Il Windows recovery, i.e. the so-called Windows Recovery Environment (WinRE), is an extremely powerful feature that allows you to repair your Microsof OS installationt in case something goes wrong after installing an application or driver for a device.
Thanks to a system based on Restore Pointsin fact, it is possible to restore Windows to the state prior to installing the software that caused problems. However, the Windows Recovery Environment also has some notable ones security vulnerabilities, so large that in some specific cases it would be safer to disable it. WinRE's biggest vulnerability is that some of its tools can be used even without user authentication. This means that an attacker, if he were able to gain control of our PC, could also restore it to the factory state by deleting all the applications we have installed (including antivirus) and all the data stored on the Windows partition.
This is a serious problem, especially if the PC is in busy places like offices, libraries and schools. That is why, in these cases, it would be better disable Windows Restore. Here's how to do it.
How to disable Windows Restore
To disable all WinRE functions it is necessary, first of all, to log into Windows with the system administrator credentials. In this way we will have access to all settings, even the security ones. After logging in we will have to launch the command line, choosing "Run as administrator". The command to run will be "reagentc.exe / disable". After executing this command Windows will warn us that the Restore has been disabled and will remain so until we, always with the administrator credentials, reactivate it by launching the command “reagentc.exe / enable“.
How to avoid the risks of Windows Recovery
Those who do not want to give up the functionality of WinRE, but are forced to share access to the computer with other people they do not trust, still have a chance to do so while maintaining a good degree of security. Just create several user accounts, with different roles. In theory, only two are needed: an administrator (protected by a strong password) and a “Guest” user (ie guest) who has limited functionality.
Those who log on to Windows with a Guest account, in fact, cannot use system tools, make changes to the operating system and cannot even install new applications. Finally, it cannot access the data saved by other accounts. It is a very limited type of account, therefore, but one that for users of a library or similar business is more than enough and, above all, much more secure.
How and why to disable Windows 10 recovery
