locked
Shutting down FCS processes (not services via GPO or OU) in task manager by local admins RRS feed

  • Question

  • Hi,

    Just wonder if there's any way to prevent the FCS processes (MsMpEng.exe, MSASCui.exe) shut down by local admins on the local workstation?  I can kill both processes within the task manager tab with "end process" option.  I did check the FCS tamper protection prior this post and they didn't cover that (http://blogs.microsoft.co.il/blogs/yanivf/archive/2009/01/09/temper-protection-in-forefront-client-security.aspx).  That article only covered the FCS services lock down via the GPO.  Is there a solution to secure the FCS processes?  I already did secure all the FCS services via the AD GPO.  Any suggestion will be appreciate.  Great day

     

    Monday, May 10, 2010 6:40 PM

Answers

  • Hi,

     

    Thank you for the post.

     

    In My Humble Opinion, any battle for trying to prevent Administrators to do something on the machine is a lost battle. We suggest you avoid having the users being administrator in the first place, if possible.

     

    Regards,


    Nick Gu - MSFT
    Friday, May 14, 2010 7:00 AM

All replies

  • Hi,

     

    Thank you for the post.

     

    In My Humble Opinion, any battle for trying to prevent Administrators to do something on the machine is a lost battle. We suggest you avoid having the users being administrator in the first place, if possible.

     

    Regards,


    Nick Gu - MSFT
    Friday, May 14, 2010 7:00 AM
  • Hi,

    Thanks for your comment on this issue.  Taking away local admin is not fully possible within my work place specially the R&D department.  I hope the FCS will have the password protection feature later on when the version 2 is ready.  Some anti-virus solutions currently in the market now did offer a password protection for both the agent & the thick client so nobody can tamper anything (services or process) without the specific password configured by domain admins.  Anyways... thanks again.  Great day.

    Friday, May 14, 2010 4:14 PM