Jump to content

Log if a script is stopped from Task Manager

Recommended Posts

I have a script to monitor a process on our computers and if the process has been idle for 4 hrs the script will kill the process.

The script works great except that users are opening Task Manager and killing the process. Is there a way to have the script log when the scripts process is killed?

Link to post
Share on other sites
  • Developers

Killing a process is what it is...it is interrupted without closing it nicely, so not much you can do here.

Why not run the process with elevated credentials which Users cannot kill?

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
Live for the present,
Dream of the future,
Learn from the past.

Link to post
Share on other sites

If they are non-admins, It is possible to run as a service. There might be a way via group policy to deny killing services, even if they are admins, I will have to check on that.

To log it, you could have it create a file on start-up, then delete it, when it shuts-down cleanly. Then you can use a separate script to remotely check if the process is not running, and if the file exists.

Another option, would be to set it as a client/server kind of thing, where the client constantly "chats" with a server script, and if it stops "chatting" then the server script, checks if the computer is still active.

However, the idea of your script makes me kind of nervous. In our environment, I could forsee that kind of script resulting in unexpected data loss.

Edited by DicatoroftheUSA
Link to post
Share on other sites

Thanks we are exploring options with permissions and group policy. I figured it wasn't really easy to implement but it was worth a shot.

The script could easily cause data loss if the users don't save, but I was told to make it this way so that we could reclaim the license that is being tied up.

Thanks for all the suggestions.

Link to post
Share on other sites
  • Moderators

uchacker11, I had a similar request not too long ago from a customer, to build a Systray app that their folks couldn't exit. They were all XP machines so I used Microsoft's SRVANY.exe to bundle it as a system service, but allow it to interact with the user's desktop. That way, Administrators could kill the process but Users could not. You might Google srvany.exe if that sounds like what you're trying to accomplish.

"Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball

How to get your question answered on this forum!

Link to post
Share on other sites

The additional advantage to running as a service is that you can configure it in the services manager to restart the service automatically if the service either dies or is killed. Admins can still stop the service through the services manager, and have it stay off until restarted or rebooted.

Link to post
Share on other sites
  • 1 month later...

Old topic I know but no one seemed to have mentioned it, if you're savvy enough you can set a security descriptor to your script that would prevent this using SetKernelObjectSecurity, you can also set your process to system critical but that would be far to sketchy and overkill and is not something I would recommend as it will probably scare a user when they terminate the process, but setting a security descriptor that prevents certain users/admins from closing it is a better rout of action.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...