The Trusted Installer
-
Saturday, December 12, 2009 2:36 AM
Having been a developer for a major, major corporation, I've been around computers for around fory years. Security is an anathema to me since it gets in my way especially when I am developing like....now. Is there anyway to get rid of the Trusted Installer? People like Windows Seven. I find I dislike computer things inverseley proportionally to the general population. I don't like windows 7 although I loved Vista.
What is it? A service?
Renee- Changed Type Ronnie VernonMVP, Moderator Sunday, December 13, 2009 9:19 PM Discussion
- Moved by Carey FrischMVP, Moderator Wednesday, December 16, 2009 2:48 AM Moved to relevant category (From:Windows 7 Miscellaneous)
All Replies
-
Saturday, December 12, 2009 4:07 AMTrustedinstaller.exe is a program for managment of windows updates and should not be disabled. It is present in both windows vista and 7. The trusted installer group owns many system files and will deny you access to move or delete. You can change the ACL of these files to suit your needs from the files or parent folders.
Seasons greetings! -
Saturday, December 12, 2009 4:21 AM
"Trustedinstaller.exe program for managment of windows updates and should not be disabled. The trusted installer group owns many system files and will deny you access to move or delete. You can change the ACL of these files to suit your needs from the parent folders. "
Hmmm. I dont have any need to move or delete system fies.
What's bothering me now, is the following class of errrors:
"Access to the path 'C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\file.txt' is denied."
I am writing a lister of filenames. File.txt is a listing file for a top level directory and all that is below it, whatever that top level is. This is Visual Studio in 'test mode' which is why the default is in 'visual studio'-land because it is in test mode.
Renee -
Saturday, December 12, 2009 4:28 AM
OK Renee - You want to get rid of trusted installer. It's for Windows Update. What is the issue with Trusted Installer for the folder you have here?
Seasons greetings! -
Saturday, December 12, 2009 5:10 AMI don't have any strong issue's because I don't understand it yet. I do know that when I am messing with directories and I get a file protection error, that the trusted installer is likely to be involved. This is especially true for directories that are marked read-only and clearing that bit doesn't do any good because it is immediately reset. Personally, I didn't need any more File protection than XP had but it certainly looks as if it's here with a vengeance. (I'm not an XP buff-that was just the OS that I picked.)
Renee -
Saturday, December 12, 2009 5:25 AMMy way around it is to assign myself or administrators owner of those objects I like to modify but usually there is no need. I've never had an access problem from the trusted installer like yourself for supported operations but many people have expressed their opinion about this so you are not the first. If you don't make unsuported modifications to your system technically you should never see an access block from the trusted installer group but that is not always the case. A response to trusted installer group is the right click take ownership script that has surfaced on many websites since the arrival of Vista. Interestingly when assigning ownership to files the trusted installer group does not appear on the list of user groups.
Seasons greetings! -
Saturday, December 12, 2009 5:28 AM
Many people myself included have noticed the high CPU usage from trustedinstaller.exe which may periodically decrease performance.
Seasons greetings! -
Saturday, December 12, 2009 5:47 AMI'm very sensitive to utilities that impact system performance and I have not noticed anything unusual from trusted installer other than it automatically invokes several trusts issues.
Renee -
Saturday, December 12, 2009 5:49 AMO.K.
"Is there anyway to get rid of the Trusted Installer?"
Not that I know of Renee.
"I don't like windows 7 although I loved Vista."
Both of these have the trusted installer user group so this is nothing new.
My response to you since this issue has bean around for almost five years ever since Vista is to take control of the objects that trusted installer denies with the file security tab.
"invokes several trusts issues."
Seasons greetings! -
Saturday, December 12, 2009 6:02 AMDefcon1,
About a year and a half-ago I was hit in a car driven by an illegal alien and spent a year in the hospital, so I have some asking to do.
"you should never see an access block from the trusted installer group"
I must apologize for my ignorance?
" A response to trusted installer group is the right click take ownership script that has surfaced on many websites since the arrival of Vista."
Could you clue me into that?
"Interestingly when assigning ownership to files the trusted installer group does not appear on the list of user groups."
Ooh you making me feel like I was in the hospial way too long.......
Renee
-
Saturday, December 12, 2009 6:07 AM"My response to you since this issue has bean around for almost five years ever since Vista is to take control of the objects that trusted installer denies with the file security tab."
I admit to being a developer but I am ignorant of what you are talkking about. Yes, I know of file proection but this sounds like more.
Renee -
Saturday, December 12, 2009 6:32 AM
As I said earlier there have bean many complaints about Trusted Installer group limiting access to folders. As do many people you feel it is an excessive securiity measure as do I. I will clue you in on the right click method which will relieve you of the pain that I regret to hear the Trusted Installer has bean is causing you as it has myself.
http://www.petri.co.il/add-take-ownership-context-menu-vista.htm
Seasons greetings! -
Saturday, December 12, 2009 2:18 PMDefcon1,
I just wanted you let you know that I have been a reader of yours for years and say, "Thank you".
Renee -
Saturday, December 12, 2009 3:58 PMOh, and this additional note. The change as I have it, does not work with Windows 7. I have yet to see a selection for file ownership on an RTM copy.
Renee -
Saturday, December 12, 2009 5:16 PM
Hi Renee,
Do you have UAC on still? People who know what they're doing usually turn it off (pull the slider to the bottom) and use Administrator accounts. As an admin, essentially "elevated" all the time, you have the ability to take ownership of files without any additional software, and open up the security so that you can access anything and everything on your computer at will. As it should be.
As an elevated administrator, here's how you would do it:
1. Navigate, in Explorer, to the folder containing the file or folder you want to be able to access, for example, "C:\Program Files\Microsoft Visual Studio 9.0\Common7"
2. Right-click on the folder/file, for example IDE, and choose Properties.
3. Click the Security tab.
4. Click Administrators on the top, and view the permissions you have in the bottom pane.
5. Assuming you don't have permissions to do what you want ("Full Control"), click the [ Advanced ] button near the bottom-right.
6. Click the Owner tab.
7. If "Administrators" is not the owner and you want it to be, press the [ Edit ] button near the bottom.
8. Click on Administrators.
9. Decide whether you'd like to perform this change on this folder all others below it, and if so check the "Replace owner on subcontainers and objects".
10. Press [ OK ] to make the change. Once you have taken ownership, you'll need to close all the way back out with OK buttons, and go through steps 1 through 5 again.
11. Now you'll want to change permissions so that you (as a member of the Administrators account) have Full Control.
12. At the Security tab, click Administrators, and Edit.
13. In the "Permissions for xxxxx" dialog, verify that Administrators is selected, then check the Full Control box. OK out of all dialogs.
You now have permissions to do whatever you want to the folder/file(s).
Now, if you're developing for others, you'll want to test your software with UAC enabled at all levels and other settings (e.g., permissions) at their defaults. Virtual machines are the greatest inventions of the new millenium for just this kind of testing... I have VMs for all the different environments I want to sell software into. Bottom line is you can set your host workstation for your best productivity, and still have all the security junk for the masses turned on in the VMs.
By the way, I'm still running Vista x64 on my main workstation, and will be until I'm convinced Windows 7 (running in VMs and on my MacBook) is willing to shoulder the load. I need the workstation to be rock solid reliable and stable 24/7 as it is the SVN software server for my developers. The only (and I mean ONLY) reboots it gets now are for Windows updates, and I do TONS of stuff with it.
-Noel- Proposed As Answer by Noel CarboniMicrosoft Community Contributor Saturday, December 12, 2009 5:35 PM
-
Saturday, December 12, 2009 6:16 PMRenee Culver wrote:
> Having been a developer for a major, major corporation, I've been around
> computers for around fory years. Security is an anathema to me since it gets in
> my way especially when I am developing like....now.
That being the case, please stop developing software. You, and other
developers like you, are the reason the Windows world is so rife with
viruses and malware.
--
Bruce Chambers
Help us help you:
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/default.aspx/kb/555375
ntial liberty to obtain a little temporary
safety deserve neither liberty nor safety. ~Benjamin Franklin
Many people would rather die than think; in fact, most do. ~Bertrand Russell
The philosopher has never killed any priests, whereas the priest has
killed a great many philosophers.
~ Denis Diderot -
Saturday, December 12, 2009 6:48 PM
Renee Culver wrote:
> Having been a developer for a major, major corporation, I've been around
> computers for around fory years. Security is an anathema to me since it gets in
> my way especially when I am developing like....now.
That being the case, please stop developing software. You, and other
developers like you, are the reason the Windows world is so rife with
viruses and malware.
--
Bruce Chambers
Help us help you:
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/default.aspx/kb/555375
ntial liberty to obtain a little temporary
safety deserve neither liberty nor safety. ~Benjamin Franklin
Many people would rather die than think; in fact, most do. ~Bertrand Russell
The philosopher has never killed any priests, whereas the priest has
killed a great many philosophers.
