Maximising the power of Windows7 for security when running as ADMIN

Yeah, I remember that...

Maybe when SAFE-Admin comes out... then in a future version it will be possible to do this

Who knows...

 

Not a bad estimate on time Kees. The worker program (command line) is very close after one more code change. That needs to go open beta before I start on the UI portion. Unfortunately life both at home and work have kept me from any significant time to code for 3 weeks now, with it appears another week of the same.

One thing is certain, if you are timid with tools such as icacls or you just want to make it easier on yourself, or have a way to keep track of what you did with icacls, SAFE-Admin should be able to help you out.

Sul.

 

I have applied these settings to my computer but i noticed pretty good security will run anywhere even with SRP default deny. Any way to stop this? SRP is set default deny with only system folders and one other folder allowed to execute. Admin is not allowed to execute from other folders either. Tried with an installer an uac opens but SRP blocks it after saying yes. Did i do something wrong?

 

I didn't really understand what you wanted to say in the first part.
On your second question, if i remember correctly on my PC SRP blocks the .exe before the UAC kicks in (Short answer: No UAC pop up)

 

If you are asking, why does the program PGS.exe always start, the answer is because there is a default rule to allow it to run from any location. Maybe you weren't aware of that?

Sul.

 

Sorry i worded that poorly :/ what i mean is SRP is enabled and i set it so it deny's executables in all locations except the default paths and then one i added. The downloads folder is one thats not aloud. However when a run any executable in a folder that is not allowed by SRP UAC opens but clicking yes then issues the SRP message saying its blocked. The issue is that pretty good security runs even in a folder i dont allow by SRP. Nothing else runs though. Maybe i set up something wrong i hope this makes sense not sure how to explain it. Ill post screenshots if needed.
EDIT: Here are some screens:
http://dl.dropbox.com/u/3374394/srp3.jpg
http://dl.dropbox.com/u/3374394/srp2.jpg
http://dl.dropbox.com/u/3374394/srp1.jpg

Also another thing fire fox was able to install flash without SRP blocking it. Did I mess something up with SRP? I have re-enabled it after deleting the policies. It is set as per those pictures.

 

Wow big time fail on my part! I disabled the Application Identity Service which effectively makes SRP useless. Sorry about that =p good post btw I am now using most of it.