RE: ntdev digest: September 17, 2006

OSR_Community_User · September 18, 2006, 3:47am

> Subject: Re: How to hook Service management operations?

From: MM
> Date: Sun, 17 Sep 2006 03:21:30 -0500
> X-Message-Number: 2
> >I need to hook Service Management operations (Start/Stop/Pause etc.)
> >such as be able prevent (protect from) occasional operations.
> >
> Why? The administrator is the only user that can manipulate services.
>
> If the admin wants to stop your service, you have NO right to code
your
> software in a way to prevent that. What next, your going to add your
> service and driver to ‘safe mode’ boots?

Matt,
The management logic of huge enterprises is not the same to small firm.

Example: Administrator has NOT rights to manipulate with some critical
services, if it contradicts commonly established management policy.
It is logic of firm with thousands (!) servers ask “Management over
management”…

Maxim_S_Shatskih · September 19, 2006, 11:33am

>The management logic of huge enterprises is not the same to small firm.

Example: Administrator has NOT rights to manipulate with some critical
services, if it contradicts commonly established management policy.
It is logic of firm with thousands (!) servers ask “Management over
management”…

This is not enforceable technically in Windows. Administrator can cut off and
switch away your “enforcer” product by just booting off Windows recovery CD and
disabling the suspicious drivers and services.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

Don_Burn_1 · September 19, 2006, 11:54am

“Grabelkovsky, Michael” <michael.grabelkovsky> wrote in message

>> The management logic of huge enterprises is not the same to small firm.
>>
>> Example: Administrator has NOT rights to manipulate with some critical
>> services, if it contradicts commonly established management policy.
>> It is logic of firm with thousands (!) servers ask “Management over
>> management”…

And the way reputable firms do this in Windows is to not give out the
Administrator password (recognizing that this is all poweful) but instead
install a service with an access program that allows a more limited account
to do some actions. So the full administrator account stays off limits, but
the new management account can do the things people need.

Hooking is hacking, and even if you succeed all you have done is create a
situation where if anything goes wrong with your software the node it is
running on has to be blown away, since your software would not be removable
by the Administrator.

–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
http://www.windrvr.com
Remove StopSpam from the email to reply</michael.grabelkovsky>