Sign in with
Sign up | Sign in
Your question

Disable program

Last response: in Windows 2000/NT
Share
Anonymous
a b 8 Security
November 19, 2004 11:19:08 AM

Archived from groups: microsoft.public.win2000.security (More info?)

I am installing Mcafee personal firewall in windows 2000 Pro laptop, the
users need to have a power user account. How I can prevent them to stop or
disable the personal firewall.

More about : disable program

Anonymous
a b 8 Security
November 19, 2004 9:58:47 PM

Archived from groups: microsoft.public.win2000.security (More info?)

See if the firewall has the option to password protect settings or modify
which user groups can change settings/disable. I know some personal
firewalls such as the older Kerio could do that. I am not familiar with the
Mcafee personal firewall though there are forums dedicated to Mcafee
products.. There are other free for personal use firewalls such as Sygate
that you may want to try also. --- Steve


"EP" <EP@discussions.microsoft.com> wrote in message
news:4B16B82A-2E56-4E92-A922-F29305009656@microsoft.com...
>I am installing Mcafee personal firewall in windows 2000 Pro laptop, the
> users need to have a power user account. How I can prevent them to stop or
> disable the personal firewall.
Anonymous
a b 8 Security
November 20, 2004 12:57:08 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Steve gives you some good pointers. One other thing that you might want to
look into is the Security Configuration and Analysis Tool. This tool,
loaded with the proper template, will allow you to change the permissions on
the actual services themselves. This is one of the few ways to change
permissions on services, and by far the easiest.

CAUTION!! This procedure, though easy, is still very dangerous. You can
quite easily render your system in a state that you did not intend. Be very
certain that you have a good understanding of what is happening and what you
are doing before you embark on this.

http://www.microsoft.com/resources/documentation/Window...

http://www.microsoft.com/resources/documentation/window...

What you need to do is a bit complicated.

1. Start > Run > Cmd, then type MMC
2. In the MMC Console, File > Add/Remove Snap-In > Add, Select 'Security
Configuration and Analysis' and 'Security Templates'
3. Add > Close > OK You should now have two items in the console.
4. Now, we have a bit of a test here. You will need to go to your
%systemroot%\security\templates directory and make a copy of hisecdc.inf or
rootsec.inf. Open the copy, and remove everything BELOW the line
'%SCEProfileDescription%' Save the file. You now have a 'naked' security
template.
5. Back in the created MMC, click on Sec Config Analysis
6. Create a new database via the steps on the right side of the MMC
console. When prompted, open our naked template.
7. Follow the directions to Analyze your system.
8. Once the analysis is complete, navigate to the 'System Services'
9. Find the service that you are looking for. Right click and select
properties.
10. Select the 'Define this policy in the database' check box.
11. Click the 'Edit Security...' button.
12. In the Security view, remove permissions (except Read) from all Users
except for Administrators and SYSTEM. Click OK.
13. Right click on the Security Configuration Analysis line - choose
Configure. Allow this to finish.
14. Close the MMC. Save it if you desire.

You will find that the service can still be managed and maintained by the
system and the Administrator, and the average user will be able to check the
status of the service, but will not be able to change the state.

Hope this helps....
"EP" <EP@discussions.microsoft.com> wrote in message
news:4B16B82A-2E56-4E92-A922-F29305009656@microsoft.com...
>I am installing Mcafee personal firewall in windows 2000 Pro laptop, the
> users need to have a power user account. How I can prevent them to stop or
> disable the personal firewall.
Related resources
Anonymous
a b 8 Security
November 21, 2004 4:38:24 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi Rick,

I used to think that the most direct until someone pointed out
to me the NTrights.exe can alter ACL on services.

