Make sure that the user is not any kind of administrator - administrators obviously needs to be able to kill any process they want.
Provide access from the logon session to a user with required priviledges to start the process in the logon session. That's something you can do from a service. Here is some info on
Window Station Security and Access Rights[
^]
Deny the logged on user the PROCESS_TERMINATE permission for the process.
More on process security and access rights
here[
^].
So basically it can be done ... but it's not entirely trivial :)
[Update]
Csrss.exe is the user-mode portion of the Win32 subsystem; Win32.sys is the kernel-mode portion. Csrss stands for Client/Server Run-Time Subsystem, and is an essential subsystem that must be running at all times. Csrss is responsible for console windows, creating and/or deleting threads, and implementing some portions of the 16-bit virtual MS-DOS environment.
Smss.exe is the session manager subsystem, which is responsible for starting the user session. This process is initiated by the main system thread and is responsible for various activities, including launching the Winlogon and Win32 (Csrss.exe) processes, and setting system variables. After it has launched these processes, it waits for either Winlogon or Csrss to end. If this happens normally, the system shuts down; if it happens unexpectedly, Smss.exe causes the system to stop responding
So stopping them is not a good idea
Best regards
Espen Harlinn