Securing a process from local users

Question

We require a method to run a process on a users machine whereby a local user cannot kill this process (from task manager or otherwise). Is there a way to make this application a system process or make it un-killable.

I have gone through all the question on SO and all of them tell that application can always be killed by user in some way.
But in our case, its different since its administrator himself who want to prevent employees (other users) from terminating. Please help and sorry if I am asking something very basic. Thanks.

Answer 1

As long as the user is not a local administrator on the machine they should not have permission to kill any processes run as other users (including domain administrators).

However unless you have an unusual physical setup the user can always kill the process with the power button or physically removing the power supply.

I would suggest additionally your process reports back success on completion. Any machines not confirming success could have the process redeployed and on multiple failures an engineer sent out.

Answer 2

Barring any exploits, there are two different scenarios here.

If the process is owned by a different user account (e.g. it's owned by the local system account):

• One needs to be a member of the local administrators group, have the SeDebugPrivilege privilege, or any other admin granting privileges and/or permissions.

If the process is owned by the same user account, there is a way to prevent killing from utilities such as Task Manager (but may not stop other utiliites):

• Take away the PROCESS_TERMINATE (and PROCESS_SUSPEND_RESUME) permissions from that user for that process. It is usually done programmatically on the application's startup.

This won't prevent someone from taking ownership and resetting the permissions on the process, but as far as I am aware, there are no built-in utilities that can terminate processes made this way unless one has administrator rights.