How to make sure a background service is never stopped by any user, not even local admin?
I was learning to create a background service using C# and dotnet. My curiosity is to know, can we make such a service that cannot be stopped by any user not even local admin?
15 Replies
as a user i have to wonder why you would ever want this, that seems incredibly invasive
i'm guessing you'd need kernel level rights or something
suppose a service is created to monitor/deploy new updates to some windows apps. In that case I do not want user to stop the service or change permissions.
Is there a better way to do this if not a service?
Doesn't a local admin automatically have permission to do whatever they want?
why? why not allow the user to decide when they want to update?
check once at startup or something
Okay here is a scenario,
Intune deploys application package(even if the app is not running), Service should know a new package is installed on the system. Based on the installation it will perform some post deployment tasks. Here if the service is not running, those post deployment tasks won't run, which should run immediately after the application package is installed. This is why I want a service which can start again on its own even if it is closed or stops local admin from stopping
Yes local admin have all the access, which is why I need some mechanism that could either avoid local admin to stop the service or service can restart on its own.
so a rootkit?
But if the local admin can do anything, they can stop your service...
It cannot be called a rootkit.
It is a service that will monitor some organization controlled devices.
So a organization approved rootkit.
this is usually done via group policies in large orgs
meaning once the computer restarts, the service gets installed/started again, whatever the user did
but you cant actually stop the user from stopping it
no, local admin cannot do a bunch of things, including stopping some services
you can look at the account SYSTEM for example
How to make sure that local admin is not allowed to stop the service?
read raymond's words
then reconsider how silly this all sounds
if you're trying to enforce something in your org and that something doesn't happen on someone's machine, consider HR actions.
Thank you!
I got the gist here.
Unknown User•2mo ago
Message Not Public
Sign In & Join Server To View