Safe_Admin finally it is there

Phil

SSRP is fine, My mother of 82 still runs XP Pro. K-meleon with explorer skin replaced Internet Explorer. She runs as Power User with most applications running as Basic User (simular to DropMyRights option of SSRP). I have installed Crystal free Anti-Exploit (also for K-meleon). On XP the line between kernel and user space is not that hard as in Vista and higher.

Regards Kees

 

Thanks for this dude!

 

bouncer isn't free from what i know. There is only a free demo version, or i missed something?

 

Ummm think you misread the comment mate...

I think he was saying that the approach mentioned in this thread is a free alternative to the SecureFolders, Bouncer combo... since, like you mentioned, Bouncer isn't free.

EDIT: Congrats on your next post guest... 1000!

 

thank you

 

I realize that this is an old how-to, but it's likely there are members here are who still using this software/strategy. I am currently testing this on Windows 8.1 (32-bit), and have noticed a few things. The first is that "Read-only" with this software is really Read-Execute. In other words, files in directories set as "Read-only" can be read and they can be executed, but they cannot be written to.

Another issue that I just discovered is that the LUA technique described above is not working on Windows 8.1 (32-bit). I tested it by setting the directory of SumatraPDF to "No-execution". Then I tested it by trying to launch SumatraPDF and, as expected, execution was blocked. Next I added SumatraPDF as a trusted application; however, when I tried to launch SumatraPDF again, it was still blocked. UAC is on and hasn't been tampered with (at least not by me).

Also, the idea of setting threat-gate applications as trusted kind of "rubs me the wrong way." That being the case, I am not especially interested in getting the above LUA technique working, though I am a little curious as to why it didn't work.

EDIT: I figured it out. The solution came to me later when I was lying in bed. For the above method to work, explorer.exe must be present in the trusted applications list. I didn't have it included because I don't trust it (it's a likely target of malware), and plan to use a different file manager instead.

Phil