> What registry entry is that changing for each service?
I initially tried to accomplish this with SetAcl. I figured after the
work we did with backup permissions for the registry, you'd be more
familiar with SetAcl that Subinacl or Cacls. However, SetAcl would not
deny only stop and start. Subinacl offers much more granularity for
No, not that I am aware of.
That would be a better alternative, wouldn't it? I can get you half
way. Start mmc and add in the Security Templates snap-in. Create a new
template. Browse to System Services. Right-click the first service,
Properties. Check [x] Define this policy setting in the template and
click [Edit Security]. Add Network and deny Start, stop, and pause. Do
this for all of the services and then save the template.
Create your GPO in Active Directory. Follow this article to import the
security template into the policy:
Using Group Policy and Active Directory with SCW
J Wolfgang Goerlich