Disclaimer

I am not responsible if your devices send you back in time, explodes, implodes, bricks or flies into space from the use of any software I put up.

Search

Tuesday, March 29, 2011

Managing Security using UAC on Windows 7 Home Editions

This post demonstrates how to manage Security Levels on Windows 7 Home Editions.

Only Windows 7 Professional and above editions have a front end secpol.msc to manage local security policies.

For Windows 7 Home Edition you can manage the security policies by manually changing the registry values.

The registry location is shown in the picture below.


The corresponding security levels is as describe below:

Key:
_______________________________________________________________

ConsentPromptBehaviorAdmin (Affects account created as Administrators)
Value - Mode 
0 - Elevate Without Prompting (No Security) NOT RECOMMENDED
1 - Prompt for Credentials on the secure desktop (Most Secure) RECOMMENDED
2 - Prompt for Consent on secure desktop (Default Setting)
3 - Prompt for Credentials
4 - Prompt for Consent
5 - Prompt for Consent for non-Windows Binaries
_______________________________________________________________

Key:
_______________________________________________________________

ConsentPromptBehaviorUser (Affects account created as Users)
Value - Mode 
0 - Elevate Without Prompting (No Security) NOT RECOMMENDED
1 - Prompt for Credentials on the secure desktop (Most Secure) RECOMMENDED
2 - Prompt for Consent on secure desktop (Default Setting)
3 - Prompt for Credentials
4 - Prompt for Consent
5 - Prompt for Consent for non-Windows Binaries

 ______________________________________________________________


On Windows 7 Home Editions the default allows users created with admin rights to mindlessly run executables causing headaches for administrators.

This also prevents people who "borrow" your computers with Windows 7 Home Editions from messing with it by locking down security.

You can lock down the security by changing the corresponding registry values hope you guys find this is useful.

By default Windows Administrative Share is enabled on all versions.
However on Home Premium Versions Administrative Backend is disabled but this is a security risk on Linux System you can actually see the administrative shares. It appears as C$ depending on the partitions present.
You can actually access the system disk if you have the administrative password!


To fix this problem do the following:
Type 'REGEDIT', hit Enter
Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Create the new DWORD (32-bit) Value and in the name field type: LocalAccountTokenFilterPolicy
Leave the default value of 0.
or
Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters
Create the new DWORD (32-bit) Value and in the name field type: AutoShareWks and press Enter. (You can also leave this setting with its default value of 0.)
Reboot your PC.

No comments: