Remote workers at my company use a program to capture and store data. The program has a background service called the "scheduler" that connects to and transfers data back up to our home office on a predetermined schedule. We have a mixed environment of Win7/Win10 pro in a domain environment.
Every so often I notice that data uploads have not occurred in awhile. When I investigate the cause I almost always find the same issue. The scheduler service startup type has been changed from "automatic" to "manual" and the service is not running. I have tried working with the software vendor to determine the issue but they claim that there is nothing in their software that could alter the state or configuration of a Windows service, so it must be a Windows issue and thus outside the scope of their support...
The service runs as Local System and there are no dependencies. Something I did notice is that recovery options are all set to "Take no action" which explains why a service failure will not result in a restart, but does not explain the change in startup type.
My question is: What (besides direct user action) can cause a Windows service startup type to change?
My wild guesses are either group policy or AV.
I have created a windows scheduler task and written a batch file that checks to make sure the service is configured properly every time the user logs in but I would really like to figure out the root cause of the issue so I can fix it. Any help steering me in the right direction would be greatly appreciated.