Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Arellia has 2 two built-in tasks to that set security descriptors . The first is Set Restrictive Service Security Client Task and the second is Set Standard Service Security Client Task. For most customers, the default security descriptors referenced in these tasks will accomplish what they are trying to do.The Restrictive Service Security task will remove the ability for Administrator users to stop/modify a service. The Standard Service Security task will set and will accomplish most of what you are trying to accomplish:

  1. Set Restrictive Service Security Client Task - removes the ability for Administrators to stop or modify a service.
  2. Set Standard Service Security Client Task - sets the service security to the Windows default,

...

  1. giving Administrators the ability to stop or modify a service.

This document explains how to set up the standard service security.

To apply the set standard service security, do the following steps:

...

  1. In the Thycotic Security Manager, click the Tasks tab. 
  2. In the file library in the left pane, navigate to Tasks > Client Tasks > Local Security Set Standard Service Security Client Task (optional) Task. 
    Image Added 
  3. Clone the client task Set (optional). 
  4. In the right pane under Settings, select the Service to the service you are targeting (ie. you want to target (such as the Arellia Agent).
    (optional) Image Added
  5. Set the security descriptor to  to a custom oneSave the client task.
  6. Click Save.
  7. Select Run Now and execute the task on endpoints.