Doing some testing today with the LEM agent (I am demoing LEM for 30 days) I noticed that the service is stoppable by a local admin to the host it is installed on. Windows event log (thus LEM console) simply logs it as the service stopping but does not provide a user account that gave the command. This is obviously an issue as anyone that gains this level of access can simply stop the service then go about their devious business. Has anyone seen this and\or come up with some kind of solution?