What's the max Windows 7 access possible to restrict tampering with single service?

3

I'm developing an ADHD management system for myself. Without going into detail (and as silly as it may sound for a grown man to need something like this), I need to build a me-proof service to run on my Windows 7 Ultra laptop. I still need fairly complete access to the system, though.

How can I set things up so that I'm unable to "easily" (ie. within 3-5 mins without rebooting) stop the service or prevent it from running?

EDIT: I recognize that the solution here is probably some sort of pre-existing software that I need to hunt down for myself and that it would run under an admin account (w/password known by someone else) while I regularly use a limited account. The issue is that I'm a developer & regularly need more than standard user access to the machine. Here are some specifics in terms of what I tend to need to do:

  • Install/remove programs
  • Run virtual machines via vmware or virtualbox, sometimes through Vagrant
  • Kill processes I've started
  • Start/stop services that may not be running under my account
  • Have access to most files/directories (don't regularly need access to hosts file)

...I think that covers the standards that would be too frequent for me to ask someone to type in a password.

Crawford Comeaux

Posted 2013-06-25T22:22:43.950

Reputation: 31

Answers

1

You may need to go into a little bit more detail about the particular service you want to prevent from running, or protect, ect.. (without diving into the personals, of course)

ICE

Posted 2013-06-25T22:22:43.950

Reputation: 264

It'd just be something I'd write to lock me out of the laptop when I'm using it to distract myself from other things and to restrict my browsing to a limited number of sites. – Crawford Comeaux – 2013-06-26T06:39:36.453

1

You'll need to spend some time on this one, if you only want a select few websites blocked you'll need to edit your host file in: 

    %systemroot%/system32/drivers/ect/hosts

-But this would be permanent, you would have to manually undo this everytime. It might be easier to use a timer script or series of timers, waiting to kill whatever program after however many seconds, then loop taskkill to prevent it from starting up again.

ICE

Posted 2013-06-25T22:22:43.950

Reputation: 264

This fails the "easy" test since running notepad as admin & removing entries could be done in just a minute. – Crawford Comeaux – 2013-06-27T07:07:02.007

The plan is to automate the system through various means, mostly running on a remote server. But the remote code needs an endpoint on the laptop that I can't kill. Hence the question. – Crawford Comeaux – 2013-06-27T07:15:49.137

This guy has his hosts file automatically reset to add block time wasting websites on a cron job. Clever idea: http://clauswitt.com/fighting-procrastination-by-changing-hosts-file-with-cron.html

– Matthew Lock – 2013-08-29T06:26:59.887

1

Investigate the different Internet filtering programs (a.k.a. content-filtering software) available. They generally have additional options like usage timers, blocking access to installed software etc.

Years ago I worked in that business and we had clients who bought the software for just this purpose, e.g. a family that had a son who got upset when seeing certain websites, so with his knowledge they used our software. That specific product is no longer on the market.

Install and manage the software on a separate administrator account, while you yourself work on a limited user account.

Once this system is set up and works like you wish:
If there is someone 'nearby' who you trust, have him/her change the admin password.

[Note that if you do that last thing, depending on the filtering program, you may not even need to use separate Win accounts, just have that person change the program password.]

Additional note: Building stuff like this yourself is hard if you want to make it tamper-proof. It is not something you can do with a bit of Windows configuration.

Added 30 June:
Another method to store the password is to take a really complicated password that you can remember, write it on a piece of paper, and keep at a different location where you can't quickly get at it, e.g. at your work location.

Jan Doggen

Posted 2013-06-25T22:22:43.950

Reputation: 3 591

I'm definitely not looking to build this part of my system, that's for sure. The difficulty lies in figuring out how to limit my account without getting in the way of things I need to do, as a developer. Editing the question now with specifics as far as what it is I routinely need to do. – Crawford Comeaux – 2013-06-29T20:08:58.120

1Internet filtering software does not necessarily force you into a non-admin account. I know many of these programs do, but ours did not. – Jan Doggen – 2013-06-30T17:44:58.523

0

Why don't you take a leaf out of Paul Graham's book and just disconnect from the internet completely on your work computer?

...set up a separate computer for using the Internet.

I now leave wifi turned off on my main computer except when I need to transfer a file or edit a web page, and I have a separate laptop on the other side of the room that I use to check mail or browse the web. (Irony of ironies, it's the computer Steve Huffman wrote Reddit on. When Steve and Alexis auctioned off their old laptops for charity, I bought them for the Y Combinator museum.)

My rule is that I can spend as much time online as I want, as long as I do it on that computer. And this turns out to be enough. When I have to sit on the other side of the room to check email or browse the web, I become much more aware of it. Sufficiently aware, in my case at least, that it's hard to spend more than about an hour a day online.

And my main computer is now freed for work. If you try this trick, you'll probably be struck by how different it feels when your computer is disconnected from the Internet. It was alarming to me how foreign it felt to sit in front of a computer that could only be used for work, because that showed how much time I must have been wasting.

Wow. All I can do at this computer is work. Ok, I better work then.

http://www.paulgraham.com/distraction.html

I personally find that a bit extreme and use Leechblock instead just to limit the worst timesinking sites: https://addons.mozilla.org/en-US/firefox/addon/leechblock/

Matthew Lock

Posted 2013-06-25T22:22:43.950

Reputation: 4 254

1

Actually, thats a pretty clever idea. If you DO actually need some web based resource, you could always build an offline reference to them. A very extreme way is how richard stallman does it - using a script that fetches sites (though he seems to do it for privacy rather than distraction free workspaces)

– Journeyman Geek – 2013-08-29T06:22:44.343

Or just go over to 2nd computer that does have internet access to look it up. I think the secret is to just raise the cost of procrastinating to the point that working is easier. – Matthew Lock – 2013-08-29T06:25:40.523

Asked: 2013-06-25T22:22:43.950

Viewed: 254 times

Active: 2013-08-29T06:24:44.380