You will then be prompted to delete mode. "Moderate" and "Advanced" remove all traces of installed software from the system. You need to be careful with these modes. In the hands of an inexperienced user, Revo Uninstaller can cause irreparable damage. It is better to stop at the "Safe" item. Now it remains to start the uninstallation process with the "Next" button. The program will perform the removal and start scanning the registry for residual keys. Finding them will give the user the option to select the keys to delete. After all the manipulations, there will be no trace of the installed program on the computer.
Revo Uninstaller has a "Hunter Mode" feature. By activating it, the main program window disappears. A crosshair icon appears on the desktop. To uninstall, you need to transfer the program shortcut to this icon or vice versa. After that, the uninstall process will start.
Virtual machine
The virtual machine runs in a virtual environment. All actions performed in it do not affect the main operating system. It is worth considering a number of examples when a virtual machine is used. It:
Installing programs that only work on older operating systems.
Training for the new operating system.
Program testing.
The last item is used when installing new software. By installing the program on a virtual machine, the user does not clog the main system. It can work in a virtual environment and not be afraid for various kinds of failures. The virtual operating system can always be reinstalled.
Microsoft Virtual PC and Oracle VirtualBox are leaders in creating virtual machines. The first works only with the Windows family of operating systems. This is a disadvantage for her. The second is able to create virtual machines with support for various operating systems. These can be Windows, Linux systems, etc. The use of virtual machines is not always acceptable. It is impossible to work with 3D applications and multimedia programs on them.
Blocking system changes
With virtual machines, as was said, not everything is so smooth. Therefore, you can use software that will return the system to its original state. The operating system will return to its original position before the installation of any software.
Toolwiz Time Freeze is another one of the programs to protect the user from himself. It should be noted right away that the program is free and will be useful for a novice user. This is an analogue of the well-known paid product Shadow Defender.
As a rule, inexperienced owners of personal computers do not know what software they need, and for this reason they experiment with installations. How Toolwiz Time Freeze works is that the program takes a snapshot of the hard drive. All further actions performed will not be saved on the next reboot. First you need to install the program, restart your computer and run "Start Time Freeze".
This topic arose thanks to Ildar Tuktarov. He seems to be a formidable system administrator and a real fan of such programs, he also captivated me. As we were taught at school, "the Decembrists woke up Herzen, Herzen woke up (damn, I forgot who) ... well, in general, it started.
I searched on the Internet and this is what I dug up on various sites. These programs were originally developed to protect public computers (Internet clubs, cafes, schools, etc.), but cunning users began to use them to fight viruses as well (to the dismay of antivirus manufacturers).
So, let's start (descriptions are taken from warez portals, I tried to use reliable ones, I'll add something from myself).
With the ShadowUser utility, the user can pervert and mock the machine as he pleases, install any software, delete files, activate viruses, and so on - the computer will still be safe and sound. Why? ShadowUser will create a "snapshot" of the real system and give it to be torn to pieces. All bullying will be carried out only with this picture. After the reboot, the state of the system is restored, you can take a new snapshot and continue the torture.
One of the most famous programs due to its availability in the literal (reasonable volume) and figurative sense of the word.
Immediately after installation, in the main window, enable the option to save the activated state on reboot. By default, this option is disabled, and why the authors did so is hard to understand. In my practice, there was no case when it would be necessary to turn it off. The need to enable is obvious: a number of programs require a reboot to complete their installation, and if the activated state is not saved, then after rebooting the system you will exit SU.
Further, the main window is used extremely rarely, and all work (primitively simple) is done through an agent sitting in the tray.
A handy feature of SU: when activated, it changes the splash screen, which constantly reminds you of its active state.
In the exit mode without saving data, SU works stably, no glitches were noticed.
Logout mode with saving data, IMHO, should not be used. She does this for quite a long time and, what is most unpleasant, a complete collapse of the system occurs. It is better to do this: after testing the new program and making sure that it is necessary to continue using it, exit SU without saving the data, and install the program again through one of the uninstallers without activating SU.