~ Denis Diderot
HERE HERE !
I'm a modest user no where upt par with a professional developer but in my spare time have bean accumulating knowledge and choose to share when applicable.
This being said I've come up with a script for Win 7 unlike any other to assist people like Renee in being the proud owner of files and folders of any type imaginable but please be aware that this is only for administrators and those who do not use UAC.
The other requirement is that you add subinacl.exe to %windir%\
Why subinacl? Answer: 75% faster than take own + icacls. Handles legacy links.
Warning: While this procedure might solve the issue or problem, serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk. For more information about modifying the registry, see Microsoft support article 256986.
batch file code:@echo off COPY subinacl.exe %systemdrive%\WINDOWS\ REM FILE reg add "HKEY_CLASSES_ROOT\*\shell\Take Ownership" /f /ve /d "Take Ownership" reg add "HKEY_CLASSES_ROOT\*\shell\Take Ownership" /f /v "HasLUAShield" reg add "HKEY_CLASSES_ROOT\*\shell\Take Ownership\command" /f /ve /d "CMD /C subinacl.EXE /noverbose /file ""%%1\"" /owner=%username% && subinacl.EXE /noverbose /file ""%%1\"" /grant=%username%=f" REM Folder reg add "HKEY_CLASSES_ROOT\Folder\shell\Take Ownership" /f /ve /d "Take Ownership" reg add "HKEY_CLASSES_ROOT\Folder\shell\Take Ownership" /f /v "HasLUAShield" reg add "HKEY_CLASSES_ROOT\Folder\shell\Take Ownership\command" /f /ve /d "CMD /C subinacl.EXE /noverbose /file ""%%1\"" /owner=%username% && subinacl.EXE /noverbose /subdirectories ""%%1\*.*\"" /owner=%username% && subinacl.EXE /noverbose /file ""%%1\"" /grant=%username%=f && subinacl.EXE /noverbose /subdirectories ""%%1\*.*\"" /grant=%username%=f" REM .CMD FILE reg add "HKEY_CLASSES_ROOT\cmdfile\shell\Take Ownership" /f /ve /d "Take Ownership" reg add "HKEY_CLASSES_ROOT\cmdfile\shell\Take Ownership" /f /v "HasLUAShield" reg add "HKEY_CLASSES_ROOT\cmdfile\shell\Take Ownership\command" /f /ve /d "CMD /C subinacl.EXE /noverbose /file ""%%1\"" /owner=%username% && subinacl.EXE /noverbose /file ""%%1\"" /grant=%username%=f" REM .EXE FILE reg add "HKEY_CLASSES_ROOT\exefile\shell\Take Ownership" /f /ve /d "Take Ownership" reg add "HKEY_CLASSES_ROOT\exefile\shell\Take Ownership" /f /v "HasLUAShield" reg add "HKEY_CLASSES_ROOT\exefile\shell\Take Ownership\command" /f /ve /d "CMD /C subinacl.EXE /noverbose /file ""%%1\"" /owner=%username% && subinacl.EXE /noverbose /file ""%%1\"" /grant=%username%=f"
Seasons greetings!- Edited by ONE ZERO Saturday, December 12, 2009 6:56 PM
- Edited by ONE ZERO Saturday, December 12, 2009 6:58 PM
- Edited by Ronnie VernonMVP, Moderator Saturday, December 12, 2009 7:11 PM Required Registry Warning.
- Edited by ONE ZERO Saturday, December 12, 2009 7:27 PM
- Edited by ONE ZERO Saturday, December 12, 2009 7:29 PM
- Proposed As Answer by Brian Borg Saturday, December 12, 2009 10:23 PM
-
Saturday, December 12, 2009 7:14 PM
So it's not complicated:
Dave's Sky
This also works on XP.
I will add this diclosure:
Warning: While this procedure might solve the issue or problem, serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk. For more information about modifying the registry, see Microsoft support article 256986
Seasons greetings! -
Sunday, December 13, 2009 4:06 AMNo Bruce. People who do viruses are vandals it's pure and simple and that parts not complicated at all. I refuse to take any responsibility for viruses at all. I have been around a lot longer than you have.
Dave, thank you.
Renee -
Sunday, December 13, 2009 4:32 AMRenee Culver wrote:
> No Bruce. People who do viruses are vandals it's pure and simple and that parts
> not complicated at all. I refuse to take any responsibility for viruses at all.
> I have been around a lot longer than you have.
