Options

Stopping a service in Windows

gojericho0gojericho0 Member Posts: 1,059 ■■■□□□□□□□
in Off-Topic
Is there a way to stop a service so that the OS views it as being stopped by a specific user accoun instead of NT AUTHORITY? I want to be able to do this so only a specific account can disable a security service I have running
· Share on FacebookShare on Twitter

Comments

  • Options
    RussSRussS Member Posts: 2,068 ■■■□□□□□□□
    Right click on My Computer and select Manage. Down the bottom is Services and Applications - pick the service - right click and stop.
    www.supercross.com
    FIM website of the year 2007
    · Share on FacebookShare on Twitter
  • Options
    sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    gojericho0 wrote:
    Is there a way to stop a service so that the OS views it as being stopped by a specific user accoun instead of NT AUTHORITY? I want to be able to do this so only a specific account can disable a security service I have running

    I don't think so. I believe anyone with admin rights on the computer can stop and/or disable any service. I don't know of any registry tweaks that might change this. However, if you are auditing logon/logoff events, you should be able to corollate a logon event with the time the service was stopped/disabled. The logon type will show you whether it was done from the console (Logon Type 2) or from across the network (Type 3), or Remote Desktop (type 10).

    Are you asking because someone is disabling the AV scans or something? icon_eek.gif Just rip away their admin rights. icon_wink.gif
    All things are possible, only believe.
    · Share on FacebookShare on Twitter
  • Options
    gojericho0gojericho0 Member Posts: 1,059 ■■■□□□□□□□
    The reason I'm asking is because I have a CSA security agent on all client machines. This agent uses a service I do not want disabled except for when I want to uninstall the CSA agent to push out a new agent kit or if the clients lost connection to the server and I couldn't disable the rules. I was hoping I could give permission to a specific account privledge to do this, but currently the agent views NT AUTHORITY\System as trying to stop the service and denies it access. Therefore no one can stop the service which is definetly bad

    I suppose I could let anyone that has admin rights the ability to disable the service and do the audit like you suggested. I just am kind of paranoid about a user with admin rights just disabling the service just to bypass the prevention system

    Thanks for the responses, I am going to do some more research on net stop to see if I can do anything specific or maybe find a registry edit like you suggested
    · Share on FacebookShare on Twitter
  • Options
    gojericho0gojericho0 Member Posts: 1,059 ■■■□□□□□□□
    Just wanted to ressurect this thread because I found an answer to my ? and would like to share if people would like to use this for security reasons or any other use...

    Right Click on the Service you would like to modify and Click Properties

    Select the Log On Tab

    From here you can use any domain or local account you would like to run the service

    A couple of things I noticed while testing:

    IF THE SERVICE IS DEPENDENT ON OTHER SERVICES OR VISE VERSA THE PROCESSES THAT YOU ARE TRYING TO RUN MAY NOT BE RECOGINIZED BY THE OS

    IF YOU ARE USING A DOMAIN\LOCAL USER ACCOUNT AND THAT ACCOUNT CHANGES PASSWORS THE SERVICE MAY NOT RUN PROPERLY BECAUSE IT WILL NOT BE USING CURRENT CREDENTIALS
    · Share on FacebookShare on Twitter
Sign In or Register to comment.