|
Hi, I got a task and I tried many ways to do but I couldn't find out how, I need to make a windows service that will return Access is denied when a user in admin group tries to disable or stop the service. My service's CanStop property is false but when I open msconfig I could disable my service. However Eset Service return access is denied when I try to stop or disable it. Please help me. I want to do this because, we add our workers to administrators group on their computers so they can kill any of our control mechanisms when they want. This service will serve us to control their computers. Thanks.
modified 8-Feb-12 2:25am.
|
|
|
|
|
Just set the security rights of the service to administrator control only.
No other user will be able to restart this service then.
Set this in the installer
e.g.
Account = ServiceAccount.User,
Username = @"domain\username",
|
|
|
|
|
Hi thank you for quick answer but I don't want "Administrator group" to stop or restart the service. Because like I said we add our users to Administrator group.
|
|
|
|
|
candogu wrote: Hi thank you for quick answer but I don't want "Administrator group" to stop or restart the service. Because like I said we add our users to Administrator group.
Can't be done. The person owning and driving the car decides, not the manufacturer. If it's their computer, they are in control of their system.
If they shouldn't be, then they shouldn't be administrators. You can't have both.
Bastard Programmer from Hell
|
|
|
|
|
To extend Eddy's answer, why are you making users Administrators? That's a really dangerous practice, and should be discouraged.
|
|
|
|
|
Because they would add or remove programs when I add them to Users group, they cannot.
|
|
|
|
|
Is this an organisational thing? Most organisations that I know prevent users from adding/removing programs and require central management of applications; which means that the user cannot add "dodgy" applications themselves. If you allow people to pick their own applications, you are opening up a particularly nasty can of worms there.
|
|
|
|
|
Like that, we want users to add or remove programs as they need (want), but we absolutely don't want our application to be stopped disabled, removed or killed from system. Thanks.
|
|
|
|
|
..walks over to the computer and pulls the electrical cord, just because it's possible.
"Now what"?
Bastard Programmer from Hell
|
|
|
|
|
The UPS just kicked in. And in a few hours the Diesel group will start roaring.
Luc Pattyn [My Articles] Nil Volentibus Arduum
Fed up by FireFox memory leaks I switched to Opera and now CP doesn't perform its paste magic, so links will not be offered. Sorry.
|
|
|
|
|
|
Then the same security adice applies. The only problem with doing this is that REAL Admins will no longer be able to control the service either. Only the System would be able to do it and your not going to convince the system to do so.
Talk about the Wild West. Your security environment is so screwed up. You say you've given users Administrator rights just to install software. What you've really done is given users the keys to do ANYTHING AND EVERYTHING, not just install software.
What you've done, out of convenience to the users, has created a giant headache for you. The only REAL way out of this problem is to revoke those admin privs and knock everyone back to Users, except, of course, the REAL admins. Then your group would have to take over clearing software for production use and installing it.
The service does not dictate who is going to stop it and who isn't. That's determined by the ACL (Access Control List, or Security) on the service.
|
|
|
|
|
|
I'd just like to reinforce the answers that say your security policy is broken here. Either you trust your staff, in which case you don't need a monitoring service that they can't kill, or you don't, in which case they shouldn't be admins. You are searching for a technical solution to a HR problem.
The simplest approach here is to make disabling the service a disciplinary offence.
Edit: also, this really isn't a C# question.
|
|
|
|
|
candogu wrote: I need to make a windows service that will return Access is denied when a user
in admin group
To answer another way, Don't, just don't, oh for the love of humanity don't.
Why is common sense not common?
Never argue with an idiot. They will drag you down to their level where they are an expert.
Sometimes it takes a lot of work to be lazy
Individuality is fine, as long as we do it together - F. Burns
|
|
|
|
|
Okay I found the solution. I give blue screen error when a user even administrator tries to kill my process and service and it cannot be stopped for now according to my tests. However, system doesn't normally shutdown by the service. Windows gives blue screen error from service side when I try to shut down or logoff. From windows process I detect SessionEnding event and I close my application under my control but from service I cannot detect SessionEnding event. What can I do here? What should I use instead SystemEvents? From CSHARP
|
|
|
|
|
The problem with your solution is that you will blue screen whenever anything causes the service to stop, including the service erroring out. As you have been told, the only way to accomplish what you want is to use the Access Control List (ACL) to say who can do what with the service. But seriously, the advise we gave you is good advice - we aren't ripping into your question, we are telling you that from real life experience, relying on users having admin privilege is dangerous.
|
|
|
|
|
I know that but I have nothing to do with that because I am not the manager okay. Finally I solved my question myself. When computer is shutting down or session is ending, I detect it and I disable critical system process. And windows can normally shutsdown and logs off. How can I set ACL? When I set ACL, can administrators kill my service? Thanks.
|
|
|
|
|
how to prepare synopsis for Resource Sharing and Conflict Management System
|
|
|
|
|
Is this a C# question? If so please give some more detail of the problem you are trying to solve.
Unrequited desire is character building. OriginalGriff
I'm sitting here giving you a standing ovation - Len Goodman
|
|
|
|
|
How to prepare?
Well, that starts by getting a definition for those terms. Then you'd decide the scope of your synopsis. How far are you at this point?
Bastard Programmer from Hell
|
|
|
|
|
I am working on some code to replace all of the LF end of line chars with CRLF in a text file. I wanted to account for the scenario of if the file does contain CRLF already and am not sure how. My current code will replace CRLF with CRCRLF which is not good. Does anyone have any ideas? Thanks in advance for your assistance!
string data = null;
using (StreamReader srFileName = new StreamReader(FileName))
{
data = srFileName.ReadToEnd();
data = data.Replace("\n","\r\n");
}
using (StreamWriter swFileName = new StreamWriter(FileName))
{
swFileName.Write(data);
}
|
|
|
|
|
One easy method would be:
data = data.Replace("\r\n","\n");
data = data.Replace("\n","\r\n");
But thats doing two replaces which might be a performance issue.
Another method I think should work is to use File.ReadAllLines() followed by File.WriteAllLines().
Yet another method would be to use regex to match \n's that are NOT preceeded by \r's.
|
|
|
|
|
Hi every body
I want to send email in windows application.
when i trace code all is OK but no message is received in mailbox ,my code is below:
MailAddressCollection receivers = new MailAddressCollection();
MailMessage msg = new MailMessage();
msg.IsBodyHtml = true;
msg.From = new MailAddress("telavat@telavat.com", "Alireza Doroudian");
msg.To.Add("a.doroudian@gmail.com");
msg.Subject = "testofHtml";
msg.Body = "ww";
SmtpClient smpt = new SmtpClient();
smpt.Host = "localhost";
smpt.Port = 25;
smpt.DeliveryMethod = SmtpDeliveryMethod.PickupDirectoryFromIis;
smpt.Send(msg);
thanks for any guides
Regards
Ali
|
|
|
|
|
My first suggestion would be to remove your email addresses from your post . You are about to getting spammed into oblivion as spammers spider this forum for addresses.
|
|
|
|