Block a user's availability to disable a specific Windows Service (using CIS)

Hello,

I understand that a user permission should be based to the OS, instead of the protection software (CIS).
For example, in Windows, a user profile could be change from Administrator to Limited User, blocking availabilities to change the time, enable or disable services, etc.

The problem I’m having is that I cannot change the type of Window user for many reasons. I’m only looking to block the user’s availability to not be able to disable only ONE service (service must always run). Understanding that CIS protects some areas like File and Folders, Registry Keys, COM Interfaces, etc… I thought there could be a way or tweak that can be used through CIS to block the user request to disable that specific Windows Service.

Does anyone know how could I achieve that?

try this (video) and disable task manger through the registry.

should block access to changing or killing the service. of coarse there are ways around it but should deter most users.

[attachment deleted by admin]

Thank you sAyer. I am not trying to disable task manager.
I am trying to find a way to block a user from disabling ONE specific windows service.

Ok when you say Windows service is it a separate service or handled via svchost.exe ?

A separate service (thank you!)

maybe this ? Anyway good luck.

[attachment deleted by admin]

Interesting! Thanks a lot.

I found out that the service its handed via svchost.exe, sorry. :embarassed:

Do you think this procedure you kindly sent me, could me modified somehow for the new scenario?