Need a single-process soluton to prevent a normal user from terminating my process via Task Manager preferably by removing security rights from it. Admins are ok. WinXP solution needed.

ACL acl;
BOOL B = InitializeAcl(&acl, sizeof acl, ACL_REVISION);
int Xerr = SetSecurityInfo(GetCurrentProcess(), SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION, 0, 0, &acl, 0);

This is my existing code and it works properly on Windows 2000.  But on Windows XP, SetSecurityInfo() returns 0 (success) but the user can still terminate the process from task manager.

Having two processes keeping each other alive, or having one process launch another, is not an option.  The tool is ran on logon-script from a network share and without this process running, the company-wide internet filtering will deny all access to this user.  The idea here is to keep curious users from terminating the unknown process and generating helpdesk calls.

Why is this not working on Windows XP and what is a good solution?  I understand what DACLs do but using the SDK functions together to get what I want is more complex and maybe I'm not doing it right.
- Max
MaxRCannadayAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rant32Commented:
As far as I can tell the

DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION

part only prevents the process from inheriting access control entries, but the user is still the owner of the process and can thus terminate it. Maybe this behaviour is different from Windows 2000. All I know from SetSecurityInfo is from here:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/setsecurityinfo.asp

Can you set the owner to S-1-5-32-544 (Administrators SID) so users are not the owner of the process anymore?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MaxRCannadayAuthor Commented:
Generally speaking, when giving answers, it would be nice if examples on how to do it (properly) were included.  But this general answer was enough for me to solve the problem with a fair amount of research to figure out how to change the owner.

Thanks for the help.
0
Rant32Commented:
I'm not a programmer ;-)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.