When I try to kill a specific process (avastUI.exe), I got "permission denied".
Obviously, the current user is in the Administrator group.
I'm not looking for a way to kill this process, I just want to know the reason...
If there is a security, can you explain it ?
For more info, I'm the owner of Avast folder / exe, and I got the correct permissions...
OS: Windows 7
Thank you.
Answer
Some of the processes showing in Task Manager are actually services that you can see in the Services node of the Computer Management console. Services can have an ACL attached to them the same way a file/folder can. If the service is running as the LocalSystem account and has an ACL that prevents you from shutting it down (highly likely with an AV program), that would explain why you are getting a permission denied error when trying to kill it.
Setting permissions on services is a pain. There are no options within the GUI to modify them. The only way it can be done is via the command line with the sc command.
Unfortunately, the sc command, is ugly. For example, I issued this command for the BITS service on my own machine:
sc sdshow bits
...and got the following output:
D:(A;CI;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)
S:(AU;SAFA;WDWO;;;BA)
That's Microsoft's Security Descriptor Definition Language (SDDL) for you.
Each Access Control Entry (ACE) in the list is contained within the parentheses () and is called the ACE String.
I'm going to stop right there because following that link and trying to understand an SDDL string will make your head spin.
Under the hood, however, all permissions (even those on files) are represented by SDDL strings. It's just that services do not give you a GUI front-end to work with them (nor even a sane command-line utility like cacls).
No comments:
Post a Comment