@dwizzzleMSFT @Lenovo That's awesome, can we expect adminless user to be default standard for upcoming windows 11 update on all devices?

@AathifMahir @Lenovo won't be the default in the first go, but optional in the first release.

@dwizzzleMSFT @Lenovo When I go to the Lenovo store the default is Windows 11 Home - $60 extra for Pro? Do all these security features work on the Home edition?

@parityzero @Lenovo I *think* all are in home except Drtm is in pro, cred guard is in ent

@dwizzzleMSFT I worry that eventually computer owners won’t be able to run their own software with maximum privilege, turning Windows into Xbox.

@Myriachan you can turn any or all of this off if you want to.

@dwizzzleMSFT @Lenovo But Adminless how?? latest build doesn't have it yet?

@CyberCakeX @Lenovo an admin account is created under the hood a "runas" is done in the context of that session with an NGC auth (e.g. Hello) so basically fingerprint/face/pin runas admin

@dwizzzleMSFT @brandonleblanc @Lenovo Also in Win11 for 2024 SMB signing required by default SMB server brute force password protection on by default SMB guest fallback disabled by default in Pro SMB1 uninstalled in all editions SMB NTLM blocking available SMB encryption mandate available

@dwizzzleMSFT @Lenovo That's exciting, I didn't expect to see these changes that early. Does the signing enforcement also count for DLLs? Is DRTM used for key sealing by default?

@dwizzzleMSFT @Lenovo Smart App Control out of the box on a non-enterprise laptop? That's kinda wild, even if you can turn it off in options, especially with all the certificate signing discourse.

@dwizzzleMSFT @Lenovo Is it seriously about the standard user account by default? I hope this helps resolve the compatibility issues when using that kind of account, Windows UAC has always had those issues since it was introduced in Vista.

@dwizzzleMSFT @Lenovo SAC shipped in enforcement mode?

@dwizzzleMSFT @Lenovo so will this Smart App Control thing flag harmless files that are very much not malicious as "malicious" like SmartScreen does today?

@dwizzzleMSFT @Lenovo What?

@dwizzzleMSFT @Lenovo Pluton?

@dwizzzleMSFT @Lenovo Microsoft’s terminology is somewhat confusing here as per usual: these “app” features AppSilo, SmartApp etc. do they apply to any EXE launched by the user? Or only to literal apps aka UWP apps from the App Store?

@dwizzzleMSFT @never_unsealed @Lenovo People now will not worry much about being hacked by someone. The dangers is from signed and “legitimate” apps and cloud services that will exfiltrate your data after you agree on their long terms and conditions.

@dwizzzleMSFT @Lenovo How do you install anything not in the Store, then? And no, installing per user doesn't count, programs belong in Program Files, not in some random folder in my user profile!