sbonacina Posted December 3, 2010 Share Posted December 3, 2010 Hello everybody I work for a company which has an internal windows network. EMployees work as non privileged users. I've been asked by my boss to write a program which: - remaps some users keymap at logon; - the remapping can be set or unset by the administrator without rebooting the machine. I'm able to write a script that, once launched, is able to remap some keys, and I studied a technique to enable the remapping via remote. Setting the right registry entry, I can run the script at user logon. Now I want to disable the user to kill this script: some users are able (and ingenuous) enough to do that. If the program is run at startup with user's privileges, it can be killed. Does anyone have a good idea on how to run it in order not to be killed, except by the administrator? Thanks to whom might reply cheers stefano Link to comment Share on other sites More sharing options...
Richard Robertson Posted December 3, 2010 Share Posted December 3, 2010 Running it under an account with higher privileges is the only way to keep standard users from killing it. I'd suggest running it as a service. Link to comment Share on other sites More sharing options...
sbonacina Posted December 3, 2010 Author Share Posted December 3, 2010 I wrote a script which runs the program which remaps the keyboard. Using runas I'm able to run it as administrator, but unfortunately the normal user is able to kill it. Actually, I never thought to run it as a service, mostly because I don't know hot to make a service interact with the GUI. I do perform some search on it. Thanks for the hint Link to comment Share on other sites More sharing options...
Richard Robertson Posted December 3, 2010 Share Posted December 3, 2010 Using RunAs doesn't give a script administrative power, it just uses the account. Link to comment Share on other sites More sharing options...
sbonacina Posted December 4, 2010 Author Share Posted December 4, 2010 Ok, Richard, I'll go for the service. I'll post a request on the GUI forum, then. Thanks very much stefano Link to comment Share on other sites More sharing options...
MvGulik Posted December 4, 2010 Share Posted December 4, 2010 Mmm ... Hi. Dark skeptical thinker here. Any good background reason's why its imperative to remap some keys, and to prevent the user from disabling it. (other than "boss asked me" of course.) "Straight_and_Crooked_Thinking" : A "classic guide to ferreting out untruths, half-truths, and other distortions of facts in political and social discussions.""The Secrets of Quantum Physics" : New and excellent 2 part documentary on Quantum Physics by Jim Al-Khalili. (Dec 2014) "Believing what you know ain't so" ... Knock Knock ... Link to comment Share on other sites More sharing options...
sbonacina Posted December 4, 2010 Author Share Posted December 4, 2010 I need to remap keys because we need to avoid print screen and to enable it on demand, and we want to do it just when users run specific critical applications. It's not doable to set new key map inside the registry, because sometimes users need to print their screen, and I want to avoid to reboot the machine each time I modify the registry. So, I thought about a service which takes care of the mapping each time a specific app is run. Any good hint? Link to comment Share on other sites More sharing options...
iamtheky Posted December 4, 2010 Share Posted December 4, 2010 reset their shortcuts to point at an exe that -maps the keys -launches the actual exe -waits for that process to close and unmaps the keys -exit ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__) Link to comment Share on other sites More sharing options...
sbonacina Posted December 4, 2010 Author Share Posted December 4, 2010 @iamtheky: in that way, a user is still able to kill the parent process and so unmap the keys. I want to avoid that a normal user with basic technical skills is able to: - kill the process that maps the keys; - map the keys by himself (this can be done with a background process which continuously remaps keys). Link to comment Share on other sites More sharing options...
sbonacina Posted December 15, 2010 Author Share Posted December 15, 2010 (edited) Does anyone have an idea? thanks Edited December 15, 2010 by sbonacina Link to comment Share on other sites More sharing options...
JoHanatCent Posted December 15, 2010 Share Posted December 15, 2010 You can hide your process! Link to comment Share on other sites More sharing options...
PartyPooper Posted December 16, 2010 Share Posted December 16, 2010 Unfortunately, since almost all Windows users are able to CTRL-ALT-DEL and kill processes, it would be a PITA to write an un-killable script without turning it into a rootkit type of program, however, you could easily write a hidden script that automatically restarts your keymapping script and alerts the Admin whenever a user deliberately kills it. At least then you would: 1). know who's doing it, and 2). identify those you need to keep an eye on Link to comment Share on other sites More sharing options...
Bert Posted December 16, 2010 Share Posted December 16, 2010 You could have a second process watch the first process. If the first one is killed, the second one restarts it. I would also have an alert sent to you when someone tries to kill it. That way you know who is hacking your app. The Vollatran project  My blog: http://www.vollysinterestingshit.com/ Link to comment Share on other sites More sharing options...
4Eyes Posted December 16, 2010 Share Posted December 16, 2010 You can easily disable task manager via policy or reg key. Let's see... hkcu/software/microsoft/windows/currentversion/policies create a DWORD value called DisableTaskMgr = 1 means no task manager, = 0 means t/m can run. 4Eyes Link to comment Share on other sites More sharing options...
PartyPooper Posted December 16, 2010 Share Posted December 16, 2010 You could have a second process watch the first process. If the first one is killed, the second one restarts it. I would also have an alert sent to you when someone tries to kill it. That way you know who is hacking your app.Wow, thought I'd double posted for a second there until I checked the author :-)You can easily disable task manager via policy or reg key. Let's see...hkcu/software/microsoft/windows/currentversion/policies create a DWORD value called DisableTaskMgr = 1 means no task manager, = 0 means t/m can run.4EyesAnd you can restrict access to the registry just as easily. Link to comment Share on other sites More sharing options...
steff Posted January 13, 2011 Share Posted January 13, 2011 Sorry for the late response and thanks for all the replies. I think I'll disable the task manager, so the user will not be able to kill its processes. Also the watchdog process can be a good idea: I need to think about it. Thanks again stefano Link to comment Share on other sites More sharing options...
steff Posted January 19, 2011 Share Posted January 19, 2011 Sorry for the late response and thanks for all the replies.I think I'll disable the task manager, so the user will not be able to kill its processes.Also the watchdog process can be a good idea: I need to think about it.Thanks againstefanoSome progress: I think the watchdog solution is the best one.So, I wrote a simple service to monitor if a desktop program is running. If not, it should be run it.The problem occurs when I need to run the desktop program, I mean, execute a program under the credentials of the interactive user that is logged on to the system. This will allow the executed application to run and interact with the user.I need to write a routine that launches the program in the current user's window station.I found something for Delphi ( --> http://www.delphipages.com/forum/archive/index.php/t-208261.html, please, see the Hitman entry at the bottom), and I'm trying to translate it into Autoit.Did anyone do something with AUtoit?Thanks againstefano Link to comment Share on other sites More sharing options...
ItsMillertime4u Posted January 21, 2011 Share Posted January 21, 2011 Couldn't you excute the program and then remove the privileges to that prcoess to the logged on user? this would remove their ability to kill the process. Link to comment Share on other sites More sharing options...
steff Posted January 28, 2011 Share Posted January 28, 2011 Couldn't you excute the program and then remove the privileges to that prcoess to the logged on user? this would remove their ability to kill the process.This is a nice hint: anyway I'm still looking at how to do it.How can I remove such privileges for a running Windows program?Thanks again Link to comment Share on other sites More sharing options...
JoHanatCent Posted January 28, 2011 Share Posted January 28, 2011 Question to Stefano. Is steff = sbonacina? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now