Set restrictive service security client task
Arellia has two built-in tasks that set security descriptors and will accomplish most of what you are trying to accomplish:
- Set Restrictive Service Security Client Task -Â removes the ability for Administrators to stop or modify a service.
- Set Standard Service Security Client Task - sets the service security to the Windows default, giving Administrators the ability to stop or modify a service.
This document explains how to set up the restrictive service security.
To apply the Set Restrictive Service Security, do the following steps:
- In the Thycotic Security Manager, click the Tasks tab.Â
- In the file library in the left pane, navigate to Tasks > Client Tasks > Local Security > Set Restrictive Service Security Client Task.Â
 - Clone the client task (optional).
- In the right pane under Settings, select the Service you want to target (such as the Arellia Agent).
- Set the security descriptor to a custom one.
- Click Save.
- Select Run Now and execute the task on endpoints.
Â