?
Solved

Need a single-process soluton to prevent a normal user from terminating my process via Task Manager preferably by removing security rights from it.  Admins are ok.  WinXP solution needed.

Posted on 2006-04-13
3
Medium Priority
?
282 Views
Last Modified: 2013-12-04
ACL acl;
BOOL B = InitializeAcl(&acl, sizeof acl, ACL_REVISION);
int Xerr = SetSecurityInfo(GetCurrentProcess(), SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION, 0, 0, &acl, 0);

This is my existing code and it works properly on Windows 2000.  But on Windows XP, SetSecurityInfo() returns 0 (success) but the user can still terminate the process from task manager.

Having two processes keeping each other alive, or having one process launch another, is not an option.  The tool is ran on logon-script from a network share and without this process running, the company-wide internet filtering will deny all access to this user.  The idea here is to keep curious users from terminating the unknown process and generating helpdesk calls.

Why is this not working on Windows XP and what is a good solution?  I understand what DACLs do but using the SDK functions together to get what I want is more complex and maybe I'm not doing it right.
- Max
0
Comment
Question by:MaxRCannaday
  • 2
3 Comments
 
LVL 12

Accepted Solution

by:
Rant32 earned 2000 total points
ID: 16459819
As far as I can tell the

DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION

part only prevents the process from inheriting access control entries, but the user is still the owner of the process and can thus terminate it. Maybe this behaviour is different from Windows 2000. All I know from SetSecurityInfo is from here:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/setsecurityinfo.asp

Can you set the owner to S-1-5-32-544 (Administrators SID) so users are not the owner of the process anymore?
0
 

Author Comment

by:MaxRCannaday
ID: 16461432
Generally speaking, when giving answers, it would be nice if examples on how to do it (properly) were included.  But this general answer was enough for me to solve the problem with a fair amount of research to figure out how to change the owner.

Thanks for the help.
0
 
LVL 12

Expert Comment

by:Rant32
ID: 16461652
I'm not a programmer ;-)
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses
Course of the Month7 days, 5 hours left to enroll

592 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question