Hi!
Want to do some modifications on my win 7 VM more conveniently. All internet tutorials that I google suggest me to take ownership from trusted installer. However, is there any ways/hack/trick to become a trusted installed so I wont have to take ownership? I tried to add user to that group but I couldnt find it and when I manually entered NT SERVICES\Trustedinstaller it did not accept that.
Trusted Installer is part of the OS itself and so not really a user or group that can be used, The only way you can make things "easier" is to unhide and use the hidden administrator (which outranks Trustedinstaller in most, if not all, places). Obviously this is not something to be done as a permanent change as it would circumvent most, if not all, of the inbuilt OS Security, but as a temporary measure and assuming you are aware of the potential issues that can be caused, (doing this on a VM suggest to me that you do), this is a valid process
Always disable the Hidden Administrator after you have finished working
I would suggest, due to the way that TrustedInstaller and the whole OS is set up, that Take ownership is Never used on the OS partition unless it is as a short term emergency measure
Also of course as long as you backup the VM safely you can ignore all my advice without any worries and if the changes or take ownership cause even terminal issues can be back up and running quickly
TrustedInstaller is a virtual service account, a kind of user account designed to run a particular service and only that service, and nothing else. Thus, nothing all but the service named "trustedinstaller" can ever run as it, nothing else can impersonate it. So it's not possible.
Possibly your best option is to just take ownership and then restore it back. Even ownership isn't that important, but permissions certainly are. Make sure to not to leave files open to anyone and it should be fine.
Note that the linked article says it's for Windows 10, but most, if not all of it also applies to earlier versions too. In particular virtual service accounts (and hence the fake trustedinstaller user) were introduced in Windows 7.
Is hidden administrator account any more powerful than just just right click an "run as administrator?"
Is it possible to get code somehow run in this? Like installers somehow get to run as it. I found this:TrustedInstaller is a virtual service account, a kind of user account designed to run a particular service and only that service, and nothing else. Thus, nothing all but the service named "trustedinstaller" can ever run as it, nothing else can impersonate it. So it's not possible.
ExecTI - Run Programs as TrustedInstaller
But when I looked at task manager, it still ran stuff as SYSTEM and when I wanted to delete file that belonged to TI i got denied. Also after taking ownership I was not able to modify access controls. I was only able to see permissions.
No.
There is no difference at all between any administrator account. Individual accounts can be subject to different permissions, but as an administrator, accounts are always able to lift those, ultimately having full control of the entire system.
The only difference between the built-in administrator account and any other is that you can't delete it and, by default, UAC don't affect it. Other than a few prompts you won't see any difference.
It seems that software is either broken or never did what it claims, instead running as SYSTEM, which is a very different thing.
SYSTEM is more "powerful" than administrators, but "TrustedInstaller", being in fact a virtual service account, is much less powerful than admins, it's pretty much the same as a standard user with some additional permissions given in critical system areas.
Installers don't run as TrustedInstaller at all. Being a virtual service account, it can only be used to run that particular service and nothing else. And the trustedinstaller service runs as SYSTEM! Nothing in the system ever runs as TrustedInstaller, but permissions to it are assigned by other accounts with sufficient privileges, like SYSTEM or another administrators.
Ok. Thanks for info. It seems that with some system files I either cant (in a sense that explorer.exe doesnt allow me to) edit the permissions or I am not allowed to.
What would be good cmd command to both take ownership and reset permissions.
Quote