>
I don't care how long you've been around. (And even I know that DEC
was purchased by Compaq, not HP - I was a field service engineer for
them. Years later, HP acquired Compaq, getting the whole ball of wax,
so to speak.) If you're a developer who claims that security is an
you're one of the weak links that open the doors
for the virus writers. I'd almost have to call you a deliberate
collaborator, in fact. Either learn to develop securely, or find
another line of work. Please.
--
Bruce Chambers
Help us help you:
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/default.aspx/kb/555375
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. ~Benjamin Franklin
Many people would rather die than think; in fact, most do. ~Bertrand Russell
The philosopher has never killed any priests, whereas the priest has
killed a great many philosophers.
~ Denis Diderot -
Sunday, December 13, 2009 4:32 AMI'm sure all of us here are familiar with the security tab but I think Culver has a valid point where Windows is now over protective and security oriented to the point where productivity may be sacrificed. It's my guess the security measures in windows are more for marketing, to put the public at ease from the hysteria the press has caused on security issues. Most of the hysteria is based upon the non-existent.
Seasons greetings! -
Sunday, December 13, 2009 4:54 AMI find that, largely after my accident, I have to relearn Windows. Are you talking about the security tab each file has?
I'm not like other developers. I have specific opions about computer users. They should learn computers. No learn? No computer. Of course capitalism enters in here and makes money from people remaining ignorant.
Renee -
Sunday, December 13, 2009 5:05 AM
Let me go a little further with the thought. There is a fair amount of money in people remaining ignorant of computers so the moneys goes toward exteremely simplified computers INSTEAD of having the business people learn computing (gasp). This way a relative fortune can be be spent on software that's easy to use by people that don't know anything about computers. The secret of no viruses is educated people not to simple stupid operating systems which is the direction we've beeen going in.
Renee -
Sunday, December 13, 2009 5:16 AM
I totally agree with you on this, a real knowledge of security is going to be the number one factor for keeping a system clean for any amount of time and for this, some of the added security measures won't make a bit of difference where the new security features often resemble parental controls.
Seasons greetings! -
Sunday, December 13, 2009 5:26 AMI have been watching this thread with a lot of interest.
Let me just say that I agree with both of you, Renee and Defcon 1,
UAC annoys me so much I have disabled it with Group Policy on my domain at home. I also routinely take over ownership of the registry and entire drives so that I can set permissions.
If I get a virus, or mess up windows, it is my own da__ fault. -
Sunday, December 13, 2009 3:38 PMHello Brian,
Last night I totally disabeled the UAC on my machine. They have made it scaryer than they did with Vista. Actually it going to have less of an issue with Windows Seven now. My issues are down to two. Windows 7 does not return statuses like it did on Vista and the control panel has been rearranged to the point that it doesn't make sense. Windows 7 is really no longer an operating system. At least not as I define them.
Renee -
Sunday, December 13, 2009 10:52 PM"I don't care how long you've been around. (And even I know that DEC
was purchased by Compaq, not HP - I was a field service engineer for
them. Years later, HP acquired Compaq, getting the whole ball of wax,
so to speak.) If you're a developer who claims that security is an
you're one of the weak links that open the doors
for the virus writers. I'd almost have to call you a deliberate
collaborator, in fact. Either learn to develop securely, or find
another line of work. Please."
Well I didn't want to bore anyone so I left out the entirety of the history. I write systems code and I've never had and infection on my systems. I'd call that secure. I am on constantly.
Security is definitely something that slows systems down and impedes people who know what they are doing.
Renee -
Monday, December 14, 2009 2:05 AMRe: Control Panel . See this thread I just started and ended, answering my own question.
How to make Control Panel show all entries as I was able to do in Win 7 RC1
Rich -
Monday, December 14, 2009 9:28 PM"What is it? A service?"
The "Trusted Installer Service". It's a service and it's listed here:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrustedInstaller
Seasons greetings! -
Monday, December 14, 2009 9:41 PMSTRINGTABLE
LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
{
100, "Windows Modules Installer"
101, "Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer."
}
(taken from trustedinstaller.exe.mui)
Seasons greetings! -
Tuesday, December 15, 2009 6:42 AMYou know, I am writing a file scanner and security is pretty atrocious and I still have the feeling that the trusted installer is behind this.
I keep seeing exceptions like this:
Access to the path 'C:\Documents and Settings' is denied. I have the feeling that Windows 7 is going to be ugly.
