Is there set of registry permissions we can manually enabled on a server 2008 server that would mimic enhanced protection?
This thread was automatically locked due to age.
Is there set of registry permissions we can manually enabled on a server 2008 server that would mimic enhanced protection?
You shouldn't be able to tamper with Sophos given the default permissions as a non-admin.
Enhanced Tamper Protection goes someway to blocking even administrative users from tampering when enabled as it uses a driver (sophosed.sys) to filter registry, file operations, etc, to block untrusted processes from making changes.
I don't see how you could do much to mimic this. Using group policy to control services might be one thing you could look into. Maybe use restricted groups to ensure only certain users are members of the local sophos groups, etc.
Regards,
Jak