GrofLuigi

Member
  • Content count

    1,419
  • Joined

  • Last visited

  • Days Won

    1

GrofLuigi last won the day on September 20 2014

GrofLuigi had the most liked content!

Community Reputation

11 Good

About GrofLuigi

  • Rank
    GroupPolicy Tattoo Artist
  • Birthday

Contact Methods

  • Website URL
    http://

Profile Information

  • OS
    none specified
  • Country
  1. I don't think WRP is protecting registry keys, but I am not sure. I haven't seen it in action because I usually apply many tweaks at the same time aimed to "tame down" the system, so I am not sure if any of them is preventing that. At the same time, I often go nuclear on my systems and apply blanket full permissions to myself (or Administrators group, to be exact) and SYSTEM to whole branches of registry. Sometimes it bites me back and some (many) things break, so I don't recommend you do that. What I think you should do is this: > Should I ALSO give "Administrators" Full Control permission? YES. I think that might help you, if you don't mind editing 60+ permissions. And I returned and read this topic from the start, and now I think you shouldn't bother much about this, ink/ink divider/ink whatever is office component for tablet mode / handwriting recognition, not important at all. I suspect most other keys with errors are related to it too, the CLSID and INTERFACE registration of the "ink" components. "Ink" has steadily progressed through Microsoft OSes to be more and more important (for them). It wasn't present in XP, only installed with Office 2003, then it became system component with many CLSIDs and other registration components in 7 (or maybe Vista, I'm not sure) and increasing its presence in later OSes. I suspect Office 365 is expecting (being programmed to expect) Win8.1 or Win10, where "Ink" is even more prominent and is not prepared for what it sees on Win7. Just a wild guess. Whatever the reason, I am almost sure you wil not encounter any problems even if "ink" is not working, and additionally I'm pretty sure "Ink" will still work even with these errors anyway. GL
  2. That TIdo.cmd is as powerful as it gets. I've done all kinds of mischief with it. The output of Whoami is not what it seems to be. It either lies (not accounting for the rights of the parent group, which apply to the current user), or the disabled/enabled state is not what we think it is: https://social.technet.microsoft.com/Forums/windowsserver/en-US/e24a35b3-fb72-4918-8e51-562e2ad8d8f5/what-is-the-state-column-returned-by-whoami-priv?forum=winserversecurity And, as far as I know (at least until previous versions of Office) OSSP doesn't protect anything else besides Microsoft's profit, in the sense that it bans you from running unlicenced versions of Office, but doesn't actively protect any resources, including registry keys. I repeat, AFAIK. GL
  3. Without knowing much about this particular situation, I'd expect the cause of two SYSTEMs being present would be THE SCOPE to which these sets of permissions apply. In other words, look in the field Apply to. One SYSTEM may apply to "This key and subkeys", and the other to "This key only" or "Subkeys only" (or any combination of these three). The most comprehensive, i.e. the one you'd usually want is the first one, "This key and subkeys". After Vista, there have been many "boobytraps" in the registry where some subkeys don't inherit permissions from the parent, for no obvious reason, and could not be changed "top down", you'd need to dive down to the lowest branch and change them there first. And often work your way up. GL
  4. sc delete ISMPUSBFilter and search for ISMPUSBFilter in registry and delete accordingly (usually everything).
  5. Well, it seems that whoami /priv doesn't tell the whole truth, it disregards the privileges that are part of the group (administrators) and are in fact enabled for the account. Out of the three PowerShell scripts I found, two were intended for processes, and the third one requires newer version of PowerShell than the one that is in Win7 SP1, so I'm putting that on hold for now. I've turned my attention fully to good old ntrights, but how to check the privileges if whoami is inaccurate? Well, in the same Resource tools kit for Server2003 there is showpriv.exe. I've parsed the output of both to textfile, sorted it and deleted the crud, so I'm left with the list of privileges. Now only to compare. But no two lists are the same (including whoami's and the output of accesschk.exe), and I've also read that ntrights has some undocumented privileges, so everything needs to be tripple-checked. So far, it doesn't seem promising, at least for the Administrator account (yeah, I've been using that one since day one of Windows install ), there isn't much left to do. * After several edits: the forum editor is disastrous, it is impossible to bold something (I've done it manually), and paste doesn't paste at the cursor position.
  6. *Edit: I'm moviing the text to the top because the stupid forum software ate it after the table. While I remember on XP/Win2003 most of them were enabled and there was a slight benefit enabling those that weren't (granting lock pages in memory right or debugprivilege)... I forgot most of it already. Of course I'll try enabling most of them, if not all, because I hate artificial restrictions Microsoft is putting to restrict the way how I use my computer, even if I won't see any benefit. The real question is: Will it break something? Common sense says it shouldn't, but I wouldn't be surprised if Microsoft has put artificial blockades just to make our life miserable. While I'm at it, I might grant system/trusted installer some more rights if they lack some, because I'm generous. I have armed myself with NTrights (reports say it still works on Win7 x64), as well as with few powershell scripts... Wish me luck. The output of whoami /priv: PRIVILEGES INFORMATION ---------------------- Privilege Name Description State =============================== ========================================= ======== SeAssignPrimaryTokenPrivilege Replace a process level token Disabled SeLockMemoryPrivilege Lock pages in memory Disabled SeIncreaseQuotaPrivilege Adjust memory quotas for a process Disabled SeSecurityPrivilege Manage