aviv00

*** Runas Admin / User Method to Reduce exposure of security threats OS Compatibility: Win ALL ***Version 2 - Able to use admin and run always as user Each time running exe file it will default-ly run as user explorer.exe and the shell running in admin mode so if u need to delete files manage stuff... u dont need to open explorer as admin if u logon as user, thats why this method is my fav Shell is protected from applications, if u run some unsafe application or internet explorer it wont effect the system and ur shell also [explorer.exe], it wont able to add application to logon and so on everything is done in lower / reduce user privilege. step1run this in cmd with admin rights net user /add 1 1net localgroup /del users 1step2 add access for user 1 to NTFS permission of ur directory like c:\users\administrator read-only step3 backup REG EXPORT HKEY_CLASSES_ROOT\exefile\shell\open\command %USERPROFILE%\desktop\Backup.regstep4 change reg Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\exefile\shell\open\command]@="runas.exe /savecred /user:1 \"%1 %*\"""IsolatedCommand"="\"%1\" %*"when u need to run as admin just right click and...run as administrator after playing we all combinations i think this my fav applications that run at logon that need admin - trying to find a better solution then just run them as admin ::End v2 This idea developed due few experiences i had: We All know the annoying message of UAC to install / Run application or if we login with user without admin rights, to put admin's password to run it cause that we found our self using full admin user with UAC off. Keep windows secured is hard, cos updating require rebooting the system, takes times. IE might be expose to malwares if we wont update but even when its updated its a risk, also general applications need updating and configuring. AVs / companies - working hard to give us, good solution to blocks those threats, but no matter how they do someone making new virus / malware and we all expose to it. "Authenticated Users" - there discussions around this subject normal users given modify rights due "Authenticated Users" Group, which is the Default permissions OS set even the "Users" 's NTFS permissions is only read. So, i found a cozy way to have security and also comfort to user. Applying: go to bottom to download the files or do it manually Step1 First lets create normal user, run this in cmd with admin rights net user /add 1 1disabling UAC should save time running application save this code to reg file and double click Reg Code Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\*\shell\RunasNormalUser]@="Run as user""Icon"="imageres.dll,74"[HKEY_CLASSES_ROOT\*\shell\RunasNormalUser\command]@=""C:\\Windows\\system32\\runas.exe" "/user:1" "/savecred" "%1"";Automatically deny Approval request from standard user[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]"ConsentPromptBehaviorUser"=dword:00000000each time u want to run application without admin rights right click on it and choose "Run as user" u will need enter password just once type 1 and then enter Step2 - IE lets change the shortcut of internet explorer to run always as normal user right click on the shortcut and properties change the target to C:\Windows\System32\runas.exe /user:1 /savecred "C:\Program Files\Internet Explorer\iexplore.exe" Step3 - Firefox if u have addon "open in IE" go to option of the addon in Firefox change the IE Path to bat file u will create Bat file C:\Windows\System32\runas.exe /user:1 /savecred "C:\Program Files\Internet Explorer\iexplore.exe %*" Step4 - "Authenticated Users" If u want more security and just one person using your PC u can remove the group "Authenticated Users" from your data drives icacls <data drive>: /remove:g "Authenticated Users" /inheritance:r u can do the same with normal user and RunasAdmin without need to enter the password over and over again just change user:1 to user:administrator and set password to it Step5 Running Windows Explorer as normal user / admin HKEY_CLASSES_ROOT\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2} \ runas rename or delete good if u like to run multi file as admin or delete file so rest of the os running as user Step6 - sudo.bat make sudo.bat file with content runas /savecred /user:administrator "%*" and place it in system32, when u want to run application with admin use sudo explorer c: | sudo taskmgr... u get the idea To summarize it up: u can run old applications or old OS and less worry about getting hacked and malware u can always delete the profile when its infected and OS will still works like a new, its wont effect it easy method to apply with Significantly security improvement .... Scenarios that it might help: Old-school application - like Winamp that not upgrade anymore and might have exploits Portable Applications - no auto updating for those usually Better privacy IE - same website can break in to PC with new exploits even with fully updated good with Step4 to avoid changes to files External info: "Removing admin rights would mitigate 96 percent of critical vulnerabilities affecting Windows operating systems, 91 percent of critical vulnerabilities affecting Microsoft Office and 100 percent of vulnerabilities in Internet Explorer," Avecto said. http://www.tomsguide.com/us/standard-accounts-stop-malware,news-18326.html Whitepaper Key Findings: The report highlights the following key findings: Of the 147 vulnerabilities published by Microsoft in 2013 with a Critical rating, 92% were concluded to be mitigated by removing administrator rights 96% of Critical vulnerabilities affecting Windows operating systems could be mitigated by removing admin rights 100% of all vulnerabilities affecting Internet Explorer could be mitigated by removing admin rights 91% of vulnerabilities affecting Microsoft Office could be mitigated by removing admin rights 100% of Critical Remote Code Execution vulnerabilities and 80% of Critical Information Disclosure vulnerabilities could be mitigated by removing admin rights 60% of all Microsoft vulnerabilities published in 2013 could be mitigated by removing admin right https://www.avecto.com/media/1030/report-microsoft-vulnerability-study.pdf thx for GezoeSloog for the icon reg Download: http://s000.tinyupload.com/index.php?file_id=20490777864214869676

use this method http://www.msfn.org/board/topic/104130-guide-win-server-2008/page-2#entry730473

@NoelC on Cortana Remove package with dism remove-package

Hey how u notice those are encrypted?

with Startisback and prelauch searchui .... disabled system data usage is 0

Hey Nuhi Could u make dism manager based on ntlite with history and nice order like ntlite have

Should it become like this?autoruns.png only if u advanced user because it too extreme

i gonna update the topic soon edit: topic updated [Guide]Way to Disable Keylogger/ Telemetry v2.1

topic updated [Guide]Way to Disable Keylogger/ Telemetry v2

If you didn't have written this paragraph, I could think you work in MS. (Just joking). Come on fellow don't tell me you like metro apps on desktop OS. Or Are you talking about using 10 on a movil device? No i dont like metro apps so much, I like style like closing app from taskbar the change of style mostly

Except the data collection and the "Evil" updates we all fear i have good feeling about windows 10 Microsoft im process of abandon the old windows form style and moving to metro which i think is better to performance less resources will used metro is more simple then old form but have nice style like WPF Microsoft will make it better enuf to make old Window form obsolete they just need to find the nice touch between Tablet/PC For now its good enuf for me i used it for few days its all going fine

run sfc /scannow first

I test vista many times on few pcs with different hardware never got good performance even with windows server 2008 sp2 i tried to change drivers... weird OS working ok on same hardware like oem but the rest, pretty bad if its working good on ur system there no good reason to upgrade

i see it when running cmd while installation windows but then the _ploc disappear might be relate to setting the users

i start to be unhappy with Windows the analogy between Linux and Windows Windows is the fancy girl that always want buying stuff for her more ram more cpu power... Linux girl is just fine with what u got Microsoft doing it all the time more metro apps more services running automatically resources is spare on features we are not gonna use if there no way to lite windows i properly leave windows or Windows Server Workstation I see in the future we all have to have SSD to use windows 10

u can use Win Toolkit to remove it permanently

I like file manager of windows 7 its more originated also change the gui to look like windows xp would be simple and easily accessible

most of the apps can be installed normally and them move to another directory and still work

a combine version of windows xp and windows 7 would be perfect win7 is great but have few features that less used therefor need to be less favorably accessable

Yes if he is admin of ur domain but also if u like u can change it after he finished but its doesn't matter really there a secret / anti-spy agreement IT signed on edit but if its part of ur CC password or something i suggest change it and then give it

putting hosts file cut down much the ads and also malware but the best is the first u said and formatting well its not hard to move the os folders to old dir and deploy windows from backup. that with using portable apps make it easy to installing refreshed os

here a nice settings i made Menu Settings.xml

i guess consumers will buy enterprise

@ Legolash2o does WinToolKit use it method also ?