Only Windows 7 Professional and above editions have a front end secpol.msc to manage local security policies.
For Windows 7 Home Edition you can manage the security policies by manually changing the registry values.
The registry location is shown in the picture below.
The corresponding security levels is as describe below:
Key:
_______________________________________________________________
ConsentPromptBehaviorAdmin (Affects account created as Administrators)
Value - Mode_______________________________________________________________
0 - Elevate Without Prompting (No Security) NOT RECOMMENDED
1 - Prompt for Credentials on the secure desktop (Most Secure) RECOMMENDED
2 - Prompt for Consent on secure desktop (Default Setting)
3 - Prompt for Credentials
4 - Prompt for Consent
5 - Prompt for Consent for non-Windows Binaries
Key:
_______________________________________________________________
ConsentPromptBehaviorUser (Affects account created as Users)
Value - Mode
0 - Elevate Without Prompting (No Security) NOT RECOMMENDED
1 - Prompt for Credentials on the secure desktop (Most Secure) RECOMMENDED
2 - Prompt for Consent on secure desktop (Default Setting)
3 - Prompt for Credentials
4 - Prompt for Consent
5 - Prompt for Consent for non-Windows Binaries
______________________________________________________________
On Windows 7 Home Editions the default allows users created with admin rights to mindlessly run executables causing headaches for administrators.
This also prevents people who "borrow" your computers with Windows 7 Home Editions from messing with it by locking down security.
You can lock down the security by changing the corresponding registry values hope you guys find this is useful.
By default Windows Administrative Share is enabled on all versions.
However on Home Premium Versions Administrative Backend is disabled but this is a security risk on Linux System you can actually see the administrative shares. It appears as C$ depending on the partitions present.
You can actually access the system disk if you have the administrative password!
To fix this problem do the following:
Type 'REGEDIT', hit Enter
Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Create the new DWORD (32-bit) Value and in the name field type: LocalAccountTokenFilterPolicy
Leave the default value of 0.
or
Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Create the new DWORD (32-bit) Value and in the name field type: LocalAccountTokenFilterPolicy
Leave the default value of 0.
or
Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters
Create the new DWORD (32-bit) Value and in the name field type: AutoShareWks and press Enter. (You can also leave this setting with its default value of 0.)
Reboot your PC.
Không có nhận xét nào:
Đăng nhận xét