O
Omnipotent
It's the other way around @Umbra, You made a mistake. (ConsentPromptBehaviorAdmin) adds UAC password prompt and (ValidateAdminCodeSignatures) blocks unsigned processes/programs. Just tested it. 
hi guys,
So i will put here various tweaks (registry, group policy, etc...) i found around the net to secure Windows more tightly. By doing them , you will reduce the attacks vector and may even remove the need of security solutions.
As a basis there is these articles to secure the network and the system
For Win7: Harden Windows 7 SP1 64bit
For Win10 : Harden Windows 10 - A Security Guide. How to secure Windows 10
not mineIs this your web page or someone else?
If it is yours, are you updating the tweaks?
System Tweaks
Blocking Unsigned Elevation :
90% of malware are unsigned and will request an elevation from UAC, this trick will block the request.
Create a registry file with this lines :
Code:Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] "ValidateAdminCodeSignatures"=dword:00000001
If successfully implemented, the next unsigned process/program; won't be allow to execute, and you will have a error box.
To re-enabled unsigned elevation , use the same line but with "dword:00000000"
No whitelisting possibility. You can run unsigned application using several ways:Is it possible to make some kinda whitelist or something similar with this reg tweak?
I have some portable app who are unsigned and can't run with this tweak (accept change that tweak everytime).
Thanks! I was searching for a link like this one.
Added the second useful link, to my previous post.I see thank you![]()
Can you make that .bat file for me, please?No whitelisting possibility. You can run unsigned application using several ways:
- using the bat files to deactivate/activate this feature via the Registry;
Can you make that .bat file for me, please?
EDIT:
Can I make a quick reg files for change, like this?
Enable.reg:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ValidateAdminCodeSignatures"=dword:00000001
Disable.reg:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ValidateAdminCodeSignatures"=dword:00000000