New Windows 10 "God Mode"

To many ads? Support ODJT and see no ads!
steve149

steve149

Shine on you crazy diamond
Staff member
Sep 26, 2011
28,175
45,944
Connecticut
Just saw this .. not sure if any have seen it ..

You make a folder on your desktop. Rename it to GodMode.{ED7BA470-8E54-465E-825C-99712043E01C} (yes, that whole string) .. Win 10 shows a power user icon and when you double click it, you get a set of links to the most used administrative functions .. all in one menu.


God%2BMode.jpg
 
  • Like
Reactions: Handinon, Fred Wright, Dan The Man and 3 others
ittigger said:
Nice! I wonder if that only creates the links / icons vs allowing permissions. If its the latter, they have serious issues already.
Click to expand...
Good Question ..

I'm always logged in with admin privileges .. haven't tested another user type.
 
  • Like
Reactions: DJ Bobcat, Dan The Man and ittigger
Playing with some, they appear to be just links .. so your permissions follow your login credentials (I assume)
 
  • Like
Reactions: DJ Bobcat and ittigger
Bah humbug screw W10!!!!
 
  • Like
Reactions: Fred Wright, ittigger and Jeff Romard
ittigger said:
I'm a network / system admin - so I never login with admin privileges unless I need them. Your system is MUCH safer if you do not login with Admin rights.
Click to expand...
No question (I used to teach Sys Admin classes back in the day :) ) .. I get lazy on my own systems .. but do things carefully.
 
  • Like
Reactions: DJ Bobcat and Dan The Man
steve149 said:
No question (I used to teach Sys Admin classes back in the day :) ) .. I get lazy on my own systems .. but do things carefully.
Click to expand...

I hear you .. but all it takes is one 'bad' page - which could be anywhere, here, facebook, msn, etc - any 'innocent' page / site can be broken (hacks, redirects, etc) .. and it only needs to be broken long enough for you to load the code. It doesn't even have to be a page - could be a malicious piece of adware that lives on most sites, to include here. Facebook has tons of redirects and ads - not hard to infect a massive amount of people - especially if they are in Admin mode. If someone was to hack into your machine / network and your in God mode, also not good.

I understand your angle - and I'm very careful on my machines too. I feel if I'm going to preach it, I might as well practice it.
 
Last edited:
  • Like
Reactions: DJ Bobcat
ittigger said:
I'm a network / system admin - so I never login with admin privileges unless I need them. Your system is MUCH safer if you do not login with Admin rights.
Click to expand...
I've often thought about using a limited account in Windows as my daily driver account but would it really help? With UAC, I can just put in my Admin account's password and go on my merry way.

It would probably wind up annoying me more than anything but I can see the benefit of being asked for my password to make me think "Why does this need admin privileges".
 
Big Dan said:
I've often thought about using a limited account in Windows as my daily driver account but would it really help? With UAC, I can just put in my Admin account's password and go on my merry way.

It would probably wind up annoying me more than anything but I can see the benefit of being asked for my password to make me think "Why does this need admin privileges".
Click to expand...

It would indeed help. Asking for privilege (UAC) would use that privilege for only the manner requested vs logged on as Admin gives you privileges to everything. Example, as a general user, you can open IE, FF, etc and they will run and operate as a general user with limited rights to the system. I can also then open individual apps and provide credentials for those specific apps - I am limiting my 'powers' to those specific apps. Opening IE, FF or other does not give it Admin rights.

Using this scenario, if you were to visit a site and get a driveby download, popup with malicious code, hijack attempt, etc .. the damage would be limited to what the user has rights / privileges to. As an Admin, you have full access and rights to the entire system. The previous scenario as Admin can cause some serious chaos.

If everything you do requires Admin, it does become annoying - and usually means everything was installed and setup for that specific user level. If everything is setup and installed properly, the system should only ask for Admin credentials when they are truly needed (admininstrative configurations or changes) vice every time you access an app.

This IS and has been a huge security flaw with MS for a very long time. People create their 1st user with Admin rights .. and that's the account they use. Apple forced you to create an Admin password separate from your user accounts - and then forced you to authenticate everytime Admins were needed, regardless of being logged on as Admin or not (kind of like a red flag .. 'are you sure you want to do this'?).
 
Last edited:
  • Like
Reactions: DJ Bobcat
I've learned a lot at ODJT from everyone, but if Steve were the only person here, it would still be worth the price of admission. I tried to beat him to the punch with the new Denon MCX8000 and should have known better - that's what I get for trying to one-up "The Man".

Having most of Windows 10 administrative functions under one roof (regardless if they are just links without permissions) is a 10+ in my book - I am firmly committed to Windows 10 at this point - no looking back. Thank you Steve!

I am not sure about about pasting links directly to other DJ Forums, but there is an excellent Windows 10 "Optimization Guide" at another site by "ATrain". I will post the link if it's OK.
 
  • Like
Reactions: ittigger and Dan The Man
What else do I have to do between conference calls. work?
 
