Monitor Running Applications

  • Thread starter Thread starter John Wright
  • Start date Start date
J

John Wright

We have a problem at our plant. The production floor machines are being used
by some people for playing solitaire, freecell, minesweeper, etc. Is there a
way that VB.NET or .NET in general, can determine if these processes are
running? I want to catch them running and pop up a messagebox saying this is
an illegal program and terminate it. Not looking for code, just a push in
the right direction.

John
 
John Wright said:
We have a problem at our plant. The production floor machines are being
used
by some people for playing solitaire, freecell, minesweeper, etc. Is
there a
way that VB.NET or .NET in general, can determine if these processes are
running? I want to catch them running and pop up a messagebox saying this
is
an illegal program and terminate it. Not looking for code, just a push in
the right direction.

John
Click to expand...

Are the programs "illegal" or just not allowed at certain times?
If they're not allowed to run them ever you could just delete the
executables.
Would the users be running games from their own floppy disc / flash drive?
Do the machines have internet access?
Are you able to access the machines remotely on a domain?
 
Yes the games are "illegal" at all times. Problem with deleting them, is they
put them back on or move the exe files to another location. We tried to
corrupt the exe files but windows does a repair on them. There are no floppy
drives on the machines and flash drives are disabled by policy so this is
strictly the games that come with windows. We do have a list of "illegal"
programs, I would like to create a program that would monitor applications
that are started and match the applications against the database to determine
if they are legal/illegal.

The whole goal of this is to free up our time so we don't have to keep
checking the machines as they put the games back on. We would like a program
to help with this and notify the user they are performing an illegal
operation with this program.
 
Hi,

John said:
Yes the games are "illegal" at all times. Problem with deleting them, is they
The whole goal of this is to free up our time so we don't have to keep
checking the machines as they put the games back on. We would like a program
to help with this and notify the user they are performing an illegal
operation with this program.
Click to expand...

get a copy of Process Explorer, locate the window titles of the apps you
want to kill, use FindWindow in a service to constantly/periodically
monitor whether one of your listed windows is existing and kill the
process. Problem with that is that users could use the task manager to kill
the monitoring process.

Question is, why can your users even install software on their PCs if that
imposes problems - why not simply restrict their rights ..?
Also, I'm not a network expert, but would assume that there is a policy
that would allow a system wide setting for preventing certain programs from
being installed, if your users otherwise require administrative rights.

However, if there was employees that would constantly violate contracts
though, I for one would rather be tracking them down (i.e. the logins that
run such programs) and confront them with it ...

Process Explorer:
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

Cheers,
Olaf
 
Olaf Rabbachin said:
Hi,



get a copy of Process Explorer, locate the window titles of the apps you
want to kill, use FindWindow in a service to constantly/periodically
monitor whether one of your listed windows is existing and kill the
process. Problem with that is that users could use the task manager to
kill
the monitoring process.

Question is, why can your users even install software on their PCs if that
imposes problems - why not simply restrict their rights ..?
Also, I'm not a network expert, but would assume that there is a policy
that would allow a system wide setting for preventing certain programs
from
being installed, if your users otherwise require administrative rights.

However, if there was employees that would constantly violate contracts
though, I for one would rather be tracking them down (i.e. the logins that
run such programs) and confront them with it ...

Process Explorer:
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

Cheers,
Olaf
Click to expand...

I too was wondering why users are installing software. Do they have
internet access and/or email on the machine that they could be getting the
game executables from, or are they installing them from add/remove programs?
Add/Remove programs should require administrator access which users should
normally never have, and if they have the password for an administrator
account there's another security issue.

If there's already a free program to prevent the programs from running, it
would seem simpler to go that route, unless you're already writing a VB.NET
program the users would already have to be running for some other purpose.

We don't bother to remove games from our PCs because users are allowed to
run them on their breaks, over lunch, or after hours. If it's a job with a
measurable productivity level and you already know what you should expect
the users to accomplish, you can always fire them if they're playing games
and not getting enough work done. It might not even be cause for concern if
they're playing games when they're supposed to be working but they're also
getting all the work done which is required of their job.
 
Thanks for all the input. Yes, some people on the floor have access to
email/internet due to logins on non-production machines. We are finding that
some people are very resourceful in getting this programs. I will look at
process explorer and FindWindow. The users rights are restricted, but it is
really is easy to move the Solitaire exe to another location, or rename it.
Thank you both for your help.
 
John Wright said:
Thanks for all the input. Yes, some people on the floor have access to
email/internet due to logins on non-production machines. We are finding that
some people are very resourceful in getting this programs. I will look at
process explorer and FindWindow. The users rights are restricted, but it is
really is easy to move the Solitaire exe to another location, or rename it.
Thank you both for your help.
Click to expand...

I would also suggest that you take a look at WMI and its permanent event
subscription:

http://msdn.microsoft.com/en-us/library/aa393014(VS.85).aspx

It is relatively easy to set up, doesn't require much progamming and is very
hard to track down and disable. You would monitor Win32_Process instances
creation events:

http://msdn.microsoft.com/en-us/library/aa394372(VS.85).aspx

I use it to monitor what processes are created and simply log the process
name and creation time into a txt file using LogFileEventConsumer class:

http://msdn.microsoft.com/en-us/library/aa392277(VS.85).aspx


--
urkec

My blog:
http://theadminblog.blogspot.com/

My CodeProject articles:
http://www.codeproject.com/script/Articles/MemberArticles.aspx?amid=4210975
 
Back
Top