How do I prevent users from terminating a service?

Raymond Chen

A customer asked (via their customer liaison), “We wrote in-house Windows service that is set to auto-start when the user logs in. How can we prevent the user from terminating it in Task Manager, or at least have the service auto-restart if it is terminated?”

Services have access control lists. If you don’t want a service to let users terminate it, then set the access control on the service so that users don’t have the permissions you don’t like, and have the service run under an account that users don’t have access to. You can change the access control list the command line way or the fancy GUI way. I’m sure there are corresponding commands and GUI dialogs for changing the account the service runs under; I’ll leave you to find them.

From a technical side, a service can prevent itself from being stopped by simply ignoring the Stop notification, although a service that did that is basically making itself harder to be managed. And as for restarting after termination, there are a variety of options available on the Recovery tab in the Services MMC snap-in.

But we were rather baffled by this question, however, because the default security settings for services do not let unprivileged users start and stop them, and they run under accounts that normal users do not have access to. Normally, the only users who can stop or terminate services are administrators. And you can’t defend yourself from administrators because they are already on the other side of the airtight hatchway: Any setting you set to thwart the adminitrator, the administrator can simply reset.

The customer liaison clarified that the customer wanted to prevent both normal users and administrative users from terminating the service. If administrators cannot be blocked, they will inform the customer of that.

So let’s say it again: You can’t stop administrators from doing things to the local computer, because they are administrators. As I noted, administrators are already on the other side of the airtight hatchway.

If you are interested only in preventing standard users from stopping or terminating a service, then the usual service permissions should do the trick.