Status: Shareware last update: 6.3.2009
size: 2.8 Mb
Whether it supports Windows 7, I didn’t find out, they didn’t let me into the program’s website without authorization, that’s what concern for security))).
Shadow Defender
A program to protect the privacy of the user and the operating system as a whole. Shadow Defender allows you to undo any malicious, user or other actions that have occurred in the operating system by simply restarting the computer. The program allows you to keep the confidentiality of working on a computer on the Internet, with documents or any programs. For example, if the operating system was maliciously infected with viruses or some important files (photos, documents, etc.) were deleted due to a user’s oversight, but the system was protected by Shadow Defender, then after restarting the computer, you can return it to its original state before infection condition. In this case, all deleted files will be restored. In addition, you can use OS protection with this program during the installation of any applications, games and other experiments - after restarting the computer, any changes will be canceled. For convenience, in the settings you can specify which files and folders can be changed, even if the operating system is currently protected by Shadow Defender. In this case, after restarting the computer, all changes will be canceled except those that have occurred in the specified folders and files.
You can download various translation options for the program interface from here: http://www.shadowdefender.com/download.html
Map of the program Shadow Defender 1.1.0.331
Developer SHADOWDEFENDER.COM
shareware status
Interface Multilingual
Version 1.1.0.331
File size 1080 kb
System Windows 2000/XP/2003/Vista/7
Date Added: January 20, 2010 | Updated: 5 April 2011
In terms of functionality, it seems to be a little inferior to ShadowUser. There is no function to support programs that require a reboot during installation, i.e. "Alcohol", for example, if the protection is not turned off, you will install until you are completely stupid (although maybe I was inattentive).
Faronics Deep Freeze Enterprise
Faronics Deep Freeze Enterprise is a new version of the Deep Freeze package from Faronics, which allows you to "freeze" the current state of the system. The application can be safely recommended to system administrators whose duties include maintenance of the computer park of libraries, schools, Internet cafes. This is a very useful program for maintaining the integrity and health of your system. Deep Freeze Standard is tightly integrated with the operating system and records all changes made by the user in a specially designated place on the hard drive. Nothing will secure the system like Deep Freeze.
After a reboot, the recording area is cleared, and an absolutely clean system appears before the user. You can install various programs, run viruses, change system settings, or delete system files and registry entries: after a reboot, there will be no trace of the changes made. To enter the program control panel, you need to hold the "Shift" key and double-click the right mouse button on the Deep Freeze icon in the system tray.
You can uninstall Deep Freeze only in the way that the program developers offer: Log in to the control panel. From the Boot Control menu, select Boot Thawed mode and reboot the system. After the reboot, create a shortcut for the Deep Freeze installer file, in the properties of which, in the "Object" line, you need to add /uninstall. Example "C:Documents and SettingsDesktopDeepFreezeSTDEval.exe" /uninstall. Next, double-click on the shortcut.
Program Information
Name: Faronics Deep Freeze Enterprise v7.10.220.3176 ML
Release year: 2010
Platform: Windows XP/Vista/Win7
Interface language: Multilingual
Medicine: Present (Keymaker)
Size: approx. 40MB
Deep Freeze Standard 6.62.20.3058
Nothing will secure the system like Deep Freeze. The program is tightly integrated with the operating system and records all changes made by the user to a specially designated place on the hard drive. After a reboot, the recording area is cleared, and an absolutely clean system appears before the user. You can install various programs, run viruses, change system settings, or delete system files and registry entries: after a reboot, there will be no trace of the changes made.
To enter the program control panel, you need to hold the Shift key and double-click the right mouse button on the Deep Freeze icon in the system tray.
You can uninstall Deep Freeze only in the way that the program developers offer: Log in to the control panel. From the Boot Control menu, select Boot Thawed mode and reboot the system. After the reboot, create a shortcut for the Deep Freeze installer file, in the properties of which, in the Object line, you need to add /uninstall. Example "C:\Documents and Settings\Desktop\DeepFreezeSTDEval.exe" /uninstall. Next, double-click on the shortcut.
