-1

In continue to my SO question, I would like to know how it is possible, by GPO, or a security setting, to prevent from a Windows Service to spawn new process.

I have a machine with Windows Service (logon as SYSTEM) and it attempt to create new Process and then Process.Start() it. But the call to .Start() fails with no exception and nothing in Event Viewer logs.

What could be the reaon ? what local security policy or GPO policies can prevent it ?

Thanks

ilansch
  • 179
  • 2
  • 13
  • It isn't *completely* impossible that your problem is caused by a group policy setting, but it is unlikely. If `python.exe` were blocked from running, for example, it wouldn't have worked when you ran it via psexec. It is more likely that Python is crashing on startup, or that your Python program is failing for some reason, e.g., perhaps you haven't set the right working directory. – Harry Johnston Feb 02 '19 at 23:17
  • what group policy setting can do it ? – ilansch Feb 03 '19 at 00:50
  • I am not aware of any group policy setting that could result in the behaviour you describe. Have you tried Process Monitor yet? – Harry Johnston Feb 05 '19 at 02:39

1 Answers1

0

You need to validate your service logic in the code, you have a error there. The error is not within the Windows OS.

My guess is that the service start a new process and it die after and let the kid process alive, thus it allow you to start a new service instance, but it should not do that.

To explain it; The service register itself to the Service Controller (SC), and after it register itself to control the service start, stop and restart.

In your code, you can validate the service status and set the STATUS so windows know where your service is at; ie when the service start;

g_ServiceStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP; g_ServiceStatus.dwCurrentState = SERVICE_RUNNING;

As you can see the winmain of a service is not the same as a normal application as it handle the main code when the service is started by SC and it stay open, as if the process die then you can issue another net start for your service.

See an example there; https://www..com/Articles/499465/Simple-Windows-Service-in-Cplusplus

So in resume if SC allow you to re-issue a service net start, and don’t return you an error ´the service is already up, can’t start’, then your service died, no GPO or anything can help you there

yagmoth555
  • 16,758
  • 4
  • 29
  • 50
  • my service does not die, it continue to live, the child process maybe loads and fails instantly, but since i registered the .Exit event, i would expect that event raised. – ilansch Feb 03 '19 at 00:52
  • @ilansch by service logic it’s what I meant then, can you make the python script output the result in a text file? so your service could know the outcome ? and know if its running or know it was runned – yagmoth555 Feb 03 '19 at 13:42
  • My python has internal logging. The problem it is not being executed, some policy is blocking it. What security policies can block a process from starting? – ilansch Feb 03 '19 at 23:58