Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

How to restrict a user from killing a process or stopping a service

Started by Mobi , Aug 03 2009 02:41 AM

  • Please log in to reply

#1
Mobi
Posted 03 August 2009 - 02:41 AM

Mobi

    Member

  • Member
  • PipPip
  • 52 posts
Hi,

I was wondering how we can restrict any user from stopping any particular service or from killing that process.

We need to run software on our all machine; the problem is that all the users are added as the local administrative in their assigned machines. Now I have seen that some service such as AV when you try to stop these services the "stop" & "start" option is disabled and if any user tries to kill the process by using the task manager he gets "Access is denied" message.

Is there any way we can also put the same response for any other service we want? Or one has to do this by making some application/program itself?

I shall be thankful to you for your response
  • 0

Advertisements

#2
Artellos
Posted 03 August 2009 - 07:45 AM

Artellos

    Tech Secretary

  • Global Moderator
  • 3,915 posts
Hello there Mobi, and welcome to Geeks to Go! :)

You can disable the Task Manager through a group policy. (Start -> Run: gpedit.msc)
This would prevent all your users to access the Task Manager at all. However, keep in mind that if they have local administrative access, they can just remove that policy with their administrative powers.

There are very few -real- restrictions you can put on local administrative users.

Regards,
Olrik
  • 0

#3
dsenette
Posted 03 August 2009 - 10:00 AM

dsenette

    Je suis Napoléon!

  • Community Leader
  • 26,047 posts
  • MVP
actually...if you set the setting to restrict access to the task manager in the DOMAIN group policy...then the local admin SHOULDN'T be able to use task manager either (at least not a user that's a local admin....there's a chance that THE local admin account could do it)
  • 0

#4
W-Unit
Posted 03 August 2009 - 02:44 PM

W-Unit

    Member

  • Member
  • PipPipPip
  • 170 posts
Hehe, if I may offer another perspective...
My high school used the setup recommended by dsenette. The restrictions were VERY strict- No access to Run, Command Prompt, Registry Editor, Task Manager, or even the C drive. It wouldn't even let you type anything into the address bar of Windows Explorer, either.

Edit:removed instructions that "could" be used to get around settings in place on a misconfigured network

Moderators- my apologies if talking about this qualified as instructions on how to hack/exploit. I consider it to be a very innocuous weakness, besides which my intent was only to let the OP know about this problem, not to educate others about how to exploit it. Please do let me know if this violates any rules, though, and I will be happy to revise the post so that it does not go into the specifics of the shortcut technique.
  • 0

#5
dsenette
Posted 03 August 2009 - 02:53 PM

dsenette

    Je suis Napoléon!

  • Community Leader
  • 26,047 posts
  • MVP
i edited it for you....

at your school...the network was probably NOT configured as a domain...and the rules were probably not put in place at the domain level.

domain policy always trumps local policy so your method wouldn't (or at least shouldn't if the domain policy is set correctly) work...

also...it's very easy in domain policy to add gpedit.msc into the "unapproved" applications list thereby blocking it
  • 0
Back to Networking · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Hardware
  3. Networking

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP