Suppose you wanted to stop a process from being terminated. To do that, you could adjust the process's ACL to deny the "terminate" access right.
(Insert spiel here about how processes should be run under a different user than the one you're trying to protect them against. It will be extremely difficult if not impossible to completely stop a user from messing with a process that runs in their own security context and in a desktop they control.)
Downfalls aside, it is possible though not terribly convenient to control the access to a process with .NET and therefore with PowerShell. Another person went to the trouble of implementing a ProcessSecurity class in C#. Using Add-Type, we can take advantage of all those defined types in a PowerShell session. The full script is very long and a superset of that code, but you can see all of it and an example usage - denying the terminate right on given processes - in my Super User answer.
No comments:
Post a Comment