMC
    2. In the MMC Console, File > Add/Remove Snap-In > Add, Select 'Security
    Configuration and Analysis' and 'Security Templates'
    3. Add > Close > OK You should now have two items in the console.
    4. Now, we have a bit of a test here. You will need to go to your
    %systemroot%\security\templates directory and make a copy of hisecdc.inf or
    rootsec.inf. Open the copy, and remove everything BELOW the line
    '%SCEProfileDescription%' Save the file. You now have a 'naked' security
    template.
    5. Back in the created MMC, click on Sec Config Analysis
    6. Create a new database via the steps on the right side of the MMC
    console. When prompted, open our naked template.
    7. Follow the directions to Analyze your system.
    8. Once the analysis is complete, navigate to the 'System Services'
    9. Find the service that you are looking for. Right click and select
    properties.
    10. Select the 'Define this policy in the database' check box.
    11. Click the 'Edit Security...' button.
    12. In the Security view, remove permissions (except Read) from all Users
    except for Administrators and SYSTEM. Click OK.
    13. Right click on the Security Configuration Analysis line - choose
    Configure. Allow this to finish.
    14. Close the MMC. Save it if you desire.

    You will find that the service can still be managed and maintained by the
    system and the Administrator, and the average user will be able to check the
    status of the service, but will not be able to change the state.

    Hope this helps....
    "EP" <EP@discussions.microsoft.com> wrote in message
    news:4B16B82A-2E56-4E92-A922-F29305009656@microsoft.com...
    >I am installing Mcafee personal firewall in windows 2000 Pro laptop, the
    > users need to have a power user account. How I can prevent them to stop or
    > disable the personal firewall.
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    Hi Rick,

    I used to think that the most direct until someone pointed out
    to me the NTrights.exe can alter ACL on services.

    --
    Roger Abell

    "Rick Kingslan [MS MVP]" <rkingsla.cox.net@127.0.0.1> wrote in message
    news:O6LxCUrzEHA.3488@TK2MSFTNGP10.phx.gbl...
    > Steve gives you some good pointers. One other thing that you might want
    to
    > look into is the Security Configuration and Analysis Tool. This tool,
    > loaded with the proper template, will allow you to change the permissions
    on
    > the actual services themselves. This is one of the few ways to change
    > permissions on services, and by far the easiest.
    >
    > CAUTION!! This procedure, though easy, is still very dangerous. You can
    > quite easily render your system in a state that you did not intend. Be
    very
    > certain that you have a good understanding of what is happening and what
    you
    > are doing before you embark on this.
    >
    >
    http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/windows/xp/all/reskit/en-us/prdd_sec_fovn.asp
    >
    >
    http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_scmwhatis.mspx
    >
    > What you need to do is a bit complicated.
    >
    > 1. Start > Run > Cmd, then type MMC
    > 2. In the MMC Console, File > Add/Remove Snap-In > Add, Select 'Security
    > Configuration and Analysis' and 'Security Templates'
    > 3. Add > Close > OK You should now have two items in the console.
    > 4. Now, we have a bit of a test here. You will need to go to your
    > %systemroot%\security\templates directory and make a copy of hisecdc.inf
    or
    > rootsec.inf. Open the copy, and remove everything BELOW the line
    > '%SCEProfileDescription%' Save the file. You now have a 'naked' security
    > template.
    > 5. Back in the created MMC, click on Sec Config Analysis
    > 6. Create a new database via the steps on the right side of the MMC
    > console. When prompted, open our naked template.
    > 7. Follow the directions to Analyze your system.
    > 8. Once the analysis is complete, navigate to the 'System Services'
    > 9. Find the service that you are looking for. Right click and select
    > properties.
    > 10. Select the 'Define this policy in the database' check box.
    > 11. Click the 'Edit Security...' button.
    > 12. In the Security view, remove permissions (except Read) from all Users
    > except for Administrators and SYSTEM. Click OK.
    > 13. Right click on the Security Configuration Analysis line - choose
    > Configure. Allow this to finish.
    > 14. Close the MMC. Save it if you desire.
    >
    > You will find that the service can still be managed and maintained by the
    > system and the Administrator, and the average user will be able to check
    the
    > status of the service, but will not be able to change the state.
    >
    > Hope this helps....
    > "EP" <EP@discussions.microsoft.com> wrote in message
    > news:4B16B82A-2E56-4E92-A922-F29305009656@microsoft.com...
    > >I am installing Mcafee personal firewall in windows 2000 Pro laptop, the
    > > users need to have a power user account. How I can prevent them to stop
    or
    > > disable the personal firewall.
    >
    >
  4. Archived from groups: microsoft.public.win2000.security (More info?)

