Re: disable task manager
From: Pieter-Bas IJdens (pbijdens@emea.mi4.org.uk)Date: 11/23/01
- Previous message: Chris Chandler: "RE: disable task manager"
- In reply to: Dan B: "disable task manager"
- Next in thread: H C: "Re: disable task manager"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <00b001c17438$059f6f90$6400a8c0@coffee> From: "Pieter-Bas IJdens" <pbijdens@emea.mi4.org.uk> To: <focus-ms@securityfocus.com> Subject: Re: disable task manager Date: Fri, 23 Nov 2001 17:00:49 +0100
> Is there any way to disable them (specifically these users) from viewing
> the task manager ?? in other words, stoping them from pressing CTRL +
> ALT + DEL and clicking on Task manager?
First of all, if these people are causing your problems, you should probably
just put an end to it, instead of attempting to spy on them. Usually in a
computerized environment, when one causes trouble one typically is breaking
some rules and someone will be in the position to end this officially.
Answering your question, the answer would be: "Uhm, not really no." Task
manager is just a win32 application and you can yourself start it from the
windows system32 directory. Even if you remove it and find some way to keep
it off the system, then still on www.sysinternals.com and many other sites
there are plenty of freeware task manager and process viewer utilities.
Maybe you should consider spying on them some other way? If you want to
build a case, you might just sniff and log network traffic and that way
gather proof of their misbehaviour.
If you insist on using this server, what you basically should do is hide the
process. You could for example consider renaming the executable. Sometimes
names like INDEXER.EXE, QoSSvr.exe etc. do not arouse suspision with your
users. If you really want to spy on them. Most probably though by now they
also have remembered the other characteristics [process size etc.] of this
server, so this may not work. You can also really hide processes on windows.
Try searching for a utility to do that, and when you are at that, maybe
check out http://www.securityfocus.com/cgi-bin/tools.pl?platid=9&cat=10 for
an alternative to your spy-server. [speaking about QoS, you might also look
for a utility to limit processor use of the process (if possible)]
Oh, and finally if you are really desperate to find out what is going on,
you can always get yourself a pair of shoes with soft rubber soles...
Good luck,
Pieter-Bas
- Previous message: Chris Chandler: "RE: disable task manager"
- In reply to: Dan B: "disable task manager"
- Next in thread: H C: "Re: disable task manager"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
