Set restrictive service security client task

Arellia has two built-in tasks that set security descriptors and will accomplish most of what you are trying to accomplish:

  1. Set Restrictive Service Security Client Task - removes the ability for Administrators to stop or modify a service.
  2. Set Standard Service Security Client Task - sets the service security to the Windows default, giving Administrators the ability to stop or modify a service.

This document explains how to set up the restrictive service security.

To apply the Set Restrictive Service Security, do the following steps:

  1. In the Thycotic Security Manager, click the Tasks tab. 
  2. In the file library in the left pane, navigate to Tasks > Client Tasks > Local Security > Set Restrictive Service Security Client Task. 
     
  3. Clone the client task (optional).
  4. In the right pane under Settings, select the Service you want to target (such as the Arellia Agent).
  5. Set the security descriptor to a custom one.
  6. Click Save.
  7. Select Run Now and execute the task on endpoints.

Â