This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 19%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
I've created a Group Policy Object nested at the top of the tree and applied a test Security Group containing one PC.
In the GPO I did: Computer Configuration > Policies > Windows Settings > Security Settings > System Services
In there I set 4 Cisco Secure Client *(formerly AnyConnect) services to "Disabled" and also gave the user *(INTERACTIVE) permissions to re-enable the service if they need to.
I can see from the output of gpresult /r that the PC is receiving the policy under Computer Policies. But after MANY reboots, the services are never stopped.
Any ideas why these services wouldn't be getting stopped? If I were to manually disable these services they are stopped just fine and remain disabled after reboots. So not sure why the GPO isn't doing what it's supposed to.
We also just tried this using a Powershell script, and that seemed to work on my second reboot. As a Startup script.
But, I'd really like to know why the actual service disabling isn't working, using the method in the screenshot.
Thanks in Advance,
Matt
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 62%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDZ%3C/text%3E%3C/svg%3E)
Hello Matt,
Thank you for posting in Q&A forum.
Based on the description "But after MANY reboots, the services are never stopped.", does the problem occur only once? If so, maybe the user that has permission to manage these system services changed the system services status.
You can also try to export the gpresult file and check the system service status when the problem reoccurs again.
For checking Computer Configuration within gpresult, we can follow steps below. Logon this machine using administrator account. Open CMD (run as Administrator). Type gpresult /h C:\gpo.html and click Enter. Open gpo.html and check gpo setting (service status) under "Computer Details".
And you can also try to run gpupda /force to update GPO setting when the problem reoccurs again.
It means if some one change the gpo setting on workstation manually, then it will refresh the GPO setting with domain GPO.
https://learn.microsoft.com/en-us/troubleshoot/windows-server/group-policy/configure-group-policies-set-security
If the Answer is helpful, please click "Accept Answer" and upvote it.