Log if a script is stopped from Task Manager

[uchacker11]

I have a script to monitor a process on our computers and if the process has been idle for 4 hrs the script will kill the process.

The script works great except that users are opening Task Manager and killing the process. Is there a way to have the script log when the scripts process is killed?

[Jos]

Killing a process is what it is...it is interrupted without closing it nicely, so not much you can do here.

Why not run the process with elevated credentials which Users cannot kill?

[DicatoroftheUSA]

If they are non-admins, It is possible to run as a service. There might be a way via group policy to deny killing services, even if they are admins, I will have to check on that.

To log it, you could have it create a file on start-up, then delete it, when it shuts-down cleanly. Then you can use a separate script to remotely check if the process is not running, and if the file exists.

Another option, would be to set it as a client/server kind of thing, where the client constantly "chats" with a server script, and if it stops "chatting" then the server script, checks if the computer is still active.

However, the idea of your script makes me kind of nervous. In our environment, I could forsee that kind of script resulting in unexpected data loss.

Edited February 9, 2012 by DicatoroftheUSA

[uchacker11]

Thanks we are exploring options with permissions and group policy. I figured it wasn't really easy to implement but it was worth a shot.

The script could easily cause data loss if the users don't save, but I was told to make it this way so that we could reclaim the license that is being tied up.

Thanks for all the suggestions.

[JLogan3o13]

uchacker11, I had a similar request not too long ago from a customer, to build a Systray app that their folks couldn't exit. They were all XP machines so I used Microsoft's SRVANY.exe to bundle it as a system service, but allow it to interact with the user's desktop. That way, Administrators could kill the process but Users could not. You might Google srvany.exe if that sounds like what you're trying to accomplish.

[willichan]

The additional advantage to running as a service is that you can configure it in the services manager to restart the service automatically if the service either dies or is killed. Admins can still stop the service through the services manager, and have it stay off until restarted or rebooted.

[Skitty]

Old topic I know but no one seemed to have mentioned it, if you're savvy enough you can set a security descriptor to your script that would prevent this using SetKernelObjectSecurity, you can also set your process to system critical but that would be far to sketchy and overkill and is not something I would recommend as it will probably scare a user when they terminate the process, but setting a security descriptor that prevents certain users/admins from closing it is a better rout of action.