I’ve been asked several times in the past by colleagues about what I typically use to disable services on domain joined Windows desktops or servers and my response is that it depends. One of the ways through the use of importing Security Templates, which I’ve used in the past is demonstrated in this old blog post:
Creating a new security policy and applying it via GPO to disable VMware View 5.0 Thinprint’s “TP AutoConnect Service” and “TP VC Gateway Service” service
https://blog.terenceluk.com/2012/03/creating-new-security-policy-and.html
In the event that using the Security Template is not a viable option then I would use a GPO to apply a batch file as a startup script. The following is an example of the breakdown of what the batch file does to disable the TightVNC service:
- Check to see if the TightVNC service exists
- If TightVNC service exists then:
- Set service to disabled
- Gracefully stop service
- Taskkill the service
- If it doesn’t exist then do nothing
The following are the actual commands in the batch file that can be modified for any Windows service:
@echo off
REM — Set variables for service name and task manager process
SET serviceName=tvnserver
SET taskManagerProcess=tvnserver.exe
REM — Test to see if service exists in the services console
SC QUERY %serviceName% > NUL
IF ERRORLEVEL 1060 GOTO MISSING
REM — Set service to disabled, gracefully stop service and taskkill process
sc config %serviceName% start= disabled
net stop %serviceName%
taskkill /im %taskManagerProcess% /f
REM — ECHO Disabled and stopped TightVNC
GOTO END