Symantec Endpoint Protection: Adding Network Service to the Default Domain Controller Policy

Article:TECH103704  |  Created: 2008-01-08  |  Updated: 2008-01-08  |  Article URL http://www.symantec.com/docs/TECH103704
Article Type
Technical Solution


Issue



Trying to add "Network Service" to "Adjust Memory Quotas for a process" and "Replace a Process Level Token" on a domain controller.

Symptoms
The customer is running "gpedit.msc" on a domain controller.
  • Attempting to edit the two policies listed above, but are unable to add a user or group.



Solution



To solve this issue, follow the below steps:
  1. Click Start> Control Panel> Active Directory Users and Computers from "Administrative tools."
  2. Right-click on the Domain Controller Organizational Unit and select Properties.
  3. When the "Domain Controllers Properties" window opens, select the Group Policy tab.
  4. Edit the "Default Domain Controller Policy."
    1. Go to windows settings> security settings> local policies> user rights assignment.
    2. Edit "Adjust Memory Quotas for a Process" and "Replace a Process Level Token"

  5. Add "Network Service" to the two policies.
  6. Restart the computer after applying the changes.

Note: The command gpupdate.exe /force can be run. However this does not always update the policy in a timely manner. It can either wait for the policy to update or restart the computer.


References
"Symantec Endpoint Protection Manager 11.x communication troubleshooting." at:

http://service1.symantec.com/support/ent-security.nsf/docid/2007101711103548




Legacy ID



2008010816442248


Article URL http://www.symantec.com/docs/TECH103704


Terms of use for this information are found in Legal Notices