Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>One approach, if you could access the process ID in an administrative context, is to deny the PROCESS_TERMINATE permission on the process to end users. Terminating the process (through task manager or other contexts) is by default granted to the owner, but can be explicitly denied. When it is denied, terminating the process would require the owner to manually change the ACL, and then terminate the process. If the user is neither an administrator nor the owner of the process, he will not be able to forcibly terminate the process (e.g., through Task Manager), although the process will be allowed to exit normally.</p> <p>The following code puts an explicit deny ACE on the process with the PID <code>processid</code> for members of the Everyone group.</p> <pre><code>#include "Aclapi.h" #include "Sddl.h" DWORD RestrictTerminateOnProcessId(DWORD processid) { PACL dacl = NULL, newdacl = NULL; HANDLE ph = NULL; PSECURITY_DESCRIPTOR* desc = NULL; PSID everyonesid = NULL; ph = OpenProcess(WRITE_DAC | READ_CONTROL, false, processid); if (!ph) goto cleanup; if (ERROR_SUCCESS != GetSecurityInfo(ph, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, &amp;dacl, NULL, desc)) goto cleanup; SID_IDENTIFIER_AUTHORITY WorldAuth = SECURITY_WORLD_SID_AUTHORITY; if (!AllocateAndInitializeSid( &amp;WorldAuth,1,SECURITY_WORLD_RID, 0,0,0,0,0,0,0,&amp;everyonesid)) goto cleanup; // begin copy dacl _ACL_SIZE_INFORMATION si; GetAclInformation(dacl, &amp;si, sizeof(si), AclSizeInformation); DWORD dwNewAclSize = si.AclBytesInUse + (2*sizeof(ACCESS_DENIED_ACE)) + (2*GetLengthSid(everyonesid)) - (2*sizeof(DWORD)); newdacl = (PACL)HeapAlloc( GetProcessHeap(), HEAP_ZERO_MEMORY, dwNewAclSize); if (newdacl == NULL) goto cleanup; if (!InitializeAcl(newdacl, dwNewAclSize, ACL_REVISION_DS)) goto cleanup; if (!AddAccessDeniedAce(newdacl, ACL_REVISION_DS, PROCESS_TERMINATE, everyonesid)) goto cleanup; for (int i = 0; i &lt; si.AceCount; i++) { LPVOID pace = NULL; if (!GetAce(dacl, i, &amp;pace)) goto cleanup; if (!AddAce(newdacl, ACL_REVISION_DS, MAXDWORD, pace, ((PACE_HEADER)pace)-&gt;AceSize)) goto cleanup; } // end copy dacl if (!SetSecurityInfo(ph, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, newdacl, NULL)) goto cleanup; SetLastError(0); cleanup: DWORD ret = GetLastError(); if (desc) LocalFree(desc); if (newdacl) HeapFree(GetProcessHeap(), 0, (LPVOID)newdacl); if (ph) CloseHandle(ph); if (everyonesid) FreeSid(everyonesid); return !ret; } </code></pre>
    singulars
    1. This table or related slice is empty.
    1. PODeny Access to Kiosk program process
      singulars
      1. PTQuestion
    1. PTAnswer
    1. This table or related slice is empty.
    1. USdrf
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PODeny Access to Kiosk program process
      singulars
      1. PTQuestion
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTAcceptedByOriginator
    1. This table or related slice is empty.
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload