Jump to content
MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. ×


  • Posts

  • Joined

  • Last visited

  • Donations


1 Follower

About R4D3

Profile Information

  • OS
    none specified

Recent Profile Visitors

3,309 profile views

R4D3's Achievements



  1. Its not their decision, MS just don´t allow it! - That is the reason, why tools like NTLite, Dism++, wimtweak,... still exist. - The other thing is, you can not be sure, that a 3d party modificated iso, doesn´t get backdoors. MS allowed some people, the distribution by permission, but only of untouched iso´s. - If you got a "perfect" iso - you can only write scripts, post your preset, etc, that other people can reproduce it! (This is the legal way!) For me, a combination of changing registry package permissions, wimtweak scripts, sysprep and vm export worked the best -> removing as much as possible, without destroying Windows Update, Store, Firewall...
  2. He he, hey... - i used "windows firewall control" too, but i like it more native (i used kerio 2x on xp) but since than, i try to make my rules better... - now https outbound is allowed for everthing, and only progs that need other port/protokols need an extra rule -> funny that you post 9 mins ago, cause i was here to share something else So here we go: Harden NETSH-Command (for now, only german script - not finished yet) Why this: Some programs like Chrome, Firefox, etc -> hjacking the Firewall and adding unwanted rules! (I would prefer a MS Inbuild Password Protection against it) -> Not sure, how it works in general, but if this happens with NETSH - i decide to "Harden" this file/command via (i normally dont like them) NTFS Permissions. - In this test i only give Admin & System the right to run the command, and remove the others TAKEOWN /F C:\Windows\System32\netsh.exe /A icacls C:\Windows\System32\netsh.exe /inheritance:r icacls C:\Windows\System32\netsh.exe /remove "VORDEFINIERT\Benutzer" icacls C:\Windows\System32\netsh.exe /remove "ALLE ANWENDUNGSPAKETE" icacls C:\Windows\System32\netsh.exe /remove "ALLE EINGESCHRŽNKTEN ANWENDUNGSPAKETE" icacls C:\Windows\System32\netsh.exe /remove "NT-AUTORITŽT\SYSTEM" icacls C:\Windows\System32\netsh.exe /grant VORDEFINIERT\Benutzer:(R) icacls C:\Windows\System32\netsh.exe /grant NT-AUTORITŽT\SYSTEM:(F) icacls C:\Windows\System32\netsh.exe /grant VORDEFINIERT\Administratoren:(F) icacls C:\Windows\System32\netsh.exe /setowner "NT SERVICE\TrustedInstaller" TAKEOWN /F C:\Windows\SysWOW64\netsh.exe /A icacls C:\Windows\SysWOW64\netsh.exe /inheritance:r icacls C:\Windows\SysWOW64\netsh.exe /remove "VORDEFINIERT\Benutzer" icacls C:\Windows\SysWOW64\netsh.exe /remove "ALLE ANWENDUNGSPAKETE" icacls C:\Windows\SysWOW64\netsh.exe /remove "ALLE EINGESCHRŽNKTEN ANWENDUNGSPAKETE" icacls C:\Windows\SysWOW64\netsh.exe /remove "NT-AUTORITŽT\SYSTEM" icacls C:\Windows\SysWOW64\netsh.exe /grant VORDEFINIERT\Benutzer:(R) icacls C:\Windows\SysWOW64\netsh.exe /grant NT-AUTORITŽT\SYSTEM:(F) icacls C:\Windows\SysWOW64\netsh.exe /grant VORDEFINIERT\Administratoren:(F) icacls C:\Windows\SysWOW64\netsh.exe /setowner "NT SERVICE\TrustedInstaller" pause When its proved, i maybe do an english Version to... - i get some unicode/utf problem with the script, - so the german "Ä" is "Ž" P.S. MS BUG INFO If you edit Firewall Rules, DO NOT COPY AND PASTE NAMES, or the console will crash
  3. What happen, if you rightclick on your taskbar, add a new toolbar, and search your Quicklauch-Folder manually (C:\Users\YOUR PROFILE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch) ???
  4. I did some kind of update and got a bit more understanding over the time... - the new ruleset allows HTTPS connections outgoing, and i added a rule to copy for other connections (some updates, even on windows do not use https - without custom additions they will be blocked! -> The WindowsUpdate-Rule is still ways to open -> i dont get it better... Watch the pics to understand, what i understand about it, so far R4D3.wfw
  5. mhhh combine batch and powershell - i will give it a try... - (the reason i like to write it as batch, is just of my "old" tools folder & get rid of tools that are not useful anymore, and the useful ones...) - in this case subinacl - on the second hand: - i am still try to make a error-free w10.wim - and for this image, i like to be sure, that SYSTEM & TrustedInstaller got Full Permission on all Files and Folders, without changing ownership...) (only some "corrupted" ownerships [why i got them after clean install???], should be changed...)
  6. you can look here, how to make an exitloop.... https://stackoverflow.com/questions/39026705/how-do-i-verify-if-a-file-exists-and-its-from-today
  7. Thanks for your answers, its kind of informative, but for the case, that i have only a 32 Bit Version of a file, etc - i have to do some tests, sadly i didnt got the time for testing - all time goes to destroying windows in VM´s ( a single wrong reg, ownership, removed file, destroys everthing...) - windows is like sugar, and i am the rain, that drops on it...
  8. Hi, me going crazy - i am trying just to read the owner of a reg-path via cmd batch file, and not beeing able to... ;( - I have searched and tried hours, but google just dont show results with Get, Read, Show, or whatever - i´ve tried subinacl, regini, its killing my brain I know, how to change the rights, how to get SID, eg i like to save the orginal owner, and write him back after changing permissions - but to do that, i really have to get the owner name before....
  9. Hi, some tools, extra files, and so on, store their files in the System32 Folder,... But, as everyone know, on a 64Bit System the System32 Folder contains 64Bit Files, and the 32Bit Files are stored in Syswow64. I was just wondering about, if it is a good idea to store 32Bit Files in this Folder, cause some of them need other dll´s from this folder two, and maybe the "jumpoints" are different inside, and the 32Bit Jumppoints are out of range, cause Syswow64 ist not part of the environment... So i decide, to add Syswow64 to the SystemEnvironment, and store 32Bit files there instead... - Does this make "sense" for you, or should i expect new and more errors, cause windows got 2 folders with particular similar named files, in its environment?
  10. Sorry for the late response - for me (my solution) is still working... - you can try: - removing all the BT Devices in ControlPanel (remember to activate to show not connected devices...) then restart - you can try using another driver Version (maybe the one from the manufactor, maybe from DP-Packs with using Snappy-driver-installer) Don´t have another idea, to fix it, sorry...
  11. Hey, just a tiny thing (i am thinking from time to time) and cant code it myself, a "Default Browser (Link Protection)" Why? Some programs just have url´s that open on click, or automatic, starting the Default Browser, and open a Website (as example the latest "snappy driver installer", just opens a website with default browser, when maximize the windows... - For me this is kind of hjacking, - i like to be asked, if i wanna open it (cause maybe i am logged in on my bank, or whatever, and just because i do something else, i don´t want that another "crappy" site is loaded, and track my cookies, or whatever...) So: I need a tiny Prog.exe (as Defaultbrowser) that links to mybrowser.exe, and if a url try´s to open the defaultbrowser, it needs to show me that url, and ask me, if i like to open it... (maybe with "choice: iexplore.exe, explorer.exe, mshta.exe, firefox.exe, chrome.exe, opera.exe...) I think this would be easy programmable, maybe with Auto-It, i just don´t know how to catch the url flag... (i just dont have the nerve, to move my mind into autoit, or coding...) Would be nice if someone would sacrifice some time to code it, many people would benefit... Optional: - URL DECODE - redirection checkup - check with virustotal - add to hosts file...
  12. Windows XP should only be used by people who know, what they are doing or using an offline pc! - If you are the old man, your picture shows to us, i would recommend using Windows 7, Linux, by an Mac, or (if your life will be long enough) wait for reactos... If you still wanna use XP use custom images only! (nlite or similar, to remove unsecure elements....) , and you really need kerio firefall 2.x (company changed after), Sandboxie, Zertificate Updater, and maybe import the "writeprotect-function" from Server 2003 version... - Maybe you find on old forum (not here) disscussion (in waybackmachine) from a user called "vamp", who worked with SP0 version, and updated only existing dll´s in the image manually... (after removing things with nlite) To stay here, just typing my today w10 problem: - Ublock for edge, needed to be set back to standard rules (beause, the elementpicker didn´t worked) (thy only store app i use) - after that, i did´nt start - uninstall - try to reinstall, but store got an so called "PUR Authenification Error" - store reset -> no success Solution (i dont wanna reinstall, cause i did a clean install of 1809 last weak, and allready restored it one time, cause some updates broke it, now i am supressing them with my firewall rules... Solution: - installing another browser and removed outbund rules for edge and store (until next reinstall, or find a workaround) p.S. a Question: Did someone know how to forbid chrome (and other software) from adding unwanted firewall rules ?
  13. Just 2 Adds: FIX HyperV BSOD on Version 1809 (when using AndroidEmu, Sandboxie, VM & similar) CMD with Adminrights: (Restart after) bcdedit /set hypervisorlaunchtype off (Adding an Option to the Advanced Energy Schemes, to prevent, 1809 falling to Sleep after 2 mins (you need to set the added options manually to 0, as long as i didn´t write a script for it, cause the entrys are protected, by that MS_dumb_rightsmanagement_System… Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\7bc4a2f9-d8fc-4469-b07b-33eb785aaca0] "Attributes"=dword:00000002 (
  14. Hi (pls move this thread, if it belongs somewhere else…) Do you get bored of all the pishingmails that endup in your email ? Do you think, just deleting them, will help stop them ? No! ;) So, but what can normal users do ? - Most of this mails wanna link you (with a cryptic link) to their site (DO NOT CLICK!) As example, look at this pishing Mail, i got today: When you hover the mouse over it, you can see, this cryptic link (my Mail Provider, adds his redirection automaticly…) But what now ? First: You Need a URL ENCODE/DECODE Service, i use: Meyerweb (https://meyerweb.com/eric/tools/dencoder) If you copy your bad link with (rightmouseclick & Copy) and enter it at your encoderservice & press encode! Now, you go to a url scanner site, i use https://www.virustotal.com and enter that link, in their url scanner (if the pishingsite is unknown for them (everything is green), click on the devil Smiley to mark it bad! - Under Advanced Information, you can see the redirections, and where it links to… (you can use the ip, but i work with the link) (Decode this link again, and you know, where this link was trying to redirect you! - With this link, you search a WhoIsIP Service in your browser (sometimes you need to try more than one), and the who is IP Service, tells you, where this site is hosted! In this case it is cloudflare… Now you search the web, for the official hoster site, and write them (in this case, they have a abuse mail abuse+law@cloudflare.com), and send them your pishing mail... Fin p.s. (i maybe will work, at this post later (some spell correction), but for now, ist ok for me like this, i just wanna give others the Option to fight back a littlebit ;) - Feel free to comment, or share your tips, or
  15. just type diskmgmt.msc use the console or: search control panel with cortana - its still everything there... (you could search it with g**gle very easy the explorer for sure, is still the explorer... - maybe you need to watch some youtube tutorials...

  • Create New...