VUEM: securing a VUEM agent installation in cases where users are local administrators

The VUEM agent is designed to allow local administrators to terminate its processes and stop its service. In cases where your users are local administrators and you do not want to allow them to modify the VUEM agent installation, you can follow these steps:

 

I. Install the VUEM agent using the ARPSYSTEMCOMPONENT=1 MSI argument

This will prevent the VUEM agent from showing up in Add/Remove Programs, stopping your users from uninstalling the agent this way.

For more information, please see the Installation Guide's "Deploying the Agent" section.

 

II. Deny local administrators the right to stop the VUEM agent service via GPO

To do so, follow these instructions:

 

1. Create a new Security Group in Active Directory (called "Service Security," for example).

2. Open gpmc.msc and create a new GPO called "Service Security."

3. Open the object and browse to Computer Configuration > Policies > Windows Settings > Security Settings > System Services.

4. Scroll through the listed services until you reach the Norskale Agent Host service.

5. Double-click the service name, select "define this policy," then "automatic."

6. Add the following security groups with the following permissions:

Network Service: Read

Local Service: Read, Start, Stop, Pause

7. Remove the Administrators/Domain Administrators groups as required.

 

Do not remove the System or Interactive accounts from the list under any circumstance.

You can now apply this group policy object to any computer on which the VUEM agent is installed. You can verify that the GPO is correctly configured by logging in as a local admin and attempting to stop the Norskale Agent Host service. This should result in either the "stop" option being entirely greyed out, or in the following error message when you attempt to stop the service:

Could not stop the service on Local Computer.

Error 5: Access is denied.

Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk