How To Configure Group Policies to Set Security for System Services in Windows Server 2003
For a Microsoft Windows 2000 version of this article, see 256345.
IN THIS TASK
When you implement security on system services, you can control who can manage services on a workstation, member server, or domain controller. Currently, the only way to change a system service is through a Group Policy computer setting.
If you implement Group Policy as the Default Domain Policy, the policy is applied to all computers in the domain. If you implement Group Policy as the Default Domain Controllers policy, the policy applies only to the servers in the domain controller's organizational unit. You can create organizational units that contain workstation computers to which policies can be applied. This article describes the steps to implementing a Group Policy on an organizational unit to change permissions on system services.
back to the top
How to Assign System Service Permissions
- Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
- Right-click the domain to which you want to add the organizational unit, point to New, and then click Organizational Unit.
- Type a name for the organizational unit in the Name box, and then click OK.
The new organizational unit is listed in the console tree.
- Right-click the new organizational unit that you created, and then click Properties.
- Click the Group Policy tab, and then click New. Type a name for the new Group Policy object (for example, use the name of the organizational unit for which it is implemented), and then press ENTER.
- Click the new Group Policy object in the Group Policy Objects Links list (if it is not already selected), and then click Edit.
- Expand Computer Configuration, expand Windows Settings, expand Security Settings, and then click System Services.
- In the right pane, double-click the service to which you want to apply permissions.
The security policy setting for that specific service is displayed.
- Click to select the Define this policy setting check box.
- Click Edit Security.
- Grant the appropriate permissions to the user accounts and groups that you want, and then click OK.
- Under Select service startup mode, click the startup mode option that you want, and then click OK.
- Close the Group Policy Object Editor, click OK, and then close the Active Directory Users and Computers tool.
back to the top
Article ID: 324802 - Last Review: 12/03/2007 04:18:05 - Revision: 8.4
- kbmgmtservices kbacl kbenv kbgpo kbhowto kbhowtomaster kbsecconfiged KB324802