Is there any way to restrict users with administrative privileges from managing specific Windows service based applications? I would like to restrict administrators from stopping or re-starting my service very similar to the Windows event log service. What are some of the more popular approaches or recommended approaches to securing services followed by product vendors (like antivirus applications, firewalls etc where the service has to be running continuously)?
A:
Here is one approach using access control - http://support.microsoft.com/?kbid=288129
msvcyc
2008-11-15 19:45:21
Since an Administrator has the TAKE_OWNERSHIP privilege, he always can add himself to the ACL and allow full control. This approach is useless.
ChristianWimmer
2010-03-12 18:15:18
+1
A:
To remove the stop option from the service management mmc. With .net service you:
ServicesToRun = new ServiceBase[] { new Service1() };
ServicesToRun[0].CanStop = false;
With win32 see the SERVICE_STATUS structure and SetServiceStatus function documentation. Did not test this option.
That said, I don't think ( and hope I am right ) that there is possibility, in user space, to prevent the administrator from stopping a service. The admin can still stop the service by killing the process from taskmanager or taskkill.
Igal Serban
2008-11-15 22:20:00