Renee -
Tuesday, December 15, 2009 6:52 AM'C:\Documents and Settings' is denied
Reason for this: the "folder" 'Documents and Settings' is really a redirect link for older programs that used the old path and the new path for 7 is "Users". The "folder" 'Documents and Settings' is a special link so older programs won't get lost with Vista and 7's new directory structure. To access the example User "C:\Documents and Settings\Joe Franken" you don't want to use that link but find it through "C:\Users\Joe Franken" so in this case it wouldn't be Trusted Installer, just a legacy link.
Seasons greetings! -
Tuesday, December 15, 2009 9:39 PM
As Defcon 1 said, it a link, or reparse point. If you really want to follow the link, you can change the permissions using the /L switch for attrib (in a command prompt). You might have to take over ownership too.
C:\>attrib /? Displays or changes file attributes. ATTRIB [+R | -R] [+A | -A ] [+S | -S] [+H | -H] [+I | -I] [drive:][path][filename] [/S [/D] [/L]] + Sets an attribute. - Clears an attribute. R Read-only file attribute. A Archive file attribute. S System file attribute. H Hidden file attribute. I Not content indexed file attribute. [drive:][path][filename] Specifies a file or files for attrib to process. /S Processes matching files in the current folder and all subfolders. /D Processes folders as well. /L Work on the attributes of the Symbolic Link versus the target of the Symbolic Link C:\>dir/ad . . . 04/22/2009 03:22 AM <JUNCTION> Documents and Settings [C:\Users] C:\>attrib "Documents and Settings" R C:\Documents and Settings C:\>attrib "Documents and Settings" /L SH I C:\Documents and Settings C:\>attrib -s -h "Documents and Settings" /L C:\>attrib "Documents and Settings" R C:\Documents and Settings C:\>attrib "Documents and Settings" /L I C:\Documents and Settings
This by itself does not do it. By default, the link is owned by SYSTEM. But it also has an ACL which includes a Deny "List folder / read data" for Everyone. This can be removed using the Security tab of the folder properties page.- Edited by Brian Borg Tuesday, December 15, 2009 9:48 PM
-
Tuesday, December 15, 2009 9:47 PMIf I change the ACL of a symbolic link will older programs still work? For example opening folders with the command promt will still work with the old path style if I don't change it?
Seasons greetings! -
Tuesday, December 15, 2009 9:55 PM
Before and after removing the Deny:
C:\>dir "Documents and Settings" Volume in drive C is 148g WD IDE Volume Serial Number is C24A-5367 Directory of C:\Documents and Settings File Not Found C:\>dir "Documents and Settings" Volume in drive C is 148g WD IDE Volume Serial Number is C24A-5367 Directory of C:\Documents and Settings 10/17/2009 01:47 PM <DIR> . 10/17/2009 01:47 PM <DIR> .. 10/19/2009 05:16 PM <DIR> Administrator 12/14/2009 05:25 PM <DIR> Administrator.BORG 10/13/2009 08:11 PM <SYMLINKD> All Users [Public] 12/15/2009 02:42 PM <DIR> Brian 10/17/2009 01:47 PM <SYMLINKD> Brian.Borg [Brian] 04/22/2009 08:11 AM <DIR> Default 04/22/2009 03:22 AM <JUNCTION> Default User [C:\Users\Default] 10/13/2009 08:17 PM <DIR> Public 11/29/2009 07:30 PM 278 desktop.ini 1 File(s) 278 bytes 10 Dir(s) 77,280,108,544 bytes free -
Tuesday, December 15, 2009 10:04 PMTry this command before you change permission:
explorer "C:\Documents and Settings"
Seasons greetings! -
Tuesday, December 15, 2009 10:47 PMRight, "Access is denied".
This is the result of Deny "List folder / read data" for Everyone. Nobody can even look at it.
But you are still allowed read/right and other rights for folders and files accessed using paths using the link. The concept is extended to the classical folders within each user folder. At least that's the way it's supposed to work. -
Tuesday, December 15, 2009 11:04 PM
Typing explorer.exe "C:\Documents and Settings" opens my users directory, so my guess is older software that use the old address type use these links to stay compatible, the reason they are blocked through the UI is so they are not accidentely deleted and also so people will use the new style folders so while it is possible to change permission of these objects I recommend to leave them as - is and use the new folder structure.
Seasons greetings! -
Tuesday, December 15, 2009 11:06 PM
You fellows might want to advise a bit of caution while discussing this topic. See Endless Application Data folders in Windows Explorer
That's why I don't mess with 'em.
Seasons greetings! -
Wednesday, December 16, 2009 12:02 AM"You fellows might want to advise a bit of caution while discussing this topic. "
We're all not fellows.
