Reputation: 16286
I've read a lot of similar questions on SO but haven't found an answer
I need to run a separate process from a windows service in logged in user's session but under system account, thus user cannot terminate the process
I need this process to interact with desktop for supervising purposes.
the main goal is to prevent user to terminate the process.
Upvotes: 1
Views: 1792
Reputation: 16286
actually there's much simpler way to achieve the same: to prevent process termination by user w/o special privileges (like admin rights)
after long digging I found acceptable answer here: Prevent user process from being killed with "End Process" from Process Explorer
works fine if you're logged in as a regular user, you cannot kill the process from Process Explorer. Admin still can kill it because has sufficient privileges. it's exactly what I needed
Upvotes: -1
Reputation: 18441
If you run an interactive applications (having GUI or not), from currently logged in user account - the end user (having Admin rights) may terminate the process. You either need to keep it as SYSTEM service, or remove all DACL/ACL information from the process using SetKernelObjectSecurity.
Upvotes: 2