auditing and security log Disabled SeTakeOwnershipPrivilege Take ownership of files or other objects Disabled SeLoadDriverPrivilege Load and unload device drivers Disabled SeSystemProfilePrivilege Profile system performance Disabled SeSystemtimePrivilege Change the system time Disabled SeProfileSingleProcessPrivilege Profile single process Disabled SeIncreaseBasePriorityPrivilege Increase scheduling priority Disabled SeCreatePagefilePrivilege Create a pagefile Disabled SeBackupPrivilege Back up files and directories Disabled SeRestorePrivilege Restore files and directories Disabled SeShutdownPrivilege Shut down the system Disabled SeDebugPrivilege Debug programs Disabled SeSystemEnvironmentPrivilege Modify firmware environment values Disabled SeChangeNotifyPrivilege Bypass traverse checking Enabled SeRemoteShutdownPrivilege Force shutdown from a remote system Disabled SeUndockPrivilege Remove computer from docking station Disabled SeManageVolumePrivilege Perform volume maintenance tasks Disabled SeImpersonatePrivilege Impersonate a client after authentication Enabled SeCreateGlobalPrivilege Create global objects Enabled SeIncreaseWorkingSetPrivilege Increase a process working set Disabled SeTimeZonePrivilege Change the time zone Disabled SeCreateSymbolicLinkPrivilege Create symbolic links Disabled
  7. Last version of Sysinternals' Process Monitor that works on XP is 3.2. For now, it can be downloaded from the link, other snapshots of that page throw an error on the .zip file. GL
  8. Well, when you put it this way, one might think that Microsoft is in the business of selling bells and whistles . And I agree fully with that. GL
  9. They are the same. The difference might not be in that location anyway, it might be in ENUM, but are you sure it isn't a hardware failure? GL
  10. How about this?
  11. For PowerShell to work, you need a fully functioning system - WMI and .net Framework need to be operational, among other subsystems. In contrast, CMD(s) can be used when most of Windows is b0rked (and that's when it's needed the most) - ipconfig /all /release /renew for example, or resetting the TCP/IP stack etc. Also try communicating the PS equivalents of these commands (if they exist) over the phone to your aunt.
  12. I think .bat and .cmd files are safe, they will still be able to be called (invoked) for a long time to come. And, dir is aliased in PowerShell, but its parameters aren't.
  13. As far as I know, H323MSP is kind of a codec for audio/video conferencing, it is not used outside of the (old) video conferencing programs (like a normal codec). TAPI application support is mostly used for modems (dial-up, maybe others), for applications to control them, like sending fax etc. I have removed it and still was able to do that (most applications use their own drivers). Vector Graphics is used inside Internet Explorer, I don't know if SVG is widely used today still, and I don't use IE at all. I think it's only the file C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll I see some people use WebDAV, but for me, it is not useful and I always remove it. Edit: I would keep IE Core, or even IE too, because many programs rely on it internally. I have removed them in the past and regretted. I don't remember whether is possible to install IE8 with them removed - to install it for the same reasons - to have some system dlls updated.
  14. If you mean about RAS async adapter, I think it's needed and it would be a bad idea to remove it totally. I uninstalled it few times and it always came back. If I hunt down the .inf it's installed from, I might know whether it's safe to delete it, but I'm very satisfied with the situation as it is now. I have no problems, I really posted this just to brag. Edit: Oh, and in the process I downloaded the 600+ MB iso just to get devcon (Windows driver development kit I think), but it turned out it wasn't needed. There was another method of uninstall with devcon, but the above worked just fine. And I checked, there were no super hidden devices remaining. That was the only thing devcon was used for.
  15. I don't even remember their names any more... I know all of them are related to VPN, which I don't intend to use. So if you plan on using some kind of built-in VPN protocols, forget about it. Also, my system is heavily tweaked through the years, so I might have killed some other dependencies in the meantime. For starters, find in the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\XXX (X-es are numbers) the victims that have CHARACTERISTICS registry value in them. It is a compilation of flags, and we are interested in only one: 0x20 NCF_NOT_USER_ REMOVABLE Component cannot be removed by the user (for example, through Control Panel or Device Manager). It might be applied also to other types of devices that seemingly are not able to be uninstalled, if need arises. But now we are interested in these. As I said, I already forgot all the names, but I killed everything that had MINIPORT in its name, and everything is running fine. We can see which device it is by looking at the DriverDesc value in the same registry kay. So, for those which I decide I want removed, I substract 0x20 (hex) from the original CHARACTERISTICS value and replace it with that. Reboot (I haven't checked if it's absolutely necessary, but just in case) and I can remove all of them - uninstall through Device Manager. And at the end I'm left with this: Beautiful, isn't it? Ras Async Adapter is the only one which can not be removed, it goes away and comes back, sometimes is faded, sometimes not... I live with it (for now ). Look 'n' Stop is the driver from the firewall, it was attached also to some of the miniports. That had to complicate something. Oh, and I almost forgot, one of them is PPoE, which will kill your Internet connection if it is of that type. I have a direct cable connection to the router, so I don't care for any of these types. And finally, because this is so dangerous (potentially), I tested it extensively in a virtual machine (which is a clone of my physical machine, so most things are similar). GL Edit: I remembered I might have done this years ago with most of the other (tunnelling) adapters like Teredo and similar... TcpIp V6 is disabled all the time.