M100750: Configuring managed device services in Group Policy


When the default security settings are applied for managed device services configured using Group Policy, machine scheduled events may not run. The solution is to give read access to the NETWORK SERVICE user.

This article describes how to configure the security settings for managed device services in Group Policy.

The "ManageSoft managed device" (ndinit) service is a core component of the managed device scheduling infrastructure. Among other things, it keeps track of the currently running SYSTEM instance of the ManageSoft task scheduler process (ndtask). If you have configured ndinit service behavior using Group Policy, additional configuration is required to support managed devices running Windows XP SP2.

When you configure the ndinit service using Group Policy, the default security access control list (ACL) gives Full Control to SYSTEM and Administrators only. In XP SP1 and earlier, this is sufficient. However in SP2, a change to the DCOM inter-process communication mechanism means that the NETWORK SERVICE user now needs read access to the ndinit service.

The attached file shows the dialog box settings for adding a user to the ACL in the ndinit service security settings in Group Policy.



Powered by Zendesk