1

Goal:

On my PC, there is a background script (Process A) that runs on startup with Administrator Level Permissions on the Standard Level Account (Account X). I would like to use this script, with it's elevated permissions to modify the process-level permissions on a process (Process B) that is run by Account X on startup.

The goal is to make Process B interminable by Account X, whilst still being initiated by Account X.

Background:

This is easily achievable with Process Explorer, but this is a GUI program. There is some material online regarding changing permissions via command line, but these are for services, not for processes.

Specifically, I need to add Deny Permissions on Terminate Process, and Change Permissions to Account X for Process B.

Summary:

  • Process A is started up on login (into Account X) via Task Scheduler running under an Administrator Account
  • Process B is started up by Account X
  • Account X is a standard level account
  • I can use Process Explorer to manually add the Deny Permissions I am describing, but I want Process A to do it itself (perhaps by command line).
Improve this question
4
  • Is the real problem that you're trying to make Process B unterminable by the user?
    – harrymc
    Commented Oct 1, 2021 at 17:54
  • Yes, I've been submerged in the problem too long! I've edited the question in response. The key problem is that Process B still has to be initiated by Account X, as when I try and initiate Process B using an administrator account, it doesn't initialise properly.
    – MrPRambo
    Commented Oct 1, 2021 at 17:59
  • I don't think your approach is feasible. But if Process B is restartable, you could start two of them, where each one checks for the other and restarts it if killed. That will will make it unkillable, unless the user knows the taskkill command.
    – harrymc
    Commented Oct 1, 2021 at 18:52
  • The user may know the taskkill command, and needs to control other processes that are not run with elevated permission (Process B would ideally be run under an administrator account, but it refuses to initialise properly when this is done)
    – MrPRambo
    Commented Oct 1, 2021 at 21:25

1 Answer 1

Reset to default
0

A program running with Administrator permissions can modify a process ACL to remove PROCESS_TERMINATE permission.

An example written in C++ found in this post:

static const bool ProtectProcess()
{
    HANDLE hProcess = GetCurrentProcess();
    EXPLICIT_ACCESS denyAccess = {0};
    DWORD dwAccessPermissions = GENERIC_WRITE|PROCESS_ALL_ACCESS|WRITE_DAC|DELETE|WRITE_OWNER|READ_CONTROL;
    BuildExplicitAccessWithName( &denyAccess, _T("CURRENT_USER"), dwAccessPermissions, DENY_ACCESS, NO_INHERITANCE );
    PACL pTempDacl = NULL;
    DWORD dwErr = 0;
    dwErr = SetEntriesInAcl( 1, &denyAccess, NULL, &pTempDacl );
    // check dwErr...
    dwErr = SetSecurityInfo( hProcess, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pTempDacl, NULL );
    // check dwErr...
    LocalFree( pTempDacl );
    CloseHandle( hProcess );
    return dwErr == ERROR_SUCCESS;
}

More questions about this code should rather be asked on StackOverflow.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .