UlimitNT

Associate new or existing processes with a job, restricted token and/or desktop.

Jobs are a feature of Windows 2000 (and later) that are used to enforce quotas. A job has a set of processes associated with it and a set of limitations, applied to all the processes in the job. Once a process is in a job, it cannot leave. A process can belong to at most one job. Normally, any child processes created will be associated with the parent's job.

Job limits include UI restrictions, such as reading/writing to the clipboard, memory limits, security token limits, process count limits, and total CPU time limits. They can be used to provide extra security and DoS resistance to your computer.

Restricted tokens provide a means to give a new process less access than its parent process, but without involving the account of another user.

Desktops are a feature of Windows NT 3.51 and later that provide a visible security barrier between application windows.

Almost all of UlimitNT's functions require no special privileges to operate since they represent only a reduction in available privileges and resources for processes.

As usual, Microsoft puts nice features into the base system and then doesn't provide a good way to take advantage of them; UlimitNT provides a convenient command line interface to these features.

See the readme (also included in download package) for usage information.

UlimitNT is freeware, and includes source code released under the GPL v2.