Concealing a Windows service or application from users

Curious users can play havoc with a needed service or application, and sometimes the easiest solution is to conceal it from casual observation.

The scenario: A company contracts you to install (for example) FTP servers on its workstations to facilitate remote access of documents. Some users can’t resist the temptation to monkey around with its settings, rendering the system inoperative. The client finds it more expedient to blame you, a mere contractor, than deal with troublesome but vested employees.

What to do? Well, you can fire the client — I’ve done that — or you can conceal the service or application from the end-user. I do not truly stealth anything: an administrator needs to be able to find and control everything. But hiding the obvious signs of an attractive nuisance is sometimes expedient.

The best way to control troublesome users is to move them to a Linux workstation, where you have finer grained control over what users can see and do. I have set up Linux workstations with faux-Windows UIs, and my experience has been that those users most prone to break things are also the least likely to realize that it isn’t Windows.

If Linux is not an option, here’s what you can do with Windows:

  • Remove any desktop icon or taskbar quick launch button.
  • If the service or application has a splash screen or other means of needlessly calling attention to itself, deactivate it.
  • Remove any start menu entries. In particular, insure that the service or application does not appear in the Start menu under the “launch at startup” item. If it does, remove it and instead launch it at startup via the Registry.
  • Hide any system tray icon (instructions for Windows XP, Vista, Seven, Eight).
  • Remove the application from the Add/Delete Programs list. The portable version of CCleaner is good for this.
  • Reboot, log in as user, and insure your changes have held and that the application or service is running normally.

You may be tempted to hunt down and remove the application’s uninstall.exe or other removal code. I do not advise this, as it would infringe on the system administrator’s control over the system. “Control the user; empower the administrator” is my rule on Windows; breaking that rule often does more harm than good.

Apropos of this, it bears repeating that these techniques are not intended to hide anything from an administrator. A quick check of services (Control Panel – Administrative Tools – Services) will show the service in question, and viewing the running processes (Ctrl-Alt-Del, then “Processes”) will show all relevant processes. So the administrator remains informed and in control, as he should be.

When finished, inform the client in writing what you have done and retain a copy for your records. Some organizations have poor institutional memories. You don’t want the client forgetting about this job, rediscovering the concealed service by accident, and suspecting bad faith on your part.


About Warren Post

So far: Customer support guy, jungle guide, IT consultant, beach bum, entrepreneur, teacher, diplomat, over-enthusiastic cyclist. Tomorrow: who knows?
This entry was posted in Uncategorized and tagged , . Bookmark the permalink.

One Response to Concealing a Windows service or application from users

  1. Pingback: Using SpiderOak | Warren's tech notes

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s