Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Restricting control of the Deep Security 8.0 agent service

    • Updated:
    • 6 Oct 2015
    • Product/Version:
    • Deep Security 8.0
    • Platform:
    • Windows 2000 Professional
    • Windows 2003 Standard Server Edition
    • Windows 2008 Standard Server Edition
    • Windows Vista 32-bit
    • Windows XP Home
Summary

When you install Deep Security, the Third Brigade Deep Security service is created in Microsoft Windows. This service is used to control the agent and can also be used to stop the protection.

Within a Microsoft Active Directory Infrastructure, a group policy can be applied to restrict control of this service to a group of users.

Details
Public

To restrict control of the Deep Security Agent service, you need to create a new group policy object (GPO). This GPO will then be applied to the workstations or servers where control of the service needs to be restricted.

The requirements needed to make a new GPO are as follows:

  • Active Directory Group with Authorized Users
  • Microsoft Active Directory and Users installed on the same machine as Deep Security Agent

The following steps will define a GPO for the entire domain.

  1. Open the Active Directory Users and Computers.
  2. Right-click the domain and then select Properties.
  3. Go to the Group Policy tab and then click New.
  4. Enter “Third Brigade Service Control” as the group policy name.
  5. Select the group policy and then click Edit.
  6. Go to Computer Configuration > Windows Settings > Security Settings > System Services.
  7. From the list of services, right-click Third Brigade Deep Security Agent and then click Properties.
  8. Select Define this policy settings and then choose Automatic from the service startup mode.
  9. Remove Administrators from the list and then add the Active Directory group containing the authorized users. Grant this group Full Control.
  10. Select the group policy object.

An update of the group policy will occur based on the settings configured within Active Directory. An update can be forced on the server or workstation by running “gpupdate /force” from the command line.

Premium
Internal
Rating:
Category:
Configure
Solution Id:
1054548
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.