Arellia has 2 two built-in tasks to that set security descriptors . The first is Set Restrictive Service Security Client Task and the second is Set Standard Service Security Client Task. For most customers, the default security descriptors referenced in these tasks will accomplish what they are trying to do.The Restrictive Service Security task will remove the ability for Administrator users to stop/modify a service. The Standard Service Security task will set and will accomplish most of what you are trying to accomplish:
- Set Restrictive Service Security Client Task - removes the ability for Administrators to stop or modify a service.
- Set Standard Service Security Client Task - sets the service security to the Windows default,
...
- giving Administrators the ability to stop or modify a service.
To apply standard service security:
...
This document explains how to set up the Standard Service Security.
To apply the Set Standard Service Security, do the following steps:
- In the Security Manager Console, click the Tasks tab.
- In the file library in the left pane, navigate to Tasks > Client Tasks > Local Security > Set Standard Service Security Client Task (optional) Task.
- Clone the client task Set (optional).
- In the right pane under Settings, select the Service to the service you are targeting (ie. you want to target (such as the Arellia Agent).
- (optional) Set the security descriptor to to a custom oneSave the client task.
- Click Save.
- Select Run Now and execute the task on endpoints.