b * h 2007-08-24 23:19:11
I have a user who likes to stop specific services that I do not want stopped.
Can someone tell me how to create a group policy to deny access to
services.msc and msconfig on the local XP computer to all users except domain
Windows Server 2003 SP2 – Windows XP Pro SP2
Myweb 2007-08-24 23:19:16
Go to computer configuration>Windows settings>security settings>File system.
On the right pane rightclick and take Add File. Browse to the default location
from the file you like to restrict on one workstation and set the security
settings like you want. Test it on one machine and then deploy the policy
to the OU where the workstations of the users are.
Disclaimer: This posting is provided “AS IS” with no warranties, and confers
Bruce sanderso 2007-08-28 15:23:17
Ensure that the user’s account is not a member, directly or indirectly, of
any group that is a member of the workstation’s local Administrators or
Power Users group.
Bruce Sanderson MVP Printing
It is perfectly useless to know the right answer to the wrong question.
Roger abell [m 2007-08-28 15:23:36
Your user(s?) appear(s) overpowered.
Addressing that would be the infrastructurally correct approach.
Assuming excess privs is required, whyever, then look in the User
branch in GP in admin templates, where in Windows Components
you will find Microsoft Management Console, which has an agile
restricted/permitted snap-ins capability (you can even frustrate a
Domain Administrators member with it).
You might want to also alter permissions on services as the User
could adjust services without use of any mmc like services.msc.
That is touchy, especially if there are administrative duties of the
(not) overpowered user(s), repetitive (automate with sc), difficult
to maintain in face of future new services, but doable.