Program information:
Interface language: English + Russian
Year of release: 2010
Size (RAR): 5.91 MB
For some reason, in the comments to these 2 programs, many are most concerned about how to remove them :))
WinRollBack PRIVATE
A program that protects your computer from changes caused by incorrect actions, program failures, viruses, etc. You specify the disks you want to "protect" and after restarting the computer, the disk appears in the same form as it was before installing protection, even if you formatted it! In this case, no special actions are required from you, and the boot time does not change. The principle of operation is to modify the FAT in such a way that the disk is written to unoccupied sectors, and the original FAT is restored upon reboot. The idea is sensible, but demanding on RAM - than more RAM is available, the more data can be written to a secure disk. When using this utility, at least two partitions are required - one protected, and the second to save your data (more precisely, the program will work with one partition, but the data you won't be able to save). asks for a password when deactivated, i.e. it can be used for home needs. When testing The program caused a "blue screen" several times when loading, but restarting again (sometimes several times in a row: (solved problems.
Size 521 Kb
Status (Price) $44.33 US
Author Avira
OS Windows2000,WinXP
Date added 06/27/2008
Lesser known, but maybe I'm wrong:
Wondershare Time Freeze v2.0.0.0
Wondershare Time Freeze is a simple and effective tool to protect your computer from viruses, spyware, trojans and other malicious threats. Wondershare Time Freeze creates virtual systems where you can safely run any application and surf the web. All traces and malicious threats will disappear after system reboot. You can also save changes to the real system without restarting the PC. The program also has the ability to block access to certain folders and USB drives.
Main characteristics:
Protection against all viruses and malware.
Protecting the system from unwanted changes.
Safe testing of gaming and software.
Safe surfing on the Internet.
Entering and exiting virtual mode with saving data without rebooting.
Folder protection: Deny access or set to read-only mode.
Ability to set a user password to access the program.
USB media protection: "do not boot USB" mode or write protection.
MBR protection.
Program Information
Title: Wondershare Time Freeze
Version: 2.0.0.0
Release year: 2010
Platform: Windows 7, XP, Vista, 2000 (32-bit and 64-bit)
Interface language: English and Russian (rusifier)
Remedy: crack
Size: 9.8 Mb
The BitDisk program allows you to keep your computer's operating system in its original state, even if you try to explicitly destroy the system. A simple reboot returns the computer to its original state, while no time is spent on system recovery, since the actual recovery does not occur.
It should be understood that BitDisk is not a replacement for antivirus, although the inclusion of protection ensures that viruses do not "settle" on the computer. BitDisk is not a replacement for backup programs as no copies of the data are created. You can fully secure your computer and ensure its constant performance only by combining programs of all these types.
The program is available in three versions:
* BitDisk PRO - for public computers, Internet terminals. After installation, the program practically does not detect its presence.
* BitDisk 7 is the most user-friendly version for the widest range of users. This version has a friendly user interface.
* BitDisk Free is a free version for home users, this version has limited functionality compared to BitDisk 7.
All versions of the program have a Russian-language interface and are available for download from the site http://www.bitdisk.ru.
The latter program is free, and it started a section for honest freebie lovers, politically correct, staunch supporters of free software.
Returnil System Safe Free 2011 3.2.12471.5765-REL13
Returnil System Safe Free is a combination of antivirus, antimalver and system restorer that can protect your computer from any type of viruses and unwanted changes in the system.
Returnil System Safe clones (copies) the operating system and creates a virtual environment. Instead of the main operating system, a clone is launched, which allows you to use any applications and perform any online activities in a completely isolated environment. Thus, the real operating system is never exposed to viruses, trojans, malware and other security threats.
In order to return to the real operating environment, you just need to restart the computer: after rebooting, the system will be restored to its original state.
It should be noted that the virtualization mode can be enabled both automatically at the same time as Windows is loaded, or in manual mode - only when necessary.
The interface is multilingual. 32- and 64-bit operating systems are supported.
