Jump to content

Running a program that can't be killed by a normal user


Recommended Posts

Hello everybody

I work for a company which has an internal windows network.

EMployees work as non privileged users.

I've been asked by my boss to write a program which:

- remaps some users keymap at logon;

- the remapping can be set or unset by the administrator without rebooting the machine.

I'm able to write a script that, once launched, is able to remap some keys, and I studied a technique to enable the remapping via remote.

Setting the right registry entry, I can run the script at user logon.

Now I want to disable the user to kill this script: some users are able (and ingenuous) enough to do that.

If the program is run at startup with user's privileges, it can be killed.

Does anyone have a good idea on how to run it in order not to be killed, except by the administrator?

Thanks to whom might reply

cheers

stefano

Link to comment
Share on other sites

I wrote a script which runs the program which remaps the keyboard. Using runas I'm able to run it as administrator, but unfortunately the normal user is able to kill it.

Actually, I never thought to run it as a service, mostly because I don't know hot to make a service interact with the GUI.

I do perform some search on it.

Thanks for the hint

Link to comment
Share on other sites

Mmm ...

Hi. Dark skeptical thinker here.

Any good background reason's why its imperative to remap some keys, and to prevent the user from disabling it. (other than "boss asked me" of course.)

"Straight_and_Crooked_Thinking" : A "classic guide to ferreting out untruths, half-truths, and other distortions of facts in political and social discussions."
"The Secrets of Quantum Physics" : New and excellent 2 part documentary on Quantum Physics by Jim Al-Khalili. (Dec 2014)

"Believing what you know ain't so" ...

Knock Knock ...
 

Link to comment
Share on other sites

I need to remap keys because we need to avoid print screen and to enable it on demand, and we want to do it just when users run specific critical applications.

It's not doable to set new key map inside the registry, because sometimes users need to print their screen, and I want to avoid to reboot the machine each time I modify the registry.

So, I thought about a service which takes care of the mapping each time a specific app is run.

Any good hint?

Link to comment
Share on other sites

reset their shortcuts to point at an exe that

-maps the keys

-launches the actual exe

-waits for that process to close and unmaps the keys

-exit

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Link to comment
Share on other sites

@iamtheky: in that way, a user is still able to kill the parent process and so unmap the keys.

I want to avoid that a normal user with basic technical skills is able to:

- kill the process that maps the keys;

- map the keys by himself (this can be done with a background process which continuously remaps keys).

Link to comment
Share on other sites

  • 2 weeks later...

Unfortunately, since almost all Windows users are able to CTRL-ALT-DEL and kill processes, it would be a PITA to write an un-killable script without turning it into a rootkit type of program, however, you could easily write a hidden script that automatically restarts your keymapping script and alerts the Admin whenever a user deliberately kills it. At least then you would:

1). know who's doing it, and

2). identify those you need to keep an eye on

Link to comment
Share on other sites

You can easily disable task manager via policy or reg key. Let's see...

hkcu/software/microsoft/windows/currentversion/policies create a DWORD value called DisableTaskMgr = 1 means no task manager, = 0 means t/m can run.

4Eyes

Link to comment
Share on other sites

You could have a second process watch the first process. If the first one is killed, the second one restarts it. I would also have an alert sent to you when someone tries to kill it. That way you know who is hacking your app.

Wow, thought I'd double posted for a second there until I checked the author :-)

You can easily disable task manager via policy or reg key. Let's see...

hkcu/software/microsoft/windows/currentversion/policies create a DWORD value called DisableTaskMgr = 1 means no task manager, = 0 means t/m can run.

4Eyes

And you can restrict access to the registry just as easily.
Link to comment
Share on other sites

  • 4 weeks later...

Sorry for the late response and thanks for all the replies.

I think I'll disable the task manager, so the user will not be able to kill its processes.

Also the watchdog process can be a good idea: I need to think about it.

Thanks again

stefano

Link to comment
Share on other sites

Sorry for the late response and thanks for all the replies.

I think I'll disable the task manager, so the user will not be able to kill its processes.

Also the watchdog process can be a good idea: I need to think about it.

Thanks again

stefano

Some progress: I think the watchdog solution is the best one.

So, I wrote a simple service to monitor if a desktop program is running. If not, it should be run it.

The problem occurs when I need to run the desktop program, I mean, execute a program under the credentials of the interactive user that is logged on to the system. This will allow the executed application to run and interact with the user.

I need to write a routine that launches the program in the current user's window station.

I found something for Delphi ( --> http://www.delphipages.com/forum/archive/index.php/t-208261.html, please, see the Hitman entry at the bottom), and I'm trying to translate it into Autoit.

Did anyone do something with AUtoit?

Thanks again

stefano

Link to comment
Share on other sites

Couldn't you excute the program and then remove the privileges to that prcoess to the logged on user? this would remove their ability to kill the process.

This is a nice hint: anyway I'm still looking at how to do it.

How can I remove such privileges for a running Windows program?

Thanks again

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...