This article describes how to configure the security settings for managed device services in Group Policy.
The "ManageSoft managed device" (ndinit) service is a core component of the managed device scheduling infrastructure. Among other things, it keeps track of the currently running SYSTEM instance of the ManageSoft task scheduler process (ndtask). If you have configured ndinit service behavior using Group Policy, additional configuration is required to support managed devices running Windows XP SP2.
When you configure the ndinit service using Group Policy, the default security access control list (ACL) gives Full Control to SYSTEM and Administrators only. In XP SP1 and earlier, this is sufficient. However in SP2, a change to the DCOM inter-process communication mechanism means that the NETWORK SERVICE user now needs read access to the ndinit service.
The attached file shows the dialog box settings for adding a user to the ACL in the ndinit service security settings in Group Policy.