Sign in to follow this  
Followers 0
twinnis

Delete All process for a specific user?

4 posts in this topic

Hi.

Im working on a SU for windows and it works fine. And for security reasons I would like to delete all processes for a specific user when i switch from user with adminrights.

I tried using the taskkill.exe in windows XP. But it doesn´t work to run from .au3 script.

The taskkill commandline: taskkill.exe /f /fi "USERNAME eq %username% /IM *.

I tried to use it with runwait, but i doesn't work. Yes, I could make a *.bat and use Run/Runwait. But I would like to delete every process for a specific user with .au3 script.

So, is it possible using Autoit to delete all processes for a specific user?

Best regards

Twinnis

Share this post


Link to post
Share on other sites



Hi.

Im working on a SU for windows and it works fine. And for security reasons I would like to delete all processes for a specific user when i switch from user with adminrights.

I tried using the taskkill.exe in windows XP. But it doesn´t work to run from .au3 script.

The taskkill commandline: taskkill.exe /f /fi "USERNAME eq %username% /IM *.

I tried to use it with runwait, but i doesn't work. Yes, I could make a *.bat and use Run/Runwait. But I would like to delete every process for a specific user with .au3 script.

So, is it possible using Autoit to delete all processes for a specific user?

Best regards

Twinnis

have you tried ProcessClose?

1100111 00001011101111 00011101101111 00010111100100 00001111110100 00110111110010 00101101111001 0011100i didn't make up this form of encryption, but i like it.credit to the lvl 6 challenge on arcanum.co.nz

Share this post


Link to post
Share on other sites

Hi.

Yes I am using processclose to delete the explorer to change user but I want to kill every process for a specific user.

Here is my idea.

1. I logon as a regular User with no adminrights what so ever. The User have a problem that needs adminrights to fix.

2. I Close the explorer for regular User.

3. Start a new explorer using RunAsSet with a domainadmin.

4. When I am finished fixing the problem with my adminuser I want to kill every process started with my adminuser, including explorer.

5. Restart explorer as my regular user.

This means that I dont have to log the User off, then logon as admin and then logon again as user to test if the problem is fixed. Because the users programs are still running. Every administrator knows how irritating it is to wait for a user to logon after their work is done to test. They often talks in telephone or is out somewhere to smoke. This way I dont have to wait for User since there programs still are running.

The script works really nice so far, until I discovered that process that i forgot to close before I close explorer(logoff) still runs after I restart explorer for the regular user. Thats a security problem :P.

So, is there a way using procesclose or anyother command to close ALL processes for a specific user?

Best regards

Twinnis

Share this post


Link to post
Share on other sites

Hi.

Yes I am using processclose to delete the explorer to change user but I want to kill every process for a specific user.

Here is my idea.

1. I logon as a regular User with no adminrights what so ever. The User have a problem that needs adminrights to fix.

2. I Close the explorer for regular User.

3. Start a new explorer using RunAsSet with a domainadmin.

4. When I am finished fixing the problem with my adminuser I want to kill every process started with my adminuser, including explorer.

5. Restart explorer as my regular user.

This means that I dont have to log the User off, then logon as admin and then logon again as user to test if the problem is fixed. Because the users programs are still running. Every administrator knows how irritating it is to wait for a user to logon after their work is done to test. They often talks in telephone or is out somewhere to smoke. This way I dont have to wait for User since there programs still are running.

The script works really nice so far, until I discovered that process that i forgot to close before I close explorer(logoff) still runs after I restart explorer for the regular user. Thats a security problem :P.

So, is there a way using procesclose or anyother command to close ALL processes for a specific user?

Best regards

Twinnis

if i remember correctly, sysinternals.com has something that will display all processes, owners etc, that you should be able to integrate pretty easily to find out which processes belong to admin and then processclose them each. if you search the forums here, i think someone may have a working script that you can adapt.

1100111 00001011101111 00011101101111 00010111100100 00001111110100 00110111110010 00101101111001 0011100i didn't make up this form of encryption, but i like it.credit to the lvl 6 challenge on arcanum.co.nz

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0