EKRN.EXE
-
To extend Eddy's answer, why are you making users Administrators? That's a really dangerous practice, and should be discouraged.
*pre-emptive celebratory nipple tassle jiggle* - Sean Ewington
"Mind bleach! Send me mind bleach!" - Nagy Vilmos
My blog | My articles | MoXAML PowerToys | Mole 2010 - debugging made easier - my favourite utility
-
Is this an organisational thing? Most organisations that I know prevent users from adding/removing programs and require central management of applications; which means that the user cannot add "dodgy" applications themselves. If you allow people to pick their own applications, you are opening up a particularly nasty can of worms there.
*pre-emptive celebratory nipple tassle jiggle* - Sean Ewington
"Mind bleach! Send me mind bleach!" - Nagy Vilmos
My blog | My articles | MoXAML PowerToys | Mole 2010 - debugging made easier - my favourite utility
-
Is this an organisational thing? Most organisations that I know prevent users from adding/removing programs and require central management of applications; which means that the user cannot add "dodgy" applications themselves. If you allow people to pick their own applications, you are opening up a particularly nasty can of worms there.
*pre-emptive celebratory nipple tassle jiggle* - Sean Ewington
"Mind bleach! Send me mind bleach!" - Nagy Vilmos
My blog | My articles | MoXAML PowerToys | Mole 2010 - debugging made easier - my favourite utility
-
Hi thank you for quick answer but I don't want "Administrator group" to stop or restart the service. Because like I said we add our users to Administrator group.
Then the same security adice applies. The only problem with doing this is that REAL Admins will no longer be able to control the service either. Only the System would be able to do it and your not going to convince the system to do so. Talk about the Wild West. Your security environment is so screwed up. You say you've given users Administrator rights just to install software. What you've really done is given users the keys to do ANYTHING AND EVERYTHING, not just install software. What you've done, out of convenience to the users, has created a giant headache for you. The only REAL way out of this problem is to revoke those admin privs and knock everyone back to Users, except, of course, the REAL admins. Then your group would have to take over clearing software for production use and installing it. The service does not dictate who is going to stop it and who isn't. That's determined by the ACL (Access Control List, or Security) on the service.
A guide to posting questions on CodeProject[^]
Dave Kreskowiak -
Hi, I got a task and I tried many ways to do but I couldn't find out how, I need to make a windows service that will return Access is denied when a user in admin group tries to disable or stop the service. My service's CanStop property is false but when I open msconfig I could disable my service. However Eset Service return access is denied when I try to stop or disable it. Please help me. I want to do this because, we add our workers to administrators group on their computers so they can kill any of our control mechanisms when they want. This service will serve us to control their computers. Thanks.
I'd just like to reinforce the answers that say your security policy is broken here. Either you trust your staff, in which case you don't need a monitoring service that they can't kill, or you don't, in which case they shouldn't be admins. You are searching for a technical solution to a HR problem. The simplest approach here is to make disabling the service a disciplinary offence. Edit: also, this really isn't a C# question.
-
Like that, we want users to add or remove programs as they need (want), but we absolutely don't want our application to be stopped disabled, removed or killed from system. Thanks.
-
Hi, I got a task and I tried many ways to do but I couldn't find out how, I need to make a windows service that will return Access is denied when a user in admin group tries to disable or stop the service. My service's CanStop property is false but when I open msconfig I could disable my service. However Eset Service return access is denied when I try to stop or disable it. Please help me. I want to do this because, we add our workers to administrators group on their computers so they can kill any of our control mechanisms when they want. This service will serve us to control their computers. Thanks.
candogu wrote:
I need to make a windows service that will return Access is denied when a user in admin group
To answer another way, Don't, just don't, oh for the love of humanity don't.
Why is common sense not common? Never argue with an idiot. They will drag you down to their level where they are an expert. Sometimes it takes a lot of work to be lazy Individuality is fine, as long as we do it together - F. Burns
-
..walks over to the computer and pulls the electrical cord, just because it's possible. "Now what"?
Bastard Programmer from Hell :suss:
The UPS just kicked in. And in a few hours the Diesel group will start roaring. :-D
Luc Pattyn [My Articles] Nil Volentibus Arduum
Fed up by FireFox memory leaks I switched to Opera and now CP doesn't perform its paste magic, so links will not be offered. Sorry.
-
The UPS just kicked in. And in a few hours the Diesel group will start roaring. :-D
Luc Pattyn [My Articles] Nil Volentibus Arduum
Fed up by FireFox memory leaks I switched to Opera and now CP doesn't perform its paste magic, so links will not be offered. Sorry.
-
candogu wrote:
I need to make a windows service that will return Access is denied when a user in admin group
To answer another way, Don't, just don't, oh for the love of humanity don't.
Why is common sense not common? Never argue with an idiot. They will drag you down to their level where they are an expert. Sometimes it takes a lot of work to be lazy Individuality is fine, as long as we do it together - F. Burns
Okay I found the solution. I give blue screen error when a user even administrator tries to kill my process and service and it cannot be stopped for now according to my tests. However, system doesn't normally shutdown by the service. Windows gives blue screen error from service side when I try to shut down or logoff. From windows process I detect SessionEnding event and I close my application under my control but from service I cannot detect SessionEnding event. What can I do here? What should I use instead SystemEvents? From CSHARP :mad:
-
Okay I found the solution. I give blue screen error when a user even administrator tries to kill my process and service and it cannot be stopped for now according to my tests. However, system doesn't normally shutdown by the service. Windows gives blue screen error from service side when I try to shut down or logoff. From windows process I detect SessionEnding event and I close my application under my control but from service I cannot detect SessionEnding event. What can I do here? What should I use instead SystemEvents? From CSHARP :mad:
The problem with your solution is that you will blue screen whenever anything causes the service to stop, including the service erroring out. As you have been told, the only way to accomplish what you want is to use the Access Control List (ACL) to say who can do what with the service. But seriously, the advise we gave you is good advice - we aren't ripping into your question, we are telling you that from real life experience, relying on users having admin privilege is dangerous.
*pre-emptive celebratory nipple tassle jiggle* - Sean Ewington
"Mind bleach! Send me mind bleach!" - Nagy Vilmos
My blog | My articles | MoXAML PowerToys | Mole 2010 - debugging made easier - my favourite utility
-
The problem with your solution is that you will blue screen whenever anything causes the service to stop, including the service erroring out. As you have been told, the only way to accomplish what you want is to use the Access Control List (ACL) to say who can do what with the service. But seriously, the advise we gave you is good advice - we aren't ripping into your question, we are telling you that from real life experience, relying on users having admin privilege is dangerous.
*pre-emptive celebratory nipple tassle jiggle* - Sean Ewington
"Mind bleach! Send me mind bleach!" - Nagy Vilmos
My blog | My articles | MoXAML PowerToys | Mole 2010 - debugging made easier - my favourite utility
I know that but I have nothing to do with that because I am not the manager okay. Finally I solved my question myself. When computer is shutting down or session is ending, I detect it and I disable critical system process. And windows can normally shutsdown and logs off. How can I set ACL? When I set ACL, can administrators kill my service? Thanks.