Author: Returnil
Updated: 04/07/2011 21:09
Price: Free
Rus. language: yes
Size, OS: 38.15 MB, XP/Vista/7
Returnil Virtual System 2010 Home Free 3.1.8774.5254
Returnil Virtual System uses a combination of antivirus and virtualization technologies to protect your system from malware and adverse system changes
Developer: Returnil
License: Freeware (free)
Size: 33.1 MB
Windows: XP / 2003 / Vista / 2008 / 7
Interface: Russian / English
Updated: 04/08/2010
In the free versions of these 2 programs, the functionality is a bit limited: you cannot set folders for saving.
Windows SteadyState
Windows SteadyState is a toolkit for protecting public computers. Allows guaranteed to maintain a stable PC configuration regardless of user actions.
Windows SteadyState features Windows SteadyState includes the following features for managing shared computers:
* Getting Started - Initial steps for using Windows SteadyState for the first time.
* Windows Disk Protection - protection of the Windows partition, which prohibits changing the Windows operating system and other programs without the consent of the administrator. Windows SteadyState allows you to set Windows Disk Protection to delete all changes on reboot, delete changes at a specific time, or keep changes. If Windows Disk Protection is used to remove changes, any changes made by shared users when they log on to the computer are removed when the computer is restarted.
* User Restrictions and Options - User Restrictions and Options help improve and simplify the user experience. You can restrict user access to programs, settings, Start menu items, and Windows settings. You can also choose not to save changes to shared user accounts on subsequent sessions.
* User Account Manager - create and delete user accounts. Windows SteadyState can be used to create user accounts on alternate drives where user data and settings are preserved even when Windows Disk Protection is enabled. You can also import and export user settings between computers, saving valuable time and resources.
* Computer Restrictions - Manage security settings, privacy settings, and other settings, including preventing users from creating and saving folders on the C drive and from opening Microsoft Office documents in Internet Explorer®.
* Scheduling Software Updates - Performing software and security updates when it's convenient for users.
The principle of operation of Windows SteadyState is that at the end of the session (or a predetermined period of time), all changes made to the OS partition are deleted, for which a large cache file is "hidden" created and backed up to save all changes in the operating system and program files .
When you reboot - or within a specified period of time - all the contents of the cache are deleted and the system is restored to the state it was in when it started.
Despite this, it is possible to customize the operation of the system so that users can save information on the Desktop, in the Documents folder, etc. for which you can set a user profile located on another device/partition (only the partition containing the operating system files is protected).
Naturally, Windows SteadyState can be used not only on public computers (in computer labs, Internet cafes, etc.), but also at home in order, for example, to protect the system from the playful hands of your children...
Unfortunately, support for the program has been discontinued since 2011, it is no longer on the Microsoft website, but you can find it on the Internet. Windows 7 does not support. It can become not only a licensed OS, but also a competently cracked one.
Common disadvantages of these programs: 1. The need to have a large amount of free disk space to store "snapshots" of the system, 2. Problems with updating programs and OS when protection is enabled.
And in the end, my favorite (at least it does not have the above disadvantages, another principle of protection):
Sandboxie allows you to run a browser or other program in such a way that any changes associated with the use of this program are saved in a limited environment (the so-called "sandbox"), which can later be completely deleted.
As a result of this principle of operation of Sandboxie, you can quickly remove any changes - for example, those related to activity on the Internet (changes in bookmarks, home page, registry, etc.). In addition, if any files were uploaded inside the sandbox session, they will be deleted when it is cleared.
Sandboxie runs from the system tray; to activate it, just run the desired program through the Sandboxie icon located in the tray.
32-bit and 64-bit operating systems are supported.
I have version 3.48, there is a window with registration, but everything that is needed works without it.
The option to access the registry of a remote computer is a very convenient method that allows the administrator to efficiently perform their user support tasks directly from their own workplace. However, in some cases, this feature can be a source of problems, since remote access to the registry of the local computer must be authorized.