Renee -
Wednesday, December 16, 2009 1:08 AM
I don't know what a 'ping-back' is.... But I do know this.... I am forgetful because I am brain injured. But overall I am cautious and do thank those people who unselfishfully provide things. I am interested in the topic. I am equally uninterested in people who look for thanks.
Renee -
Wednesday, December 16, 2009 1:13 AMPingback
Seasons greetings! -
Wednesday, December 16, 2009 1:24 AM
"A pingback is one of three types of linkbacks, methods for Web authors to request notification when somebody links to one of their documents. This enables authors to keep track of who is linking to, or referring to their articles. Some weblog software, such as Movable Type, Serendipity, WordPress and Telligent Community, support automatic pingbacks where all the links in a published article can be pinged when the article is published.Essentially, a pingback is an XML-RPC request (not to be confused with an ICMP ping) sent from Site A to Site B, when an author of the blog at Site A writes a post that links to Site B. However, it also requires a hyperlink. When Site B receives the notification signal, it automatically goes back to Site A checking for the existence of a live incoming link. If that link exists, the pingback is recorded successfully. This makes pingbacks less prone to spam than trackbacks. Pingback-enabled resources must either use an X-Pingback header or contain a
<link>element to the XML-RPC script.Some web users[who?] find pingbacks annoying because pingbacks are placed in comments sections[citation needed] and people read comments sections for comments, not pingbacks."
Thank you.
Renee -
Wednesday, December 16, 2009 1:29 AMThank you, Daniel.
Renee -
Wednesday, December 16, 2009 2:08 AM
OK Dave. Let us hope that this is the first of many. I am currently looking for gpedit.msc in Windows 7. I haven't found it yet. I'll keep on looking.
Renee -
Wednesday, December 16, 2009 4:56 AMCarey,
Do you have something against me? This is the second time this week you have moved a thread of mine. Windows 7 Misc was an appropriate place for that thread. In case you haven't noticed I rarely ever leave the Misc section and I make an effort to stay with in the rules.
Renee -
Saturday, August 14, 2010 12:16 AM
Noel,
Thanks very much for your detailed explanation; without it I did not have permission to copy TrustedInstaller.exe back into "C:\Windows\servicing".
A followup question, if you don't mind: I (mistakenly) deleted TrustedInstaller.exe at the recommendation of my AV program (Avast!) and soon discovered without it I could no longer use Windows Update (on my Vista/64bit PC). Now that you so eloquently walked me through copying TrustedInstaller.exe back it appears that Windows Update is now working. But just to be certain, is copying TrustedInstaller.exe all I had to do? ie, there are no registry entries, etc... that I need be concerned about?
Thanks again for your detailed explanation.
Dan
-
Saturday, August 14, 2010 12:57 AM
Without knowing more than just what you've written above, I imagine if TrustedInstaller.exe as a file was simply deleted by the AV software, you should be able to just put it back. I can't think that the AV software would have gone hunting for its registry entries.
Another option, failing the above, is to use System Restore to restore Windows back to a point where the file existed.
Yet another option is to run the SFC /VERIFYONLY function at the command line, which will tell you about any Windows protected system files it knows about that have been removed or corrupted. SFC /SCANNOW can be used to restore them if any are turned up... I'm not sure whether TrustedInstaller is a protected system file or not, but I would guess it is. Note that these System File Checker utility commands take a long time to run.
-Noel
-
Saturday, August 14, 2010 1:20 AM
The UAC was one of the first things I turned off when I went to windows 7.
Renee
-
Saturday, August 14, 2010 1:31 AM
You Know.
I wrote a virus on a netwok long before the Internet existed. All it did was to copy itself to nodes it could see, write me a note and then it deleted iitself.As it turned out that piece of software scared the living be-Jesus out of me. But the power of it scared me. Other than that I've never written any malovolent software and I RESENT the implication.
Renee
-
Saturday, August 14, 2010 1:31 AM
Just to be clear, Renee, I was responding to danny bromberg's question.
-Noel
-
Saturday, August 14, 2010 2:01 AM
I started to say, "What changed directory Structure?", but I now have to agree that with the additions of unions and reparsepoints it seems like "new" is less remote.
Renee
-
Saturday, August 14, 2010 9:51 AMI use XP.
-
Saturday, August 14, 2010 3:13 PM
I write many systems utilities, like right now I'm writing Filescan which will find files below and often an entire disk is searched. It's true I am torn because filescan is not just for me. And I do run as an Admininistrator. If you like a copy of Filescan, that can be arranged too.
