1

I've read a lot of similar questions on SO but haven't found an answer

I need to run a separate process from a windows service in logged in user's session but under system account, thus user cannot terminate the process

I need this process to interact with desktop for supervising purposes.

the main goal is to prevent user to terminate the process.

Andriy Tylychko
  • 15,967
  • 6
  • 64
  • 112
  • **This is not possible.** Windows Services cannot "interact with [the] desktop". Even running as the `SYSTEM` account (which is a terrible idea; it has the name "System" for a reason) doesn't mean that the user will be unable to terminate the process. Anyone with administrative privileges can terminate those processes as well. This is not a programming problem. It is one you need to solve through the use of Group Policies. Ask questions about that over on Server Fault. – Cody Gray - on strike Jul 27 '11 at 08:57

2 Answers2

2

If you run an interactive applications (having GUI or not), from currently logged in user account - the end user (having Admin rights) may terminate the process. You either need to keep it as SYSTEM service, or remove all DACL/ACL information from the process using SetKernelObjectSecurity.

Ajay
  • 18,086
  • 12
  • 59
  • 105
  • +1, interesting. Cannot user w/o admin rights terminate a process that is launched under this user, can it? I cannot keep my interactive app as a service, so let's check `SetKernelObjectSecurity`. Should I use it from my service just after creating child process? Will this forbid child process terminating (is run under logged-in user account) by logged-in user? – Andriy Tylychko Jul 26 '11 at 15:04
-1

actually there's much simpler way to achieve the same: to prevent process termination by user w/o special privileges (like admin rights)

after long digging I found acceptable answer here: Prevent user process from being killed with "End Process" from Process Explorer

works fine if you're logged in as a regular user, you cannot kill the process from Process Explorer. Admin still can kill it because has sufficient privileges. it's exactly what I needed

Community
  • 1
  • 1
Andriy Tylychko
  • 15,967
  • 6
  • 64
  • 112
  • 1
    Ugh, I'm so tired of people writing applications like this. – Cody Gray - on strike Jul 27 '11 at 08:57
  • oh, I'm so tired to explain that there're completely legal requirements to do this from corporate sector. would you recommend me to reject them just because it's not so ethical? – Andriy Tylychko Jul 27 '11 at 09:14
  • 2
    It's not about being ethical. This is the same tired argument everyone makes: "But my boss said I had to do it!" No one ever stops to think that maybe they're solving the problem the wrong way. No one said they ever had to do it by writing their own program/implementation. Windows includes built-in support for locking down workstations. Always use that instead of rolling your own custom solution. It's a huge security risk. If your bosses understood that, they'd fire you for not telling them better. Ignorance is not a legitimate excuse, either from the "corporate sector" or from the programmer. – Cody Gray - on strike Jul 27 '11 at 09:17
  • maybe it's worth your effort to explain that "locking down workstation" method and how it can help? – Andriy Tylychko Jul 27 '11 at 09:20
  • 1
    Unlikely. My experience is people who try to do things like this aren't particularly amicable to learning better ways, much less having the foundation of their project challenged. It's also off-topic here. This is not a programming problem, it's a system administration problem. The first time you meet a user who knows how to work Google, they'll figure out how to kill your app and have full access to whatever it was you're trying to keep them out of. Solutions like this are extremely fragile and only likely to keep out casual hackers. In which case, management policies probably work better. – Cody Gray - on strike Jul 27 '11 at 09:21
  • also there's different circumstances, e.g. in my case it's impossible to manage network administrator to make any changes just to support our 3rd-party tool we sell them. so I'm looking for a realistic solution and I found it. it was a programming question and an right answer, at least it's acceptable for my needs. so why it's so bad? just because you know better solution that is not acceptable for my needs? – Andriy Tylychko Jul 27 '11 at 09:25
  • Mainly because it doesn't actually work. But if you're happy, that's cool. This is why I didn't take the time to post an answer. Usually not what the person asking the question wants to hear, even if it's the only real solution to their problem. – Cody Gray - on strike Jul 27 '11 at 09:29