How to disable the end user ability to stop the Endpoint Security service

Version 12

    Verified Product Versions

    Endpoint Manager 9.6Endpoint Manager 2016.xEndpoint Manager 2017.x

    This document illustrates how to lock down the EPS client so that the end user cannot change settings.


    This turns on the following safeguards:


    1. Prevent the right-click "Disable Protection" option.  This is done by adding a username and password.  This will also stop other attempted actions within the LANDESK EPS UI.
    2. Disable the ability to stop the Ivanti Endpoint Security service within the Windows Services applet
    3. Block attempts to go into safe mode to bypass Endpoint Security.


    In order to keep the end user from being able to stop the Ivanti Endpoint Security service perform the following steps:


    1. Open the top-level Endpoint Security setting you would like to edit.
    2. Go to the General Settings on the left.
    3. Check the box "Use a password for Administrator" and enter a password.
    4. Deselect the option "Allow Windows Service Control Manager to stop Ivanti Endpoint Security Service"
    5. Check the box next to "Enforce Ivanti Endpoint Security protection while in Safe Mode".



    In addition to provide added Security you can remove the icon in the start menu and taskbar notification areas and remove balloon tips by deselecting the options under the "Client interface" section pictured above.