Like yourself I imagine, I have loved writing utilities. Mandatory File protections are killing efforts like this. There are future plans to do searches for text.
Renee
-
Saturday, August 14, 2010 4:21 PM
I still prefer to just take ownership and allow permissions for administrators, or even everyone, on everything.
It doesn't seem to mess up anything. I just need to remember which folders are links and where the real targit is.
-
Wednesday, February 15, 2012 2:49 PM
Not once did I have any trouble with Vista. I have inordinate file potection problems because of the trusted installer. It's fairly to se that Microsoft has taken a popular function and combined it with an unpopular funtion ie; the trusted installer.
I have a better sense of the problem now and microsoft's solutions are minimally palatable.
Renee
"MODERN PROGRAMMING is deficient in elementary ways BECAUSE of problems INTRODUCED by MODERN PROGRAMMING." Me
-
Wednesday, February 15, 2012 2:58 PM
I turn the UAC completey off upon installation.
I know how to do it Neil. I feel that file security is excessive. Rember, I come from VMS development. That system was a sierus system. It was was very secure BUT it had a privilege that had to be assigned called BYPASS and it did exactly that. I wouldn't work without that privilege when I was in the field.
Renee
"MODERN PROGRAMMING is deficient in elementary ways BECAUSE of problems INTRODUCED by MODERN PROGRAMMING." Me
-
Wednesday, February 15, 2012 3:09 PM
Actually it because MS's business plan has been to sell to dummies....and look where we are now.
By the way I way to thank you for the script BUT I have a caveat....with VMS, it was very secure but with the privilege I didn't have to do ANYTHING and I never once got any problems from the file system.
Renee
"MODERN PROGRAMMING is deficient in elementary ways BECAUSE of problems INTRODUCED by MODERN PROGRAMMING." Me
-
Wednesday, February 15, 2012 3:11 PM
OH! So you are willing to take responsibility for yourself....
Renee
"MODERN PROGRAMMING is deficient in elementary ways BECAUSE of problems INTRODUCED by MODERN PROGRAMMING." Me
-
Wednesday, February 15, 2012 7:29 PM
Wow, you've dredged up an old thread.
I think you and I are of a mind, Renee... Like you, I choose to disable UAC, which makes your administrator account have just what you need - full time administrative access.
Hey, to prove my undying love for Digital you should know this. I just took delivery of two new-old-stock LK250 keyboards, because anything else just isn't as good. :)
-Noel
Detailed how-to in my new eBook: Configure The Windows 7 "To Work" Options
-
Thursday, February 16, 2012 4:55 AM
I definitely prefer not having to worry about ownership and getting the file.
LK250's WOW!!!!
There used to be an explorer mod to modify the sub menu for Take Ownership. Does anyone know where I can find it or how to turn it on?
Renee
"MODERN PROGRAMMING is deficient in elementary ways BECAUSE of problems INTRODUCED by MODERN PROGRAMMING." Me
- Edited by Renee Culver Thursday, February 16, 2012 4:56 AM
-
Thursday, February 16, 2012 4:59 AM
No, Im not. I've never written a vrus and do not intend to. The reason that there are viruses is capitalism. Anyone can afford a computer so anyone one can write one.
Renee :|
"MODERN PROGRAMMING is deficient in elementary ways BECAUSE of problems INTRODUCED by MODERN PROGRAMMING." Me
- Edited by Renee Culver Thursday, February 16, 2012 5:01 AM
-
Thursday, February 16, 2012 5:09 AM
Bruce,
Let me explain it to you nice and simply. VMS had priviledges. The BYPASS priviledge was to bypass file protection.
I never ran without it. Few people ever got the bypass priviledge. I think you are childish and attacking.
DEC was purchased by Compact who then went out of business and sold to HP.
Develope securely? Why?
Renee
"MODERN PROGRAMMING is deficient in elementary ways BECAUSE of problems INTRODUCED by MODERN PROGRAMMING." Me
- Edited by Renee Culver Thursday, February 16, 2012 5:11 AM
- Edited by Renee Culver Thursday, February 16, 2012 5:12 AM
- Edited by Renee Culver Thursday, February 16, 2012 5:18 AM
-
Thursday, February 16, 2012 3:31 PM
LK250's WOW!!!!
In the flesh. With the addition of these two I have 7 now; I've worn 4 out over time and they have various failures (generally, key contacts that no longer close), but I keep them for parts.
Funny thing, Digital shipped the new ones up with the spacebar popped-off. Maybe that was so users could choose to install the little auxiliary spring - or not. I like the spacebar stiff, so I put it in.
