Runas Admin / User / Adminuser Method to Reduce exposure of security threats v2.2

Discussion in 'Application Software' started by LiteOS, Nov 28, 2015.

  1. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,368
    516
    60
    #1 LiteOS, Nov 28, 2015
    Last edited by a moderator: Apr 20, 2017
  2. Gharlane00

    Gharlane00 MDL Addicted

    Aug 26, 2009
    530
    133
    30
    #3 Gharlane00, Nov 28, 2015
    Last edited by a moderator: Apr 20, 2017
    I like it. I did make one change to satisfy my OCD

    Code:
    
    
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\*\shell\RunasNormalUser]
    @="Run as Normal User"

    [HKEY_CLASSES_ROOT\*\shell\RunasNormalUser\command]
    @=""C:\\Windows\\system32\\runas.exe" "/user:1" "/savecred" "%1""
    Code:
    
    
     
  3. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    5,682
    13,109
    180
    #4 Mr.X, Nov 29, 2015
    Last edited: Nov 29, 2015
    This definitely looks much better for me :good3:

    Moreover, to keep things even and aesthetic:
    @="Run as normal user"

    Now I wonder how to tweak it to grab user account image to show left in "Run as normal user"
     
  4. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,368
    516
    60
    #5 LiteOS, Nov 29, 2015
    Last edited: Nov 29, 2015
    (OP)
    OK i changed it
    but i want to distinguish it from Run as administrator which is internal option

    i guess its possiable to make it with icon but how :confused:
     
  5. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    5,682
    13,109
    180
    Oh don't, you just can make Gharlane tweak as optional. Your reason is still valid.
     
  6. The_Guardian

    The_Guardian Contributor

    May 7, 2012
    2,003
    6,701
    90
    #7 The_Guardian, Nov 29, 2015
    Last edited: Nov 29, 2015
    @ lite8 & Mr.X,
    WinMount is what has the ability to edit the context menu. You will have to do some research but I am sure you can hide it. Worth a shot anyways. I recommend doing a backup before attempting just in case something goes wrong. You know how testing goes. lol

    Check these reg entries with WinMount...
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ShlExtMenu
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\

    Edited: Its not on M$ store anymore...more details below.
     
  7. The_Guardian

    The_Guardian Contributor

    May 7, 2012
    2,003
    6,701
    90
    #8 The_Guardian, Nov 29, 2015
    Last edited: Nov 29, 2015
    Or you should be able to do it with group policy as well if only needing on your computer...if for others then you must edit the iso of course.

    Gpedit.msc and press enter. In the Group Policy window, browse to the User Configuration\Administrative Templates and highlight the System folder. In the System folder, double-click "Prevent access to the command prompt." Change the Setting to Enabled, then click Ok.

    If you need group policy for lets say win10 home which doesnt come with it, I got it to where you can install it in Win 10 home so end users can have access like in pro and enterprise (I used it when I had Win10 home but went back to Win8.1 because even though M$ says its compatible, HP said different for my configuration). Group Policy lets you turn off all the Telemetry bullsh*t. If you need it pm me. ;)



    I feel like Santa Clause. lmao! :)
     
  8. The_Guardian

    The_Guardian Contributor

    May 7, 2012
    2,003
    6,701
    90
    #10 The_Guardian, Nov 29, 2015
    Last edited: Nov 29, 2015
    After more research, M$ and WinMount could not come to an agreement so its not added anymore. It was there for a little while. Guess M$ wanted the whole pie. Either way, its available for free on their website.

    I corrected myself. Will edit the above post.
     
  9. GezoeSloog

    GezoeSloog MDL Addicted

    Feb 10, 2012
    660
    2,424
    30
    After @="Run as user" add "Icon"="imageres.dll,74"
     
  10. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,368
    516
    60
    #12 LiteOS, Dec 6, 2015
    Last edited: Dec 6, 2015
    (OP)
    any idea how to deny automatically the approval request when application asking for admin rights ?

    edit:
    Automatically deny Approval request from standard user

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
    "ConsentPromptBehaviorUser"=dword:00000000
     
  11. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,368
    516
    60
  12. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,368
    516
    60
    topic update to v2

    Version 2 - Able to use admin and run always as user
     
  13. dmex

    dmex MDL Junior Member

    Apr 20, 2011
    90
    95
    0
    #15 dmex, Feb 18, 2016
    Last edited by a moderator: Apr 20, 2017
    Disabling UAC makes everything run with full access to the entire machine and defeats the entire purpose of what you're trying to achieve.

    Don't ever change the \exefile\shell\open key or you will very likely have major issues running applications... Create your own key instead. For example: "HKEY_CLASSES_ROOT\exefile\shell\lite8" with its own command subkey.

    What you can do instead is just use the compat layer override that forces the app to run without elevation.

    For example, if you wanted to run regedit.exe without administrative access you would do the following:

    1. Open cmd.exe (without selecting Run As Administrator)
    2. Type the following and press enter SET __COMPAT_LAYER=RunAsInvoker
    3. Type regedit.exe and press enter
    4. Regedit will open without generating the UAC prompt like it usually does.

    Regedit generally requires administrative access via a UAC prompt but the override disables this and makes regedit run as the standard user with read-only access to the registry.

    Here is a registry file I've used for some time:

    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_CLASSES_ROOT\exefile\shell\runwithcompat]
    @="Run as current user"
    
    [HKEY_CLASSES_ROOT\exefile\shell\runwithcompat\command]
    @="cmd.exe /c \"SET __COMPAT_LAYER=RunAsInvoker && \"%1\" %*"
    Just right-click and select "Run as current user" and you can use this to make any installers, programs, system utilities etc... that require UAC prompts to run as the current user instead.
     
  14. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,368
    516
    60
    #16 LiteOS, Feb 18, 2016
    Last edited: Feb 18, 2016
    (OP)
    thx for the reply.

    ."...without elevation":
    This condition is quiet easy for malware to pass
    there no enuf protection to run app without elevation

    UAC is annoying, its also main reason this idea came
    Also most of users just click yes without know what they running, or disabling it

    Pls read the info in the link
    run as normal user can block up to 96% malware if system is patched
     
  15. leaks98

    leaks98 MDL Junior Member

    May 7, 2015
    50
    26
    0
    anyway to revert to default ? I didn't expect all my applications to run as user. Only wanted specific application to run as user :(
     
  16. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,368
    516
    60
    #18 LiteOS, Feb 18, 2016
    Last edited by a moderator: Apr 20, 2017
    (OP)
    yea open regedit as administrator search exefile go to open remove the runas... from the key

    use this method to just run one app as user
    Step2 - IE
    lets change the shortcut of internet explorer to run always as normal user
    right click on the shortcut and properties change the target to
    C:\Windows\System32\runas.exe /user:1 /savecred "C:\Program Files\Internet Explorer\iexplore.exe"


    backup.reg - restore to old settings
    Code:
    
    Windows Registry Editor Version 5.00
    
    [HKEY_CLASSES_ROOT\exefile\shell\open\command]
    @="\"%1\" %*"
    "IsolatedCommand"="\"%1\" %*"
    
    
     
  17. LiteOS

    LiteOS MDL Expert

    Mar 7, 2014
    1,368
    516
    60