When a user attempts to connect to the registry of a remote computer running Windows NT/2000, the Server service running on that computer first checks for the existence of the key HKEY_ LOCAL_ MACHINE\ System\ CurrentControlSet\ control\ SecurePipeServers\ winreg(Fig. 9.3). The ability of a remote user to gain access to the registry of a protected computer is determined by the following factors:
□ If the \Winreg key does not exist, then access to the registry can be O If the \Winreg key exists in the registry, then the access control list set for this subkey will determine which users can access the registry from a remote computer.
This means that in order to secure remote access to the registry of a local Windows computer, you must configure an access control list for the key HKLM\ System\ CurrentControlSet\ control\ SecurePipeServers\ winreg.
If the access control list (ACL) of the key winreg grants a remote user read or write access (either explicitly or as a member of one of the groups), that user can connect to the Windows Registry. After establishing such a connection, the actions of the user manipulating the registry will be limited only by access rights to its individual keys. Thus, even if a user only has read access to a Winreg key, they will be able to modify other registry keys if their ACLs allow it.
You only need to create the \Winreg subkey on Windows NT 4.0 Workstation computers. On Windows NT 4.0 Server and Windows Server Proffetional computers, this key is generated by default
Hive protectionSAMandsecurity
Windows/Windows Server security information is stored in the SAM (Security Accounts Manager) and Security registry hives. The SAM hive contains user passwords in the form of a hash table, and the Security hive contains information about the security of the local computer, including user rights, password policy, user membership in local groups.
Note
There are a number of utilities that can be used to break the SAM hive. The best known of these are PWDUMP, NT Crack and LOphtCrack.
How to protect the hiveSAM
Microsoft officially claims that the best way to protect Windows/Windows Server is to protect administrative passwords, but this is clearly not enough. The SAM and Security hives are accessed by many users - for example, users from the Backup Operators group, whose duties include backing up the registry.
By default, no user (not even an administrator) has the necessary permissions to access or even view the Windows/Windows Server SAM database using the Registry Editor. But, nevertheless, the SAM and Security hives are stored on disk just like other files, and the only thing that is required for hacking is to get copies of these hives. You cannot do this with a regular copy - when you try to copy the registry of a running Windows / Windows Server system, you will receive an error message
However, there are utilities in the software products (Regback in the Windows NT 4.0 Resource Kit and REG in the Windows Server Resource Kit) with which users belonging to the Administrators or Backup Operators groups can obtain copies of the registry of a running system.
If aWindows/ Windowsserverinstalled on the volumeNTFS, then the user wishing to illegally copy the hivesSAMandsecurity, can use the utilityNTFSDOS (http:// www. sysinternals. com/ ntfs30. htm), The latter allows you to mount NTFS volumes in DOS. This utility and its other modifications (there is also an NTFS for Windows 98 utility) cause controversy among many (precisely because of the potential risk to the security system). After the introduction of the first versions of NTFSDOS, Microsoft officially declared that true security is physical security. Nevertheless, this utility is very useful and can be simply indispensable when performing disaster recovery procedures (especially if you need to do this job quickly). Personally, she helped me more than once.
Summing up, let's say that in order to ensure proper protection of SAM and Security files from illegal copying, you should install protected computers in a secure room, as well !!!
REVOKE USERS THE RIGHT TO REBOOT THE COMPUTER.
To edit user rights inWindows, log in to the system as a user with administrator rights, open the window controlpanel, double click on the icon administrativeTools, and select the option LocalsecurityPolicy. Expand the MMC console tree, and select the option userRightsassignment. A list of user rights will appear in the right part of the window, available for editing the list of user groups that have the right to restart the computer.
