CA Privileged Identity Manager Tech Tip by Christian Lutz, Associate Support Engineer for March 22 2015.
Q: Why are the stop & restart options for PIM services grayed out in Windows Services?
A: Windows Administrators usually have the rights to start and stop most services on the system, but just because someone is a Windows Administrator doesn't mean they are an Administrator in PIM. Many of the protections that PIM provides are actually put into place to protect the system from possible abuse by system administrators. Due to this it is important to make sure that the abusive system administrators are not able to easily bypass the security rules by stopping the PIM services. The proper way to shutdown PIM is by using the command 'secons -s' from command prompt. This command will only allow users granted the proper permissions in PIM stop it, others will be denied and see this message: "You are not allowed to use option '-s'." (even if they are a Windows Administrator).