--
Roger Abell

"Rick Kingslan [MS MVP]" <rkingsla.cox.net@127.0.0.1> wrote in message
news:o 6LxCUrzEHA.3488@TK2MSFTNGP10.phx.gbl...
> Steve gives you some good pointers. One other thing that you might want
to
> look into is the Security Configuration and Analysis Tool. This tool,
> loaded with the proper template, will allow you to change the permissions
on
> the actual services themselves. This is one of the few ways to change
> permissions on services, and by far the easiest.
>
> CAUTION!! This procedure, though easy, is still very dangerous. You can
> quite easily render your system in a state that you did not intend. Be
very
> certain that you have a good understanding of what is happening and what
you
> are doing before you embark on this.
>
>
http://www.microsoft.com/resources/documentation/Window...
>
>
http://www.microsoft.com/resources/documentation/window...
>
> What you need to do is a bit complicated.
>
> 1. Start > Run > Cmd, then type MMC
> 2. In the MMC Console, File > Add/Remove Snap-In > Add, Select 'Security
> Configuration and Analysis' and 'Security Templates'
> 3. Add > Close > OK You should now have two items in the console.
> 4. Now, we have a bit of a test here. You will need to go to your
> %systemroot%\security\templates directory and make a copy of hisecdc.inf
or
> rootsec.inf. Open the copy, and remove everything BELOW the line
> '%SCEProfileDescription%' Save the file. You now have a 'naked' security
> template.
> 5. Back in the created MMC, click on Sec Config Analysis
> 6. Create a new database via the steps on the right side of the MMC
> console. When prompted, open our naked template.
> 7. Follow the directions to Analyze your system.
> 8. Once the analysis is complete, navigate to the 'System Services'
> 9. Find the service that you are looking for. Right click and select
> properties.
> 10. Select the 'Define this policy in the database' check box.
> 11. Click the 'Edit Security...' button.
> 12. In the Security view, remove permissions (except Read) from all Users
> except for Administrators and SYSTEM. Click OK.
> 13. Right click on the Security Configuration Analysis line - choose
> Configure. Allow this to finish.
> 14. Close the MMC. Save it if you desire.
>
> You will find that the service can still be managed and maintained by the
> system and the Administrator, and the average user will be able to check
the
> status of the service, but will not be able to change the state.
>
> Hope this helps....
> "EP" <EP@discussions.microsoft.com> wrote in message
> news:4B16B82A-2E56-4E92-A922-F29305009656@microsoft.com...
> >I am installing Mcafee personal firewall in windows 2000 Pro laptop, the
> > users need to have a power user account. How I can prevent them to stop
or
> > disable the personal firewall.
>
>
Anonymous
a b 8 Security
November 22, 2004 7:37:00 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi Roger.

I don't think NTrights can change service permissions but subinacls can for
sure. I did post once that NTrights could do such but was in error I
believe. Maybe you read my erroneous post or you know something I don't
about NTrights? --- Steve

http://tinyurl.com/62xcz -- link to my past post.


