I wanted to know how can we restrict access to the service on a particular system? Actually in our company we have given admin right to the users on their local system i.e. their domain user names are added in the local Admin group of that particular computer they use. For example "Alice.Shon" is the domain user name for Alice and the system issued to her, she is added in local admin group of that particular system. I know its not a good practice and it should not be allowed but the management says we have to give them admin rights or else they wont be able to install many softwares (even power user rights does not let the system install those software). Anyway so everyone has admin right on their local system, and they can do anything on that system.
But we have deployed Kaspersky Enterprise software as Anti virus, and when I tried to stop the service associated with this AV all the option are disabled. I even can't run the service under my logon name in the Service Name----->Properties------>Logon------->This account.
The AV server runs on one of our servers and the AV clients are installed on user's machines. They AV client gets its configuration from the AV server.
I am just wondering how I can deploy such kind of settings on any other service that even the local Admin cannot stop or start that service. How it is possible?