- Dec 23, 2014
Not the same. The advantage of the my current setup, is that it works unattended.
This and a few seconds are the differences.
So I think running SUA and SRP for SUA user is stronger than SRP for all excluding Admins running on Admin account.
Let's Suppose that you use SUA for daily work and sometimes also Admin account for administrative tasks. On SUA there is no difference in protection if you use system-wide or local H_C. On Admin the current H_C setup is much stronger until you do not turn it off.
I am not sure what you mean.You mean switching off srp cost about 10 seconds? Really are you that slow? How much time does it take you to sign off from the standard account, sign in to the Admin account and disable SRP, 10 minutes?
I have in mind the current system-wide H_C vs. the possible local H_C.
In local H_C you have restricted SUA with H_C and non-restricted Admin account. If you log in to the Admin account, you do not need to switch off the H_C.
In the current system-wide H_C the only difference is that after logging into the Admin account it is still restricted. If you want it to be unrestricted (like in the local H_C setup), then you have to use SwitchDefaultDeny (or H_C). On my computer, the difference is about 10 seconds.
Furthermore, I do not fully understand your actual setup. If you want, then you can suggest what change in the H_C is needed to get your setup. I do not like the ACL folder/file restrictions. They cannot be easily and quickly modified for large folders and they do not work for (FAT 32) USB drives.