I am not sure if I am asking in the correct location for this, but will ask in the hopes you assist. I want to be able to lock certain services from being restarted/stopped/ended. I know most Anti-Virus and Firewall Clients protect their own services from being touched, I would assume there some component of the application that prevents itself from being altered, such as real time protector.
I have done some looking around and know I can run the service controller from command line as follows:
sc <server> [command] [service name] <option1> <option2>...
So I had a quick look around for the Server Control Manager and I believe it a snap-in of mmc. I have had a look into the help of sc within comand prompt as I want to generate a list of services I can prevent from being tampered with. I have the same problem here - Our users are Admins and are required to be able to start and stop specific services.
For Computers not on the domain however I would need to set local GPO. I want to be able to run a small startup script to run sc and lock several services from being tampered with. I had a look on the Support Microsoft (/kb/251192) and cannot see any clear guide to blacklist one being protected.
Is this achievable?
