Re: Disable program

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 11/21/04

  • Next message: Frank Thynne: "Cannot see audit events in security log" 
    Date: Sun, 21 Nov 2004 13:38:24 -0700

    Hi Rick,

    I used to think that the most direct until someone pointed out
    to me the NTrights.exe can alter ACL on services. 

    -- 
Roger Abell
"Rick Kingslan [MS MVP]" <rkingsla.cox.net@127.0.0.1> wrote in message
news:O6LxCUrzEHA.3488@TK2MSFTNGP10.phx.gbl...
> Steve gives you some good pointers.  One other thing that you might want
to
> look into is the Security Configuration and Analysis Tool.  This tool,
> loaded with the proper template, will allow you to change the permissions
on
> the actual services themselves.  This is one of the few ways to change
> permissions on services, and by far the easiest.
>
> CAUTION!!  This procedure, though easy, is still very dangerous.  You can
> quite easily render your system in a state that you did not intend.  Be
very
> certain that you have a good understanding of what is happening and what
you
> are doing before you embark on this.
>
>
http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/windows/xp/all/reskit/en-us/prdd_sec_fovn.asp
>
>
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_scmwhatis.mspx
>
> What you need to do is a bit complicated.
>
> 1.   Start > Run > Cmd, then type MMC
> 2.   In the MMC Console, File > Add/Remove Snap-In > Add, Select 'Security
> Configuration and Analysis' and 'Security Templates'
> 3.   Add > Close > OK  You should now have two items in the console.
> 4.   Now, we have a bit of a test here.  You will need to go to your
> %systemroot%\security\templates directory and make a copy of hisecdc.inf
or
> rootsec.inf.  Open the copy, and remove everything BELOW the line
> '%SCEProfileDescription%'  Save the file.  You now have a 'naked' security
> template.
> 5.   Back in the created MMC, click on Sec Config Analysis
> 6.   Create a new database via the steps on the right side of the MMC
> console.  When prompted, open our naked template.
> 7.   Follow the directions to Analyze your system.
> 8.   Once the analysis is complete, navigate to the 'System Services'
> 9.   Find the service that you are looking for.  Right click and select
> properties.
> 10. Select the 'Define this policy in the database' check box.
> 11. Click the 'Edit Security...' button.
> 12. In the Security view, remove permissions (except Read) from all Users
> except for Administrators and SYSTEM.  Click OK.
> 13. Right click on the Security Configuration Analysis line - choose
> Configure.  Allow this to finish.
> 14. Close the MMC.  Save it if you desire.
>
> You will find that the service can still be managed and maintained by the
> system and the Administrator, and the average user will be able to check
the
> status of the service, but will not be able to change the state.
>
> Hope this helps....
> "EP" <EP@discussions.microsoft.com> wrote in message
> news:4B16B82A-2E56-4E92-A922-F29305009656@microsoft.com...
> >I am installing Mcafee personal firewall in windows 2000 Pro laptop, the
> > users need to have a power user account. How I can prevent them to stop
or
> > disable the personal firewall.
>
>
  • Next message: Frank Thynne: "Cannot see audit events in security log"