Both the new keyboards powered-up and work perfectly. Big ol' solid 8 bit technology from yesteryear still trumps modern junk. Wow, these feel good to type on!
-Noel
Detailed how-to in my new eBook: Configure The Windows 7 "To Work" Options
-
Saturday, October 13, 2012 2:08 PM
Damn... now THIS is/was a thread worth reading! Well said Renee.
I have been dealing with a some type of hosted vmm myself for several months... thus my reason for chiming in 9 months later, just wanted to say thank you for the knowledge, every lil bit helps!
Stay safe. F the Republicrats! Vox Anon!
AnonYmous
-
Saturday, October 13, 2012 2:51 PM
You're welcome!
I've worked on many things in the interim, but I am also working on that scanning task. The task fails for unknown reasons. What is done with the failure is anti-virus dependent. AVG will not allow the file to be touched. Kapersky crashes the system. There is a third choice which is to let me continue developing but neither will allow me to do that.
Renee
"MODERN PROGRAMMING is deficient in elementary ways BECAUSE of problems INTRODUCED by MODERN PROGRAMMING." Me
- Edited by Renee Culver Saturday, October 13, 2012 2:53 PM
-
Thursday, December 27, 2012 11:35 PM
Hi Renee,
Do you have UAC on still? People who know what they're doing usually turn it off (pull the slider to the bottom) and use Administrator accounts. As an admin, essentially "elevated" all the time, you have the ability to take ownership of files without any additional software, and open up the security so that you can access anything and everything on your computer at will. As it should be.
As an elevated administrator, here's how you would do it:
1. Navigate, in Explorer, to the folder containing the file or folder you want to be able to access, for example, "C:\Program Files\Microsoft Visual Studio 9.0\Common7"
2. Right-click on the folder/file, for example IDE, and choose Properties.
3. Click the Security tab.
4. Click Administrators on the top, and view the permissions you have in the bottom pane.
5. Assuming you don't have permissions to do what you want ("Full Control"), click the [ Advanced ] button near the bottom-right.
6. Click the Owner tab.
7. If "Administrators" is not the owner and you want it to be, press the [ Edit ] button near the bottom.
8. Click on Administrators.
9. Decide whether you'd like to perform this change on this folder all others below it, and if so check the "Replace owner on subcontainers and objects".
10. Press [ OK ] to make the change. Once you have taken ownership, you'll need to close all the way back out with OK buttons, and go through steps 1 through 5 again.
11. Now you'll want to change permissions so that you (as a member of the Administrators account) have Full Control.
12. At the Security tab, click Administrators, and Edit.
13. In the "Permissions for xxxxx" dialog, verify that Administrators is selected, then check the Full Control box. OK out of all dialogs.
You now have permissions to do whatever you want to the folder/file(s).
Now, if you're developing for others, you'll want to test your software with UAC enabled at all levels and other settings (e.g., permissions) at their defaults. Virtual machines are the greatest inventions of the new millenium for just this kind of testing... I have VMs for all the different environments I want to sell software into. Bottom line is you can set your host workstation for your best productivity, and still have all the security junk for the masses turned on in the VMs.
By the way, I'm still running Vista x64 on my main workstation, and will be until I'm convinced Windows 7 (running in VMs and on my MacBook) is willing to shoulder the load. I need the workstation to be rock solid reliable and stable 24/7 as it is the SVN software server for my developers. The only (and I mean ONLY) reboots it gets now are for Windows updates, and I do TONS of stuff with it.
-NoelSo, having done the above... I now get the "You require permission from Administrators to make changes to this folder" !!!
I'm logged in as myself, I am added to the admisistrators group with full privileges, UAC is off.
Scenario: New PC built from scratch (details are so boring) SSD as primary OS HDD (Win7 x64), 2TB HDD as main operating and installation HDD (My Documents, program files etc) and then my OLD 1TB Win7 x86 HDD. this has a ton of software, research, CAD drawings that I do not want to have to re-download from many, many sources. All I want to do now is to delete the old "Program Files","Program Data" and "Windows" directories. my 2TB hdd is nearly full so no longer have the space to move files then format the disk (Given how Windows/Win7 hides things, I will most likely miss stuff anyway)
Any further suggestions?
James
-
Friday, December 28, 2012 12:42 AM
You need to turn off UAC or run Explorer "As Administrator" to start with to get through those steps unhindered.
-Noel
Detailed how-to in my eBooks:
Configure The Windows 7 "To Work" Options
Configure The Windows 8 "To Work" Options
.png)