Can we now say that the registerWindowsnow protected? No, you can't, because there are still backup copies of the registry. On Windows systems, immediately after a successful installation of the operating system, or at any time when Rdisk is run with the /s switch, registry hives are backed up and stored in the directory % SystemRoot% \Repair. The Windows Server Registry is backed up every time System State Data is backed up, and this information is stored in the % SystemRoot%\ Repmv\ Regba. ck These files are not open by the system, and therefore, if the user is logged in locally (or if the backup directory is shared), these files can be freely copied. On Windows systems, NTFS object permissions do not protect the directory in any way. % SystemRoot%\ Repair, all users have read access to this directory, and this is enough to copy files. On Windows Server, the Users group, by default, only has List access to this directory, which does not allow file copying. However, as discussed earlier in this chapter, if you upgraded from a previous version of Windows NT to Windows Server, permissions to registry and file system objects are inherited from the previous version of Windows NT.
Summing up, let's say that in order to prevent ordinary domain users from accessing filesSAMandsecurityfollows:
- deprive end users of the right to register locally on servers;- use the file systemNTFS;
- provide adequate physical protection for servers;
- in systemsWindowsNT4.0 and those systemsWindowsserverwhere the operating system was installed as an update to a previous versionWindowsNT, you should tighten the access rights to the directory% SystemRoot %\ repair,
- ensure safe storage conditions for backups and emergency recovery disks (WindowsNT4.0), as well as copies of the data from the setSystemStateData (Windowsserver).
Breaking into stolen SAM and Security hives does not require much effort. With these files at their disposal, the user can carry out as many dictionary attacks on them in his spare time as is required to crack passwords. If he has utilities such as PWDUMP, PWDUMP2, NT Locksmith (http:// www. wintemals. com), LOphtCrack (http:// www.10 pht. com/10 phtcrack) etc., then the success of the attack depends mainly on the quality of the dictionary used for hacking - the more words, dates, numbers, phrases most often used as a password are contained in this file, the higher the chances of successful hacking (Fig. 9.6).
Therefore, to protect the system, you should prevent users from using blank passwords and set a system password policy. The minimum length of passwords in any case should not be less than 8 characters. In addition, it is recommended to use arbitrary combinations of letters and numbers as a password, as well as to set a policy regarding the minimum password complexity allowed.
Try to put yourself in the attacker's shoes and hack your own SAM hive (keep in mind that your tasks are much easier than those of this person - you don't need to remotely attack to steal the SAM and Security hives). Explanatory work should be carried out with users whose passwords will be revealed automatically. In addition, it is recommended to establish rules for periodically changing passwords.
Restricting anonymous access to a computer
A Windows Server computer can be configured to prevent anonymously logging users from accessing all resources except those explicitly granted to such users. This can be done either using the Local Security Policy MMC snap-in or by editing the registry.
Using the MMC snap-inLocal Security Policy
Execute commands Programs | Administrative Tools| Local Security Policy menu start.
Select options Security Settings\ Local Policies\ security options.
AT on the right side of the window, double-click on the option Additional restrictions for anonymous connections and in the opened window set the option No access without explicit anonymous permissions under Local policy setting(Fig. 9.7)
Editingregistry
Call the Regedt32.exe registry editor, find the HKEY_LOCAL_ MACHlNE\SYSTEM\CurrentControlSet\Control\LSA key, and create a RestrictAnonymous value with a REG_DWORD data type. Set this parameter to 0x2 (Hex).
If the RestrictAnonymous parameter has this value, then access token(access token) for unauthenticated users does not include the Everyone group, and access to resources granted by default to the Everyone group will be denied.
(Note ^
Microsoft officially recommends that you carefully consider the security benefits of this setting versus the potential problems that can be caused by restricting anonymous user rights. The reason is that some Windows Server services and applications depend on anonymous user capabilities. In particular, we do not recommend setting this value in mixed network environments that include only Windows Server computers. Setting RestrictAnonymous to 0x2 is only recommended for Windows Server networks, and only after extensive testing that does not reveal any disruption to services and applications.
The standard High Secure security pattern includes this limitation, so it may also cause unwanted problems.
