I have disabled all of the programs you mentioned above for my SUA account using exception rules in AppLocker and have been running it this way for about a month now without any issues.Just a few questions
What are the consequences of
a) renaming vssadmin
b) disabling Windows Script Host
c) disable Windows PowerShell
What software will be affected or under what circumstances are the above not to be modified? Any exclusion/exception can be made for them if they have been modified?
Is there any 3rd-party software to simplify the above modification like just having tickboxes?
If I need to use Powershell or run a script then I just launch it as an admin and run it that way.
All in all I have blocked almost 70 system executable's from running on my system for my SUA and so far so good! These executables can be used by malware so I think I have reduced my attack surface quite a bit.