Symantec Endpoint Protection: Adding Network Service to the Default Domain Controller Policy

Article:TECH103704  |  Created: 2008-01-08  |  Updated: 2008-01-08  |  Article URL
Article Type
Technical Solution


Trying to add "Network Service" to "Adjust Memory Quotas for a process" and "Replace a Process Level Token" on a domain controller.

The customer is running "gpedit.msc" on a domain controller.
  • Attempting to edit the two policies listed above, but are unable to add a user or group.


To solve this issue, follow the below steps:
  1. Click Start> Control Panel> Active Directory Users and Computers from "Administrative tools."
  2. Right-click on the Domain Controller Organizational Unit and select Properties.
  3. When the "Domain Controllers Properties" window opens, select the Group Policy tab.
  4. Edit the "Default Domain Controller Policy."
    1. Go to windows settings> security settings> local policies> user rights assignment.
    2. Edit "Adjust Memory Quotas for a Process" and "Replace a Process Level Token"

  5. Add "Network Service" to the two policies.
  6. Restart the computer after applying the changes.

Note: The command gpupdate.exe /force can be run. However this does not always update the policy in a timely manner. It can either wait for the policy to update or restart the computer.

"Symantec Endpoint Protection Manager 11.x communication troubleshooting." at:

Legacy ID


Article URL

Terms of use for this information are found in Legal Notices