Symantec Endpoint Protection: Adding Network Service to the Default Domain Controller Policy
|Article:TECH103704|||||Created: 2008-01-08|||||Updated: 2008-01-08|||||Article URL http://www.symantec.com/docs/TECH103704|
Trying to add "Network Service" to "Adjust Memory Quotas for a process" and "Replace a Process Level Token" on a domain controller.
The customer is running "gpedit.msc" on a domain controller.
- Attempting to edit the two policies listed above, but are unable to add a user or group.
To solve this issue, follow the below steps:
- Click Start> Control Panel> Active Directory Users and Computers from "Administrative tools."
- Right-click on the Domain Controller Organizational Unit and select Properties.
- When the "Domain Controllers Properties" window opens, select the Group Policy tab.
- Edit the "Default Domain Controller Policy."
- Go to windows settings> security settings> local policies> user rights assignment.
- Edit "Adjust Memory Quotas for a Process" and "Replace a Process Level Token"
- Add "Network Service" to the two policies.
- Restart the computer after applying the changes.
Note: The command gpupdate.exe /force can be run. However this does not always update the policy in a timely manner. It can either wait for the policy to update or restart the computer.
"Symantec Endpoint Protection Manager 11.x communication troubleshooting." at:
Article URL http://www.symantec.com/docs/TECH103704