Adminuser Method to Reduce exposure of security threats

17/03/2016 20:08

:: Adminuser Method to Reduce exposure of security threats by LiteOS
:: Adminuser 3.1v - Anti malware, Anti-Ransomeware...
:: RUN AS ADMIN
:: More Info:
:: https://www.avecto.com/media/1030/report-microsoft-vulnerability-study.pdf
:: http://www.tomsguide.com/us/standard-accounts-stop-malware,news-18326.html
:: Forum / QA - http://lite8.webnode.com/
:: Youtube - https://www.youtube.com/watch?v=NkzcPXSvEK4

 

:: Adding new user 1
net user /add 1 1
net localgroup /del users 1
:: adding premisssion to administrator folder for the user 1, read only
icacls c:\users\administrator /grant 1:(OI)(CI)(RX)
:: Backup state before changing
REG EXPORT HKEY_CLASSES_ROOT\exefile\shell\open\command c:\windows\system32\Disable.reg
:: creating adminuser.bat
echo if /i "%~dp1" EQU "c:\windows\system32\" (start "%~n1" %*) else if /i "%~dp1" EQU "c:\windows\" (start "%~n1" %* ) else if /i ^%USERPROFILE^% NEQ "C:\Users\Administrator" (%*) else (runas.exe /savecred /user:1 %*) > c:\windows\system32\adminuser.bat
:: Exe files from Windows and System32 Folders will run as default: Admin
:: Any differ user then administrator will run as its
:: if its Administrator it will run as user 1

:: setting the reg
powershell set-ItemProperty HKLM:\SOFTWARE\Classes\exefile\shell\open\command -Name "(default)" -Value "adminuser.bat `"%1`" %*"
:: Backup applying state
REG EXPORT HKEY_CLASSES_ROOT\exefile\shell\open\command c:\windows\system32\Enable.reg

::[Not Working yet do it manully] removing "Authenticated Users" group from premission [Anti-Ransomeware / data protection]
powershell.exe { $s = (Get-PSDrive -PSProvider FileSystem).Root ; $s | foreach ( $PSItem -ne "c:\") { .\icacls.exe $PSItem /remove:g "Authenticated Users" /inheritance:r }

Topic: Adminuser Method to Reduce exposure of security threats

No comments found.

New comment