    Hi Roger.

    I don't think NTrights can change service permissions but subinacls can for
    sure. I did post once that NTrights could do such but was in error I
    believe. Maybe you read my erroneous post or you know something I don't
    about NTrights? --- Steve

    http://tinyurl.com/62xcz -- link to my past post.


    "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
    news:u%23AommA0EHA.3588@TK2MSFTNGP14.phx.gbl...
    > Hi Rick,
    >
    > I used to think that the most direct until someone pointed out
    > to me the NTrights.exe can alter ACL on services.
    >
    > --
    > Roger Abell
    >
    > "Rick Kingslan [MS MVP]" <rkingsla.cox.net@127.0.0.1> wrote in message
    > news:O6LxCUrzEHA.3488@TK2MSFTNGP10.phx.gbl...
    >> Steve gives you some good pointers. One other thing that you might want
    > to
    >> look into is the Security Configuration and Analysis Tool. This tool,
    >> loaded with the proper template, will allow you to change the permissions
    > on
    >> the actual services themselves. This is one of the few ways to change
    >> permissions on services, and by far the easiest.
    >>
    >> CAUTION!! This procedure, though easy, is still very dangerous. You can
    >> quite easily render your system in a state that you did not intend. Be
    > very
    >> certain that you have a good understanding of what is happening and what
    > you
    >> are doing before you embark on this.
    >>
    >>
    > http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/windows/xp/all/reskit/en-us/prdd_sec_fovn.asp
    >>
    >>
    > http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_scmwhatis.mspx
    >>
    >> What you need to do is a bit complicated.
    >>
    >> 1. Start > Run > Cmd, then type MMC
    >> 2. In the MMC Console, File > Add/Remove Snap-In > Add, Select
    >> 'Security
    >> Configuration and Analysis' and 'Security Templates'
    >> 3. Add > Close > OK You should now have two items in the console.
    >> 4. Now, we have a bit of a test here. You will need to go to your
    >> %systemroot%\security\templates directory and make a copy of hisecdc.inf
    > or
    >> rootsec.inf. Open the copy, and remove everything BELOW the line
    >> '%SCEProfileDescription%' Save the file. You now have a 'naked'
    >> security
    >> template.
    >> 5. Back in the created MMC, click on Sec Config Analysis
    >> 6. Create a new database via the steps on the right side of the MMC
    >> console. When prompted, open our naked template.
    >> 7. Follow the directions to Analyze your system.
    >> 8. Once the analysis is complete, navigate to the 'System Services'
    >> 9. Find the service that you are looking for. Right click and select
    >> properties.
    >> 10. Select the 'Define this policy in the database' check box.
    >> 11. Click the 'Edit Security...' button.
    >> 12. In the Security view, remove permissions (except Read) from all Users
    >> except for Administrators and SYSTEM. Click OK.
    >> 13. Right click on the Security Configuration Analysis line - choose
    >> Configure. Allow this to finish.
    >> 14. Close the MMC. Save it if you desire.
    >>
    >> You will find that the service can still be managed and maintained by the
    >> system and the Administrator, and the average user will be able to check
    > the
    >> status of the service, but will not be able to change the state.
    >>
    >> Hope this helps....
    >> "EP" <EP@discussions.microsoft.com> wrote in message
    >> news:4B16B82A-2E56-4E92-A922-F29305009656@microsoft.com...
    >> >I am installing Mcafee personal firewall in windows 2000 Pro laptop, the
    >> > users need to have a power user account. How I can prevent them to stop
    > or
    >> > disable the personal firewall.
    >>
    >>
    >
    >
  5. Archived from groups: microsoft.public.win2000.security (More info?)

    Well, it was actually setacl that I was thinking about
    http://setacl.sourceforge.net/
    --
    Roger
    "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
    news:M1eod.548599$mD.183209@attbi_s02...
    > Hi Roger.
    >
    > I don't think NTrights can change service permissions but subinacls can
    for
    > sure. I did post once that NTrights could do such but was in error I
    > believe. Maybe you read my erroneous post or you know something I don't
    > about NTrights? --- Steve
    >
    > http://tinyurl.com/62xcz -- link to my past post.
    >
    >
    > "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
    > news:u%23AommA0EHA.3588@TK2MSFTNGP14.phx.gbl...
    > > Hi Rick,
    > >
    > > I used to think that the most direct until someone pointed out
    > > to me the NTrights.exe can alter ACL on services.
    > >
    > > --
    > > Roger Abell
    > >
    > > "Rick Kingslan [MS MVP]" <rkingsla.cox.net@127.0.0.1> wrote in message
    > > news:O6LxCUrzEHA.3488@TK2MSFTNGP10.phx.gbl...
    > >> Steve gives you some good pointers. One other thing that you might
    want
    > > to
    > >> look into is the Security Configuration and Analysis Tool. This tool,
    > >> loaded with the proper template, will allow you to change the
    permissions
    > > on
    > >> the actual services themselves. This is one of the few ways to change
    > >> permissions on services, and by far the easiest.
    > >>
    > >> CAUTION!! This procedure, though easy, is still very dangerous. You
    can
    > >> quite easily render your system in a state that you did not intend. Be
    > > very
    > >> certain that you have a good understanding of what is happening and
    what
    > > you
    > >> are doing before you embark on this.
    > >>
    > >>
    > >
    http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/windows/xp/all/reskit/en-us/prdd_sec_fovn.asp
    > >>
    > >>
    > >
    http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_scmwhatis.mspx
    > >>
    > >> What you need to do is a bit complicated.
    > >>
    > >> 1. Start > Run > Cmd, then type MMC
    > >> 2. In the MMC Console, File > Add/Remove Snap-In > Add, Select
    > >> 'Security
    > >> Configuration and Analysis' and 'Security Templates'
    > >> 3. Add > Close > OK You should now have two items in the console.
    > >> 4. Now, we have a bit of a test here. You will need to go to your
    > >> %systemroot%\security\templates directory and make a copy of
    hisecdc.inf
    > > or
    > >> rootsec.inf. Open the copy, and remove everything BELOW the line
    > >> '%SCEProfileDescription%' Save the file. You now have a 'naked'
    > >> security
    > >> template.
    > >> 5. Back in the created MMC, click on Sec Config Analysis
    > >> 6. Create a new database via the steps on the right side of the MMC
    > >> console. When prompted, open our naked template.
    > >> 7. Follow the directions to Analyze your system.
    > >> 8. Once the analysis is complete, navigate to the 'System Services'
    > >> 9. Find the service that you are looking for. Right click and select
    > >> properties.
    > >> 10. Select the 'Define this policy in the database' check box.
    > >> 11. Click the 'Edit Security...' button.
    > >> 12. In the Security view, remove permissions (except Read) from all
    Users
    > >> except for Administrators and SYSTEM. Click OK.
    > >> 13. Right click on the Security Configuration Analysis line - choose
    > >> Configure. Allow this to finish.
    > >> 14. Close the MMC. Save it if you desire.
    > >>
    > >> You will find that the service can still be managed and maintained by
    the
    > >> system and the Administrator, and the average user will be able to
    check
    > > the
    > >> status of the service, but will not be able to change the state.
    > >>
    > >> Hope this helps....
    > >> "EP" <EP@discussions.microsoft.com> wrote in message
    > >> news:4B16B82A-2E56-4E92-A922-F29305009656@microsoft.com...
    > >> >I am installing Mcafee personal firewall in windows 2000 Pro laptop,
    the
    > >> > users need to have a power user account. How I can prevent them to
    stop
    > > or
    > >> > disable the personal firewall.
    > >>
    > >>
    > >
    > >
    >
    >
Ask a new question

Read More

Security Firewalls Microsoft Windows