UlimitNT
|
Interface to process limits on Windows OSes. Provides provides a command line interface to restricted tokens, job objects and desktop objects on Windows NT version 5.0+ (Windows 2000) OSes. It creates or opens processes, and associates them with a job object and/or restricted token.
Usage: UlimitNT [-option <parameter> ...] [executable ...]
Options (not case sensitive):
-UseDesktop Use the named [window station\]desktop
-UseOpenDesktop Use the existing named desktop
-SwitchDesktop Switch to the previously named desktop
-LimitDesktop Prevents desktop switching
-DisplaySettings Prevents display changes
-ExitWindows Prevents shutdown/logoff
-GlobalAtoms Forces a private atom table
-Handles Prevents access of USER handles outside the job
-AllowCursor Allows access to the mouse cursor despite -Handles
-ReadClipboard Prevents reading of the clipboard
-WriteClipboard Prevents writing of the clipboard
-SystemParameters Prevents changing of USER parameters
-BreakawayOk Child processes can break away from the job upon parent request
-BreakawaySilent Child processes always break away from the job
-Breakaway Request that new processes be outside the pre-existing job
-DieOnUnException Processes will die on unhandled exception (no debugging)
-NoAdmin Processes cannot use any tokens that include local admins
-Restricted Processes cannot use tokens that aren't restricted
-PrcLimit num Maximum number of processes that can be in the job
-JobTime num User mode time limit (in 100ns units) for entire job
-PrcTime num User mode time limit (in 100ns units) for individual processes
-JobMem num Maximum memory (in bytes) the entire job can commit
-PrcMem num Maximum memory (in bytes) any process can commit
-Sched num Scheduling class, from 0 to 9 where 9 is highest
-WorkingSet min max A fixed working set for each process, in bytes
-DSid Makes the specified SID deny-only.
-RSid Makes the job/processes restricted to these SIDs only
-[D|R]SidLogon Disables or restrictes the logon SID
-[D|R]SidUser Disables or restrictes the user SID
-DPriv Deletes the named privelege.
-DPrivMax Deletes all priveleges.
-JobToken Forces creation of a job with the token.
-DupJob Gives new processes a no-access handle to job to keep job open
-NoDupJob Prevents -DupJob. Use with -Name
-Name text Gives the job a name. Implies -DupJob
-Reset Causes reset of job limits. Use with -Name
-Parent num Adds the parent process of ulimitnt num levels up to the job
-ProcessID num Adds the process with the specified ID to the job
This program creates or opens processes, and associates them with a job object and/or restricted token.
Job objects are a feature of Windows 2000 (and later) that are used to enforce quotas. A job has a set of processes associated with it and a set of limitations. These limitations are applied to all the processes in the job. Once a process is in a job, it cannot leave. A process can belong to at most one job. Normally, any child processes created will be associated with the parent's job. (See options below)
Job limits include UI restrictions, such as reading/writing to the clipboard, memory limits, secuirty token limits, process count limits, and total CPU time limits. They can be used to provide extra security and DoS resistance to your computer.
Restricted tokens provide a means to give a new process less access than its parent process, but without involving the account of another user.
Almost all of ulimitnt's functions require no special privileges to operate since they represent only a reduction in available privileges and resources for processes.
As usual, Microsoft puts nice features into the base system and then doesn't provide a good way to take advantage of them; ulimitnt provides a convenient command line interface to these features.
The license of this software is Free, you can free download and free use this system utility software.