Overkill Posted September 24, 2010 Posted September 24, 2010 I work as a tech/salesperson for a retail outlet and one of our biggest problems is kids messing with our floor models (adding passwords, changing homepage, etc) and I'm writing a script that will stop all that once and for all. The question I have for you guys is what's the most effective way to prevent the script from being closed via the task manager? Would it be to write a second script and have each script ProcessExists($otherscript), or is there a more elaborate way that would take more than fast fingers to get around?
LurchMan Posted September 24, 2010 Posted September 24, 2010 I work as a tech/salesperson for a retail outlet and one of our biggest problems is kids messing with our floor models (adding passwords, changing homepage, etc) and I'm writing a script that will stop all that once and for all. The question I have for you guys is what's the most effective way to prevent the script from being closed via the task manager? Would it be to write a second script and have each script ProcessExists($otherscript), or is there a more elaborate way that would take more than fast fingers to get around?If I remember right (which could very well be wrong) there's a registry key that would stop all of that without a script.For your question though, I usually just have a small script called svchost.exe and run it as local admin or similar that constantly checks for main script and starts it again if it disappears. You might also want to check out Kellys Korner for some reg tweaks that could probably help you. Dating a girl is just like writing software. Everything's going to work just fine in the testing lab (dating), but as soon as you have contract with a customer (marriage), then your program (life) is going to be facing new situations you never expected. You'll be forced to patch the code (admit you're wrong) and then the code (wife) will just end up all bloated and unmaintainable in the end.
Overkill Posted September 24, 2010 Author Posted September 24, 2010 If I remember right (which could very well be wrong) there's a registry key that would stop all of that without a script.For your question though, I usually just have a small script called svchost.exe and run it as local admin or similar that constantly checks for main script and starts it again if it disappears. You might also want to check out Kellys Korner for some reg tweaks that could probably help you.The short version is that we may need access to all of that stuff at the drop of a hat, and rather than go through something complicated I can enter a password into the admin login for my script and it will give me or another associate control of whatever is needed. The svchost.exe idea is something that I've used in the past but this needs to be a little smarter than that since Win7 has the "full path" option in the task manager. Running it as a service may be the best way to do this but I don't have the experience/knowledge needed to do this quickly and efficiently.
Richard Robertson Posted September 24, 2010 Posted September 24, 2010 You should look into a hard drive locker. Something that lets you reboot and return to a saved state.
4Eyes Posted September 24, 2010 Posted September 24, 2010 There are 2 'hard drive lockers' that I know of. One is HDGuard and the other is DeepFreeze. Both do as OP said... reboot and all changes are gone. Re: svchost.exe ... that seems a most curious name for an AutoIT program as a file by that name is a vital part of Windows. That strikes as just plain dumb to call it that. 4Eyes
JoHanatCent Posted September 24, 2010 Posted September 24, 2010 (edited) #NoTrayIcon HotKeySet("{ESC}", "Stop") While 1 Sleep(10.5) If WinActive("Process Explorer - ") Then WinKill("Process Explorer - ") EndIf Sleep(10.5) If WinActive("Windows Task Manager") Then WinKill("Windows Task Manager") EndIf WEnd Func Stop() Exit 0 EndFunc ;==>StopThis could keep them guessing for a WHILE. Edited September 24, 2010 by JoHanatCent
Overkill Posted September 24, 2010 Author Posted September 24, 2010 #NoTrayIcon HotKeySet("{ESC}", "Stop") While 1 Sleep(10.5) If WinActive("Process Explorer - ") Then WinKill("Process Explorer - ") EndIf Sleep(10.5) If WinActive("Windows Task Manager") Then WinKill("Windows Task Manager") EndIf WEnd Func Stop() Exit 0 EndFunc ;==>StopThis could keep them guessing for a WHILE. 1) CTRL+SHIFT+ESC is the hotkey combo for taskmgr in Windows ME II (Vista) and Windows 7. 2) I suppose in the stop function you could have a password window pop up instead of exiting the script, but I'd really just like to have this installed as a service that restarts itself when the script is closed like many AV programs, netlimiter, and others do. As for DeepFreeze/HDGuard - retail store = corporate licensing = costs money = declined. This script is officially unsanctioned by the management (though unofficially they like the idea), so they're going to be "unaware" of my actions and will "take appropriate action" if something goes wrong. We're not even allowed to use our own toolkits on virus removals when the provided AV software fails, so something like this is of course very much a violation of policy.
Richard Robertson Posted September 24, 2010 Posted September 24, 2010 I can understand the prohibitive costs of the hard drive lock, but why can't you even do your own work on the floor models if there is a problem? Why not just make the user a limited user and remove all their privileges? The group policy editor can block a lot of things.
Bert Posted September 24, 2010 Posted September 24, 2010 (edited) I agree. Simply using MMC to lock the rig down would do the trick. http://www.theeldergeek.com/microsoft_management_console.htm Edited September 24, 2010 by MPH The Vollatran project My blog: http://www.vollysinterestingshit.com/
Overkill Posted September 27, 2010 Author Posted September 27, 2010 We sell a lot of floor models this time of year and I'd much prefer to have a script set up that we can remove quickly and easily when needed without making any software changes to the computer so that if the customer doesn't want to wait to for the computer to be re-imaged we can get them out the door in a timely manner. I appreciate your alternative ideas but there is a method to my madness, and at this point I'd like to focus on the question asked instead of different theories.
Valuater Posted September 27, 2010 Posted September 27, 2010 Sounds like you have your direction now...... what's the most effective way to prevent the script from being closed via the task manager?I use to run Task Manager and then "hide it".... and that takes care of that... Would it be to write a second script and have each script ProcessExists($otherscript), or is there a more elaborate way that would take more than fast fingers to get around?Due to the simplisity of removal at time of sale, I think the dual script is right for you8)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now