The system scheduler as another potential security risk
The Task Scheduler, found on every Windows NT/2000 computer, can be used to run certain MMC tools or other programs on the user's computer in the CONIST of the SYSTEM account. This account is present in all Windows NT/2000 systems, but its presence is not advertised (at least, you will see it neither in the User Manager and User Manager for Domains utilities, which are used to create Windows NT user accounts, nor in the MMC axis that perform the same task on Windows Server). This allows ai nistrator to give a regular user a one-time opportunity to perform some administrative tasks on his client computer without granting him the rights to perform other administrative tasks:
For example, to enable the user to start the Disk Management snap-in, you can issue the following command at<\\machine_name>1:00pm /interactive %SystemRoot%\system32\diskmgmt .msc where<\\machine_name>- NAME of the computer.
However, this feature poses a potential security risk to the system because the system scheduler defaults to the SYSTEM account, and therefore any program launched in this way will have full system privileges, including access to the SAM database.
To protect against this danger, you can either disable the Task Scheduler service (but this is not always possible, since this service may be needed to run other tasks), or configure it so that the service runs on behalf of a user account.
The word "security" has always been Microsoft's favorite term, and that hasn't changed with the advent of Windows 7. Windows security settings are more useful in protecting your computer from itself than from any suspicious "intruders."
The permissions system doesn't just protect files and folders, it sets limits on who can read and modify registry entries. This property is very useful, but most people don't even know it exists. You can lock a registry key to prevent employees from installing software on an office computer, or to prevent children from bypassing parental controls. Permissions allow you to lock file type associations so that other applications cannot change them. And by blocking sections that contain a list of startup programs, you can protect your computer from malware.
Here's how it's done:
1. Open the registry editor and navigate to the section you would like to protect.
You can only protect sections, not individual values. If you lock a section to protect one of its values, all values in that section
j lb will be blocked.
2. Right-click on the partition name and select the menu item Permissions.
3. Click Advanced and then Add.
If the Add button is disabled, you need to take ownership of this section, close the Permissions window, and re-open it to make changes ^ lb to the permissions for this object.
4. In the Enter object names field, type All, and then click OK. (The All value covers all user accounts.)
5. In the next window Enter access rights for... specify the actions that you want to prohibit (Fig. 3.11).
6. When you're done, click OK on each of the three open dialog boxes.
The changes will take effect immediately.
You may want to restrict the access rights of a specific user (or all users), but do not add a Deny element, as shown in the figure. The problem is that in this way it is not possible to protect the application from changes in access rights by another user and hacking. In addition, it will be more difficult for you to restore the old access rights.
Windows prioritizes the Deny column over the Allow column, which means you can lock a section with one element in the Deny column, even if another value in the Allow column gives the user permission to modify the element.
So, what sections should be blocked and what actions should be prohibited? Here are some examples:
About Allow read only
Once the values are locked, you can still allow applications and Windows to read them by checking the box in the Deny column next to the Set Value, Delete, and Change Ownership rows, as shown in Figure 3. 3.11.
o Create a complete blockage
To prevent any application from reading, modifying, or deleting the value, select the check box in the Deny column next to the Full Control row.
o Avoid creating new shells
To prevent applications from creating new sections within the specified ones, select the check box in the Deny column next to the Create subkey row. You can do this with file type sections so that Explorer does not add these applications to the New list.
O Strengthen security on multi-user computers
To prevent another user from changing the security policy, use the procedure in the "Registry settings key location" section to find the corresponding key in the registry. Then, instead of checking the box in the Deny column as described earlier, remove all permissions that allow anyone other than an administrator to delete, change, or add subsections to the section. Make sure there is at least one rule for the Administrators group (or for your own account) that allows Full Control.
About Blocking File Types
The File Type Doctor utility allows you to block file types to avoid "theft" by applications.
About Protecting file types from the UserChoice property
As described in the sidebar "The Evil of UserChoice Overrides" on p. 169, Windows will ignore custom file type settings if a specific key is located in the HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Explorer\FileExts key. To prevent this from happening again, check the box in the Prohibit column next to the Create subkey row. This will immediately protect all of your file types, but you will still need to delete one or more of the existing items in the FileExts section to restore individual file types. Read more about this in the File Type Associations section.