  • Like
Reactions: DJ_MJ, ittigger and Dan The Man
ittigger said:
It would indeed help. Asking for privilege (UAC) would use that privilege for only the manner requested vs logged on as Admin gives you privileges to everything. Example, as a general user, you can open IE, FF, etc and they will run and operate as a general user with limited rights to the system. I can also then open individual apps and provide credentials for those specific apps - I am limiting my 'powers' to those specific apps. Opening IE, FF or other does not give it Admin rights.

Using this scenario, if you were to visit a site and get a driveby download, popup with malicious code, hijack attempt, etc .. the damage would be limited to what the user has rights / privileges to. As an Admin, you have full access and rights to the entire system. The previous scenario as Admin can cause some serious chaos.

If everything you do requires Admin, it does become annoying - and usually means everything was installed and setup for that specific user level. If everything is setup and installed properly, the system should only ask for Admin credentials when they are truly needed (admininstrative configurations or changes) vice every time you access an app.

This IS and has been a huge security flaw with MS for a very long time. People create their 1st user with Admin rights .. and that's the account they use. Apple forced you to create an Admin password separate from your user accounts - and then forced you to authenticate everytime Admins were needed, regardless of being logged on as Admin or not (kind of like a red flag .. 'are you sure you want to do this'?).
Click to expand...
Ah, now I gotcha. I thought apps launched on an administrator account launched in regular user mode until you Right Click > Run as Administrator. That's a silly assumption on my part given MS's security track record.

I do agree it's a gaping security gap especially given the fact that most users haven't the slightest idea about security. Looks like I'll be backing up some %appdata% stuff and creating new user accounts this weekend.

OS X and Ubuntu's sudo system is the most workable security solution for the average person out there, IMHO.

Quick question:

My Dropbox resides on a separate internal hard drive. I can just install Dropbox under the new limited user and point it to D:\Dropbox. Dropbox will index the files (compare hashes) instead of downloading a fresh set of files. Am I going to run into ownership issues because the files were originally created by the admin account? On Linux, I'd just recursively chown the directory but I have no clue how to do that on Windows.

Handinon said:
I've learned a lot at ODJT from everyone, but if Steve were the only person here, it would still be worth the price of admission. I tried to beat him to the punch with the new Denon MCX8000 and should have known better - that's what I get for trying to one-up "The Man".

Having most of Windows 10 administrative functions under one roof (regardless if they are just links without permissions) is a 10+ in my book - I am firmly committed to Windows 10 at this point - no looking back. Thank you Steve!

I am not sure about about pasting links directly to other DJ Forums, but there is an excellent Windows 10 "Optimization Guide" at another site by "ATrain". I will post the link if it's OK.
Click to expand...

Glad to hear you like our little corner of the web. I learn something new just about every time I log in. There are no issues with linking out to other DJ forums.
 
Last edited:
  • Like
Reactions: ittigger
Big Dan said:
Glad to hear you like our little corner of the web. I learn something new just about every time I log in. There are no issues with linking out to other DJ forums.
Click to expand...

Roger that. Here it is, a link to Windows 10 optimization -

Windows 10 Optimization Guide

The piece about CCleaner is interesting. Always one of my favorite applications (especially for keeping the Registry clean), Windows 10 deliberately deleted CCleaner from both of my laptops during second "after 30 days" update.
 
  • Like
Reactions: DjDennis
Big Dan said:
Ah, now I gotcha. I thought apps launched on an administrator account launched in regular user mode until you Right Click > Run as Administrator. That's a silly assumption on my part given MS's security track record.
Click to expand...

In MS, if logged in as an Admin, everything runs as Admin. If logged in as a general user, Full System access is not authorized. In Linux / Unix, everything runs as a general user and will prompt you otherwise (this is one of the security benefits of Unix vs MS). UAC was a very light version of this - that said, when surfing, it would use Admin credentials to access the system - so whatever went to your cache had full system access.

Big Dan said:
I do agree it's a gaping security gap especially given the fact that most users haven't the slightest idea about security.
Click to expand...

+1. Sadly, they don't care until it's too late.

Big Dan said:
OS X and Ubuntu's sudo system is the most workable security solution for the average person out there, IMHO.
Click to expand...

+1.

Big Dan said:
Quick question:

My Dropbox resides on a separate internal hard drive. I can just install Dropbox under the new limited user and point it to D:\Dropbox. Dropbox will index the files (compare hashes) instead of downloading a fresh set of files. Am I going to run into ownership issues because the files were originally created by the admin account? On Linux, I'd just recursively chown the directory but I have no clue how to do that on Windows.
Click to expand...

Unless you have redone the security setup on that folder to allow only that user, I don't foresee an issue.

Big Dan said:
Glad to hear you like our little corner of the web. I learn something new just about every time I log in. There are no issues with linking out to other DJ forums.
Click to expand...

I learn something new all the time too. I love this place.
 
Last edited:
  • Like
Reactions: Dan The Man
I don't know .. in Unix, I always signed in as root ... everything ran as root.
 
Point really being - in other OS', you are walked through creating a password for the root user but to also create an additional user that you will regularly use. Windows just gives you a user and lets you do whatever you want. Kinda like giving a 13 year old the keys to your car and saying obey the laws.
 
  • Like
Reactions: Dan The Man and steve149
You must log in or register to reply here.
Top Bottom
Back