2x Feature REQ: Run as Admin rights upgrade for PL service & GUI

Started by Martin, October 29, 2009, 04:32:35 PM

Previous topic - Next topic

Martin

Hi!
  Thanks for this amazing utility! I use it all the time, and I like being in control of what's important to run and what is not at the moment!

  I have two feature proposals:


  • Some Sysinternals-now-Microsoft utilities have the option of "Run as Admin" in their menu (Process Explorer, Autoruns have it). It closes the program and relaunches it as admin. Can this be done?
  • Is there a way to run:

    • 1- Process Lasso as admin service for controlling the OS processes, and
    • 2- A separate user rights level Process Lasso for user processes?
    That way, I could control System processes while not giving normal users access to these settings?

Thanks in advance!
  Martin
  Montreal, Quebec, Canada

Jeremy Collake

I'm glad to hear you like Process Lasso ;)

I thought about this, and will work on adding such a menu item to elevate the permissions of Process Lasso.

Technically speaking, there is already a way to do this, added in v3.70. However, it isn't quite so instant or automated. Simply choose the 'Options / General settings / Reconfigure the way Process Lasso starts'. This will launch InstallHelper.exe. In the second of the two configuration dialogs, you can chose to run Process Lasso with elevated rights so that it sees and manages all processes. After you close the dialog, you'll have the option to close Process Lasso so that you can manually restart it.

I plan to implement the automated self-restart in an upcoming update. When I do, I'll add a more simple menu item to toggle this.

You could run Process Lasso in a configuration like you describe, but it isn't pretty. What you need to do is set the governor to run as a system service, BUT you need to rename the service so that Process Lasso can't find it.  I suppose the easiest way to do that is to let Process Lasso set up the service, then rename it manually in the registry. Be sure to change the registry key name, not just the friendly name of the service.

Since Process Lasso won't see the service, it will launch a normal process to also manage your user processes. Keep in mind the system process will be managing ALL processes, including the ones managed by the user instance. So.. in that respect, this may not be what you are looking for. There is no way provided to have the governor ignore processes managed by another instance.

I will have to work on making such a thing easier if I get a chance.

I hope this helps. Thanks for your support.
Software Engineer. Bitsum LLC.

Jeremy Collake

#2
Update: I am now adding the instant self-elevation/de-elevation (run as admin) feature you requested. This should appear in v3.70.6 and v3.79.4.

Of course, as I previously described, in the meantime you can use the menu item 'Options / General settings / Reconfigure the way Process Lasso starts' to change the 'manage all processes' setting. As of v3.70.5, Process Lasso and its core engine will automatically restart once you change the permission level. Previous versions required a manual restart of Process Lasso.
Software Engineer. Bitsum LLC.

Martin

Thanks!
  I will try it!!!

  As for running Process Lasso as both user mode and service mode, my mind does not quite grasp how both will cooperate together.  :(

  I already use a shared config file, so the service would be able to manage all processes, but the intent of the proposal was to have both separated for potential security/stability reasons. The intent was that a normal user would not have write access to the system-wide config file, and each instance of Process Lasso would manage only the processes within it's context's rights. A user could not mess with system processes, deadlocking the system by throwing the antivirus in idle priority as an example...

  All this dual-mode process management is theoretical for me, as my systems are not running in a hostile environment, but I bet someone will ask for it sooner or later...

  I wonder if having a separate config file for each user and a system-level config file overseeing the whole system could work, security-wise? The system's admin would install PL in service mode, but PL would use a "master" config file as a default, and the PL GUI would write it's settings changes in a user-owned config file (unless that user's GUI has elevated to admin)?

  The PL service would need to match each process with it's owner's config settings, possibly giving a higher priority to one user's processes over another's? The critical "trick" would be in securing communications between the PL service and the PL GUI, I think...

  Another idea (unrelated) I have is to have PL's service run as a separate user with it's rights tailored to it's function...

  I'll give it more thought when I have time... :)

And a HUGE thanks for Process Lasso!!! Without it my system would be slowed to a crawl under the load I impose to it...  :D

    Martin