|
benwylie
|
 |
« on: May 01, 2005, 03:58:23 PM » |
|
Has anyone discovered how to get Process Tamer to be able to control processes which are run by the IUSR_SERVER user which is the anonymous internet user. I have processtamer running as a system service, so under the SYSTEM user, which i would have thought would be able to change the priority of those processes, as it is able to change the priority of processes running as Administrator.
PT is running as SYSTEM, and works well with other processes running as SYSTEM. If a process is running as ADMINISTRATOR its process priority is modified initially, but if it gets changed for whatever reason, it is not automatically reset to the priority PT is meant to force it to. Is there a reason for this? With processes running as SYSTEM, if their priority is manually changed, PT will automatically force it back to the set priority.
I am also unclear as to whether it is meant to be able to alter the priority of processes running as NETWORK SERVICE.
Any thoughts on any of these?
Cheers,
Ben
|
|
|
|
|
Logged
|
|
|
|
|
mouser
|
|
« Reply #1 on: May 01, 2005, 04:00:20 PM » |
|
there are some tools for running an exe as a service..
maybe that would give it enought permission?
im not very good with permissions
|
|
|
|
|
Logged
|
|
|
|
|
Sentinel
|
|
« Reply #2 on: May 10, 2005, 01:38:39 PM » |
|
Yes, the only way for Process Tamer to control processes running as other users is to run a copy of Process Tamer as that user, so it has the ability to interact with that particular users processes. As mouser said, you may be able to run the tray program as a service. Alternatively you could run the process directly using 'runas'. If you want the tray program to run automatically as a different user every time you start your server you could use RunAsPro or TQCRunAs. I don't think that it is possible to run multiple copies of the ProcessTamerTray.exe, so it will only work for one user at the time. That is unless mouser adds an option to run multiple instances.  TQCRunAs http://www.quimeras.comRunAs Professional http://www.mast-computer.com/c_9-l_en.htmlMakeService http://www.bitsum.com/ (I've found this to work well in the past and it is free!) I hope this is of some help. |
|
|
|
|
Logged
|
Designated "proofreading free" zone.
|
|
|
|
|
mouser
|
|
« Reply #3 on: May 10, 2005, 01:58:28 PM » |
|
first let's hear if running it as system service solves the problem.
if not.. one thing that could be done is just run 1 copy of process tamer, but have it invoke a commandline separate program using something like a RunAs, that would lower a target program's priority.
ie, i could make it so that process tamer tries to run a special helper utility as the same user as the target process, for thse kinds of processes. however if running process tamer as a service solves this, that would be a much easier solution..
|
|
|
|
|
Logged
|
|
|
|
|
tenseiken
|
|
« Reply #4 on: May 10, 2005, 06:43:00 PM » |
|
I know that there are 3rd party ways to do this (srvany.exe), but maybe in an upcoming version, you could have an option in the installation to have it run as a service. Might make it easier for everyone.
|
|
|
|
|
Logged
|
-John
|
|
|
|
mouser
|
|
« Reply #5 on: May 10, 2005, 06:51:12 PM » |
|
well we dont know if this works yet. if running as a service solves the problem, then i can add help for this.
|
|
|
|
|
Logged
|
|
|
|
|
tenseiken
|
|
« Reply #6 on: May 11, 2005, 12:18:57 AM » |
|
Well, I guess I was kind of derailing the topic. Sorry about that. Even if it doesn't solve the problem, it would be a neat addition.
|
|
|
|
|
Logged
|
-John
|
|
|
|
Sentinel
|
|
« Reply #7 on: May 11, 2005, 01:32:49 AM » |
|
I get a feeling that running the Tray as a service will only fix the problem for the user account that the service runs as (either LocalSystem or whichever credentials are specified for the service). This should be ok for taming specific applications such as IIS on a dedicated server, but will not be a universal solution for machines running processes as many different users. Citrix/Terminal Services is probably the best example of multiple users running processes this way.
I'll test this at work on Citrix and a 2003 application server and post some conclusive results tonight.
|
|
|
|
|
Logged
|
Designated "proofreading free" zone.
|
|
|
|
mouser
|
|
« Reply #8 on: May 11, 2005, 02:19:00 AM » |
|
yes, that is the critical question..
is there a way to run it as a service with uber permissions to modify all exes.
or does it have to run as a specific service tied to the target.
if the latter, then the only way i see to fix it is to make a little commandline helper util with same taming abilities, which the main process tamer could launch as a specific user, when targetting specific services. sounds a little involved unless this is something really needed.
|
|
|
|
|
Logged
|
|
|
|
|
Sentinel
|
|
« Reply #9 on: May 11, 2005, 03:20:41 AM » |
|
Unfortunately I believe it is the latter, but I'll confirm this from one of my contacts at Microsoft.
|
|
|
|
|
Logged
|
Designated "proofreading free" zone.
|
|
|
|
Sentinel
|
|
« Reply #10 on: July 01, 2005, 03:47:20 PM » |
|
It appears I was dead wrong on this. I'm *still* waiting for some accurate feedback from Microsoft (and I do have some very good contacts there - yet it appears their own OS is a little complex for them ). It appears that it is possible for sessions owned by a user other than that which spawned a process can legitimately alter a processes settings. Some of this may be due to Local Security Settings, but I think some of it may be the result of features added to Windows in more recent times, such as 'Show processes from all uses'. The fact that Process Tamer cannot see these appears to be the first stumbling block. Mouser, it may be worth mailing JC from Bitsum (some excellent products for anyone interesting in EXE compression or process handling) to see how he avoided this problem with Process Lasso. |
|
|
|
|
Logged
|
Designated "proofreading free" zone.
|
|
|
|
mouser
|
|
« Reply #11 on: July 01, 2005, 04:15:18 PM » |
|
im friends with jc so i will ask him  he's a good guy btw, and very knowledgeable. (he coded one of the coding snacks btw, ROFUS). |
|
|
|
|
Logged
|
|
|
|
|
db90h
|
|
« Reply #12 on: July 06, 2005, 02:08:00 PM » |
|
Oh, does Process Lasso work for this? ;p.
Mouser, perhaps you need to acquire the SE_DEBUG priveledge at runtime?
Latez,
Jeremy
|
|
|
|
|
Logged
|
|
|
|
|
