change admin mode

setup.py

@@ -126,7 +126,8 @@ def install():
     #CIS - Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled'.
     registry_set(HKEY_LOCAL_MACHINE, r"System\CurrentControlSet\Control\Session Manager\Kernel", "ObCaseInsensitive","1")
     #CIS - Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled'.
-    registry_set(HKEY_LOCAL_MACHINE, r"System\CurrentControlSet\Control\Session Manager", "ProtectionMode","1")
+    # registry_set(HKEY_LOCAL_MACHINE, r"System\CurrentControlSet\Control\Session Manager", "ProtectionMode","1")
+    registry_set(HKEY_LOCAL_MACHINE, r"System\CurrentControlSet\Control\Session Manager", "ProtectionMode","0")
     #CIS - Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'.
     registry_set(HKEY_LOCAL_MACHINE, r"Software\Microsoft\Windows\CurrentVersion\Policies\System", "FilterAdministratorToken","1")
     #CIS - Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Automatically deny elevation
@@ -244,7 +245,7 @@ def install():
     #CIS - Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'.
     run('netsh advfirewall firewall add rule name="BlockOutbound" dir=out action=allow')
     #CIS - Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'.
-    run("netsh advfirewall set allprofiles settings notifications off")
+    #run("netsh advfirewall set allprofiles settings notifications off")
     #CIS - Ensure 'Windows Firewall: Domain: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\domainfw.log'.
     run(r'netsh advfirewall set domain logging filename "%SystemRoot%\System32\logfiles\firewall\domainfw.log"')
     #CIS - Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\domainfw.log'.