Reputation: 16286
how to start separate process under system account from a windows service?
I've read a lot of similar questions on SO but haven't found an answer
I need to run a separate process from a windows service in logged in user's session but under system account, thus user cannot terminate the process
I need this process to interact with desktop for supervising purposes.
the main goal is to prevent user to terminate the process.
Upvotes: 1
Views: 1792
Answers (2)
Reputation: 16286
actually there's much simpler way to achieve the same: to prevent process termination by user w/o special privileges (like admin rights)
after long digging I found acceptable answer here: Prevent user process from being killed with "End Process" from Process Explorer
works fine if you're logged in as a regular user, you cannot kill the process from Process Explorer. Admin still can kill it because has sufficient privileges. it's exactly what I needed
Upvotes: -1
Reputation: 18441
If you run an interactive applications (having GUI or not), from currently logged in user account - the end user (having Admin rights) may terminate the process. You either need to keep it as SYSTEM service, or remove all DACL/ACL information from the process using SetKernelObjectSecurity.
Upvotes: 2
Related Questions
- Run process from a windows service as the current user with administrative privilege
- Run a process from a windows service as the current user
- Using Process.Start() to start a process as a different user from within a Windows Service
- Start Windows Service From Application without Admin right(c++)
- Calling OpenWindowStation from a service running under a "user" account
- C++ Having Windows Service Start another Program
- Running a windows service as a privileged user
- Windows 7 or Windows 2008 how to launch a process in Local System Account or System Context (from desktop aplication)
- How to know which user account runs a specific windows service?
- Use ServiceController to start a service with a different account