Windows_Security
Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Mar 13, 2016
- 1,298
A friend running windows 8.1 Home on his laptop, which had not updated to 10 because all the fuzz about Microsoft tracking users, had his laptop bricked by one of his kids. So he asked me to help him out.
I use parental control on my Asus Tramsformer running Windows 8.1, together with ValidateAdminSignatures enabled, (which blocks elevation of unsigned programs and can be the reason why UAC prompt is delayed). So I decided that I would put parental control on their PC also.
Just out of (old XP) habit, I set up a PC, then create a new user, make this new user admin and delete the account on which I used to install Windows to remove unsecure Creator/Owner write access in Windows directories (in Windows 10 these user write access holes are closed).
I kept it a vanilla Win 8.1 setup with Windows Defender, Smartscreen enabled, only with UAC tweak to disable elevation of unsigned. I explained him to use two registry files, in case he needed to install unsigned software (he uses only mainstream software, which is all signed). Added EMET for his Windows Office and told him to use Firefox with Silverlight only for watching Televison (I blocked all other IP's in Firewall for Firefox).
I had tested parental control and was offered a cup of coffee. When I came back I made my friends user ID admin (which was the local user I tested parental control on) and removed the admin user which I had used to set up his PC. I had totally forgotten to remove the parental control on his (now admin) account.
To my surprise I had a Local Administrator with Parental control. Off course I created a new Admin without parental control and setup standard local users for his kids with parental control.
Parental control on local Admin account in windows 8.1 BUG?
I was able to replicate this on my Asus Transformer. Since this is IMO a bug, I don't know whether this survices a windows update. See picture with Parental control ("Ouderlijk toezicht" in Dutch) on local Admin.
ValidateAdminSignatures UAC-tweak
Two regfiles which I use to switch on/off blocking elevation of unsigned software. When block is on, it is still possible to run unsigned programs. Unsigned programs are not allowed to elevate (e.g. install in Program Files). When unsigned tries to get admin rights you get an error ("no referral was returned from the server"). Save those text files as regfile from notepad when you want to use this security trick also.
I use parental control on my Asus Tramsformer running Windows 8.1, together with ValidateAdminSignatures enabled, (which blocks elevation of unsigned programs and can be the reason why UAC prompt is delayed). So I decided that I would put parental control on their PC also.
Just out of (old XP) habit, I set up a PC, then create a new user, make this new user admin and delete the account on which I used to install Windows to remove unsecure Creator/Owner write access in Windows directories (in Windows 10 these user write access holes are closed).
I kept it a vanilla Win 8.1 setup with Windows Defender, Smartscreen enabled, only with UAC tweak to disable elevation of unsigned. I explained him to use two registry files, in case he needed to install unsigned software (he uses only mainstream software, which is all signed). Added EMET for his Windows Office and told him to use Firefox with Silverlight only for watching Televison (I blocked all other IP's in Firewall for Firefox).
I had tested parental control and was offered a cup of coffee. When I came back I made my friends user ID admin (which was the local user I tested parental control on) and removed the admin user which I had used to set up his PC. I had totally forgotten to remove the parental control on his (now admin) account.
To my surprise I had a Local Administrator with Parental control. Off course I created a new Admin without parental control and setup standard local users for his kids with parental control.
Parental control on local Admin account in windows 8.1 BUG?
I was able to replicate this on my Asus Transformer. Since this is IMO a bug, I don't know whether this survices a windows update. See picture with Parental control ("Ouderlijk toezicht" in Dutch) on local Admin.
ValidateAdminSignatures UAC-tweak
Two regfiles which I use to switch on/off blocking elevation of unsigned software. When block is on, it is still possible to run unsigned programs. Unsigned programs are not allowed to elevate (e.g. install in Program Files). When unsigned tries to get admin rights you get an error ("no referral was returned from the server"). Save those text files as regfile from notepad when you want to use this security trick also.
Attachments
Last edited: