win11PROadm
New Member
- Joined
- Jul 23, 2024
- Messages
- 5
Hello Mike, thank you for responding. My issue is basically that I want to do certain things and that the OS is not allowing me, even though I am using Windows 'Pro'. Basically I want to replace Windows Defender with third party av, preferably Clam AV, if I am able, but another third AV would be fine too as long as I do not manage to use Clam AV because setting it up seems quite the task.Welcome to the forums. I'm sure everything is fine and you just need to run a malware scan or something. Can you explain in further detail what precise issue you are having? It sounds like you're confused by some sort of automation happening, but doesn't sound that bad... !
1. Do you mean that when changes I made get reverted it is only due to the Windows updates resetting them, or can it also be due to privileges that I do not have? I would appreciate it if Windows just told me I can not change something rather than letting me change it and then reverting it again behind my back, without even a notification that it happened.Yes, there are a ton of scheduled tasks and updates can revert settings.
Well I can't answer all of your questions, but for #2, the primary reason that you have group policy is to make the registry values and keypairs editable by humans running servers to make it manageable and coherent. Without these policies in plain English form, it would be difficult to manage. Suppose for a moment that I am making numerous changes in the registry. Now I have to go do that 10-20x per day as a part of my regular job function. The ledger that would have to be maintained would be so vast and huge, you would have to create a new registry that just keeps track of all of those other registry or datastores. In addition, the risk of making a critical and devestating irreversible change to one of the registries would increase over time. It is just a mangement capability that humans wrote to make it more coherent. Not only that, but not all group policies edit only the registry. There are policies that impact the behavior of the operating system at different levels.1. Do you mean that when changes I made get reverted it is only due to the Windows updates resetting them, or can it also be due to privileges that I do not have? I would appreciate it if Windows just told me I can not change something rather than letting me change it and then reverting it again behind my back, without even a notification that it happened.
2. What I also wonder is why is there a gpeditor if all can be done by regedit? It seems to me, a layer upon a layer. What is the rationale behind this?
3, Would having a Windows Enterprise version make it easier for me to disable the antivirus system entirely, without updates reverting it again behind my back? I would prefer to practice safe internet usage and do virus scans manually rather than having my system being taken over by applications that act on their own device.
I know that I can not easily use Windows Enterprise 11 tied to my hardware, that the license is not intended by MS to be used in that way, but maybe it is possible to install Windows 10 Enterprise in that way? Or is Windows 10 completely off the table by now?
Thanks!
Not really, to disable Windows Defender its pretty much one command in PowerShell.. the issue would be the zero day vulnerabilities and exploits coming in repeatedly from around the world. If your system were exposed to the Internet, it would eventually get compromised without any protection and perhaps even with the latest updates. You could have a zero day vulnerability come in, and if there was already reconaissance done on your network, it could be quickly exploited if you were a valuable target. Windows 10 support will likely continue for a long time to come, but it seems they intentionally obsoleted old systems to enforce more device-based security.3, Would having a Windows Enterprise version make it easier for me to disable the antivirus system entirely, without updates reverting it again behind my back? I would prefer to practice safe internet usage and do virus scans manually rather than having my system being taken over by applications that act on their own device.
I know that I can not easily use Windows Enterprise 11 tied to my hardware, that the license is not intended by MS to be used in that way, but maybe it is possible to install Windows 10 Enterprise in that way? Or is Windows 10 completely off the table by now?
So that script would work in Win 11 Professional too? And would it have to be repeated every startup or can it be made permanently? I can also protect myself vs infection with regular backups. I prefer having to re-install my OS now and then over needing the constant help and interference of third parties being active within my system constantly. I might be a bit dogmatic but for me it is about sovereignty. I also hate that we are begin pushed around to renew our software constantly to keep up, while many older software was pretty good (Word 2003 comes to mind). I just want a working machine, and that's it, no interference needed. It is as if these companies aim to make themselves indispensable so that we keep shelling out cash. In my view anti-virus is just part of this treadmill. Tbh, the only time in my life that I had a trojan that I couldn't remove manually after the infection, I knew that I was going to have it, right before I ran the bloody file that did it. It was entirely avoidable.Not really, to disable Windows Defender its pretty much one command in PowerShell.. the issue would be the zero day vulnerabilities and exploits coming in repeatedly from around the world. If your system were exposed to the Internet, it would eventually get compromised without any protection and perhaps even with the latest updates. You could have a zero day vulnerability come in, and if there was already reconaissance done on your network, it could be quickly exploited if you were a valuable target. Windows 10 support will likely continue for a long time to come, but it seems they intentionally obsoleted old systems to enforce more device-based security.
The only reason you would disable it without using an exception list might be because you are running an IDE in a development testbed or the system is airgapped.. you could always disable it, in the past gamers have even done so to squeeze out a few extra frames per second, but its really not worth it at this stage. The risk is not worth the reward. And yeah most of it is designed for social engineering to get you to click on the box.So that script would work in Win 11 Professional too? And would it have to be repeated every startup or can it be made permanently? I can also protect myself vs infection with regular backups. I prefer having to re-install my OS now and then over needing the constant help and interference of third parties being active within my system constantly. I might be a bit dogmatic but for me it is about sovereignty. I also hate that we are begin pushed around to renew our software constantly to keep up, while many older software was pretty good (Word 2003 comes to mind). I just want a working machine, and that's it, no interference needed. It is as if these companies aim to make themselves indispensable so that we keep shelling out cash. In my view anti-virus is just part of this treadmill. Tbh, the only time in my life that I had a trojan that I couldn't remove manually after the infection, I knew that I was going to have it, right before I ran the bloody file that did it. It was entirely avoidable.
Back up the registry before you do that. Here are the differences between 11 Pro and Enterprise (from our somewhat trusty ChatGPT integration...)So that script would work in Win 11 Professional too? And would it have to be repeated every startup or can it be made permanently?
Feature | Windows 10 Pro | Windows 10 Enterprise |
---|---|---|
Security Features | ||
Windows Defender Application Guard | No | Yes |
Windows Defender Credential Guard | No | Yes |
Windows Defender Advanced Threat Protection (ATP) | No | Yes |
AppLocker | No | Yes |
Device Guard | No | Yes |
Management and Deployment | ||
DirectAccess | No | Yes |
Windows To Go | No | Yes |
BranchCache | No | Yes |
Start Screen Control | No | Yes |
Managed User Experience | No | Yes |
Enterprise-Level Features | ||
Microsoft Application Virtualization (App-V) | No | Yes |
Microsoft User Environment Virtualization (UE-V) | No | Yes |
Licensing and Activation | ||
Volume Activation | No | Yes |