"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:u%23AommA0EHA.3588@TK2MSFTNGP14.phx.gbl...
> Hi Rick,
>
> I used to think that the most direct until someone pointed out
> to me the NTrights.exe can alter ACL on services.
>
> --
> Roger Abell
>
> "Rick Kingslan [MS MVP]" <rkingsla.cox.net@127.0.0.1> wrote in message
> news:o 6LxCUrzEHA.3488@TK2MSFTNGP10.phx.gbl...
>> Steve gives you some good pointers. One other thing that you might want
> to
>> look into is the Security Configuration and Analysis Tool. This tool,
>> loaded with the proper template, will allow you to change the permissions
> on
>> the actual services themselves. This is one of the few ways to change
>> permissions on services, and by far the easiest.
>>
>> CAUTION!! This procedure, though easy, is still very dangerous. You can
>> quite easily render your system in a state that you did not intend. Be
> very
>> certain that you have a good understanding of what is happening and what
> you
>> are doing before you embark on this.
>>
>>
> http://www.microsoft.com/resources/documentation/Window...
>>
>>
> http://www.microsoft.com/resources/documentation/window...
>>
>> What you need to do is a bit complicated.
>>
>> 1. Start > Run > Cmd, then type MMC
>> 2. In the MMC Console, File > Add/Remove Snap-In > Add, Select
>> 'Security
>> Configuration and Analysis' and 'Security Templates'
>> 3. Add > Close > OK You should now have two items in the console.
>> 4. Now, we have a bit of a test here. You will need to go to your
>> %systemroot%\security\templates directory and make a copy of hisecdc.inf
> or
>> rootsec.inf. Open the copy, and remove everything BELOW the line
>> '%SCEProfileDescription%' Save the file. You now have a 'naked'
>> security
>> template.
>> 5. Back in the created MMC, click on Sec Config Analysis
>> 6. Create a new database via the steps on the right side of the MMC
>> console. When prompted, open our naked template.
>> 7. Follow the directions to Analyze your system.
>> 8. Once the analysis is complete, navigate to the 'System Services'
>> 9. Find the service that you are looking for. Right click and select
>> properties.
>> 10. Select the 'Define this policy in the database' check box.
>> 11. Click the 'Edit Security...' button.
>> 12. In the Security view, remove permissions (except Read) from all Users
>> except for Administrators and SYSTEM. Click OK.
>> 13. Right click on the Security Configuration Analysis line - choose
>> Configure. Allow this to finish.
>> 14. Close the MMC. Save it if you desire.
>>
>> You will find that the service can still be managed and maintained by the
>> system and the Administrator, and the average user will be able to check
> the
>> status of the service, but will not be able to change the state.
>>
>> Hope this helps....
>> "EP" <EP@discussions.microsoft.com> wrote in message
>> news:4B16B82A-2E56-4E92-A922-F29305009656@microsoft.com...
>> >I am installing Mcafee personal firewall in windows 2000 Pro laptop, the
>> > users need to have a power user account. How I can prevent them to stop
> or
>> > disable the personal firewall.
>>
>>
>
>
Anonymous
a b 8 Security
November 26, 2004 12:47:36 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Well, it was actually setacl that I was thinking about
http://setacl.sourceforge.net/
--
Roger
"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:M1eod.548599$mD.183209@attbi_s02...
> Hi Roger.
>
> I don't think NTrights can change service permissions but subinacls can
for
> sure. I did post once that NTrights could do such but was in error I
> believe. Maybe you read my erroneous post or you know something I don't
> about NTrights? --- Steve
>
> http://tinyurl.com/62xcz -- link to my past post.
>
>
> "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
> news:u%23AommA0EHA.3588@TK2MSFTNGP14.phx.gbl...
> > Hi Rick,
> >
> > I used to think that the most direct until someone pointed out
> > to me the NTrights.exe can alter ACL on services.
> >
> > --
> > Roger Abell
> >
> > "Rick Kingslan [MS MVP]" <rkingsla.cox.net@127.0.0.1> wrote in message
> > news:o 6LxCUrzEHA.3488@TK2MSFTNGP10.phx.gbl...
> >> Steve gives you some good pointers. One other thing that you might
want
> > to
> >> look into is the Security Configuration and Analysis Tool. This tool,
> >> loaded with the proper template, will allow you to change the
permissions
> > on
> >> the actual services themselves. This is one of the few ways to change
> >> permissions on services, and by far the easiest.
> >>
> >> CAUTION!! This procedure, though easy, is still very dangerous. You
can
> >> quite easily render your system in a state that you did not intend. Be
> > very
> >> certain that you have a good understanding of what is happening and
what
> > you
> >> are doing before you embark on this.
> >>
> >>
> >
http://www.microsoft.com/resources/documentation/Window...
> >>
> >>
> >
http://www.microsoft.com/resources/documentation/window...
> >>
> >> What you need to do is a bit complicated.
> >>
> >> 1. Start > Run > Cmd, then type MMC
> >> 2. In the MMC Console, File > Add/Remove Snap-In > Add, Select
> >> 'Security
> >> Configuration and Analysis' and 'Security Templates'
> >> 3. Add > Close > OK You should now have two items in the console.
> >> 4. Now, we have a bit of a test here. You will need to go to your
> >> %systemroot%\security\templates directory and make a copy of
hisecdc.inf
> > or
> >> rootsec.inf. Open the copy, and remove everything BELOW the line
> >> '%SCEProfileDescription%' Save the file. You now have a 'naked'
> >> security
> >> template.
> >> 5. Back in the created MMC, click on Sec Config Analysis
> >> 6. Create a new database via the steps on the right side of the MMC
> >> console. When prompted, open our naked template.
> >> 7. Follow the directions to Analyze your system.
> >> 8. Once the analysis is complete, navigate to the 'System Services'
> >> 9. Find the service that you are looking for. Right click and select
> >> properties.
> >> 10. Select the 'Define this policy in the database' check box.
> >> 11. Click the 'Edit Security...' button.
> >> 12. In the Security view, remove permissions (except Read) from all
Users
> >> except for Administrators and SYSTEM. Click OK.
> >> 13. Right click on the Security Configuration Analysis line - choose
> >> Configure. Allow this to finish.
> >> 14. Close the MMC. Save it if you desire.
> >>
> >> You will find that the service can still be managed and maintained by
the
> >> system and the Administrator, and the average user will be able to
check
> > the
> >> status of the service, but will not be able to change the state.
> >>
> >> Hope this helps....
> >> "EP" <EP@discussions.microsoft.com> wrote in message
> >> news:4B16B82A-2E56-4E92-A922-F29305009656@microsoft.com...
> >> >I am installing Mcafee personal firewall in windows 2000 Pro laptop,
the
> >> > users need to have a power user account. How I can prevent them to
stop
> > or
> >> > disable the personal firewall.
> >>
> >>
> >
> >
>
>
!