none
The Trusted Installer

    General discussion

  • Having been a developer for a major, major corporation, I've been around computers for around fory years. Security is an anathema to me since it gets in my way especially when I am developing like....now. Is there anyway to get rid of the Trusted Installer? People like Windows Seven. I find I dislike computer things inverseley proportionally to the general population. I don't like windows 7 although I loved Vista.

    What is it? A service?

    Renee
    Saturday, December 12, 2009 2:36 AM

All replies

  • Trustedinstaller.exe is a program for managment of windows updates and should not be disabled. It is present in both windows vista and 7. The trusted installer group owns many system files and will deny you access to move or delete. You can change the ACL of these files to suit your needs from the files or parent folders. 
    Seasons greetings!
    Saturday, December 12, 2009 4:07 AM
  • "Trustedinstaller.exe program for managment of windows updates and should not be disabled. The trusted installer group owns many system files and will deny you access to move or delete. You can change the ACL of these files to suit your needs from the parent folders. "

    Hmmm. I dont have any need to move or delete system fies.

    What's bothering me now, is the following class of errrors:

    "Access to the path 'C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\file.txt' is denied."

    I am writing a lister of filenames. File.txt is a listing file for a top level directory and all that is below it, whatever that top level is. This is Visual Studio in 'test mode' which is why the default is in 'visual studio'-land because it is in test mode.

    Renee

    Saturday, December 12, 2009 4:21 AM
  • OK Renee - You want to get rid of trusted installer. It's for Windows Update. What is the issue with Trusted Installer for the folder you have here?


    Seasons greetings!
    Saturday, December 12, 2009 4:28 AM
  • I don't have any strong issue's because I don't understand it yet. I do know that when I am messing with directories and I get a file protection error, that the trusted installer is likely to be involved. This is especially true for directories that are marked read-only and clearing that bit doesn't do any good because it is immediately reset. Personally, I didn't need any more File protection than XP had but it certainly looks as if it's here with a vengeance. (I'm not an XP buff-that was just the OS that I picked.)
    Renee
    Saturday, December 12, 2009 5:10 AM
  • My way around it is to assign myself or administrators owner of those objects I like to modify but usually there is no need. I've never had an access problem from the trusted installer like yourself for supported operations but many people have expressed their opinion about this so you are not the first. If you don't make unsuported modifications to your system technically you should never see an access block from the trusted installer group but that is not always the case.  A response to trusted installer group is the right click take ownership script that has surfaced on many websites since the arrival of Vista. Interestingly when assigning ownership to files the trusted installer group does not appear on the list of user groups.
    Seasons greetings!
    Saturday, December 12, 2009 5:25 AM
  • Many people myself included have noticed the high CPU usage from trustedinstaller.exe which may periodically decrease performance.


    Seasons greetings!
    Saturday, December 12, 2009 5:28 AM
  • I'm very sensitive to utilities that impact system performance and I have not noticed anything unusual from trusted installer other than it automatically invokes several trusts issues.
    Renee
    Saturday, December 12, 2009 5:47 AM
  • O.K.

    "Is there anyway to get rid of the Trusted Installer?"

    Not that I know of Renee.
     
    "I don't like windows 7 although I loved Vista."

    Both of these have the trusted installer user group so this is nothing new.

    My response to you since this issue has bean around for almost five years ever since Vista is to take control of the objects that trusted installer denies with the file security tab.


    "invokes several trusts issues." 


    Seasons greetings!
    Saturday, December 12, 2009 5:49 AM
  • Defcon1,

    About a year and a half-ago I was hit in a car driven by an illegal alien and spent a year in the hospital, so I have some asking to do.

    "you should never see an access block from the trusted installer group"

    I must apologize for my ignorance?

    " A response to trusted installer group is the right click take ownership script that has surfaced on many websites since the arrival of Vista."

    Could you clue me into that?

    "Interestingly when assigning ownership to files the trusted installer group does not appear on the list of user groups."

    Ooh you making me feel like I was in the hospial way too long.......

    Renee
     
    Saturday, December 12, 2009 6:02 AM
  • "My response to you since this issue has bean around for almost five years ever since Vista is to take control of the objects that trusted installer denies with the file security tab."

    I admit to being a developer but I am ignorant of what you are talkking about. Yes, I know of file proection but this sounds like more.

    Renee
    Saturday, December 12, 2009 6:07 AM
  • As I said earlier there have bean many complaints about Trusted Installer group limiting access to folders. As do many people you feel it is an excessive securiity measure as do I. I will clue you in on the right click method which will relieve you of the pain that I regret to hear the Trusted Installer has bean is causing you as it has myself.

    http://www.petri.co.il/add-take-ownership-context-menu-vista.htm


    Seasons greetings!
    Saturday, December 12, 2009 6:32 AM
  • Defcon1,

    I just wanted you let you know that I have been a reader of yours for years and say, "Thank you".

    Renee
    Saturday, December 12, 2009 2:18 PM
  • Oh, and this additional note. The change as I have it, does not work with Windows 7. I have yet to see a selection for file ownership on an RTM copy.

    Renee
    Saturday, December 12, 2009 3:58 PM
  • Hi Renee,

    Do you have UAC on still?  People who know what they're doing usually turn it off (pull the slider to the bottom) and use Administrator accounts.  As an admin, essentially "elevated" all the time, you have the ability to take ownership of files without any additional software, and open up the security so that you can access anything and everything on your computer at will.  As it should be.

    As an elevated administrator, here's how you would do it:

    1.  Navigate, in Explorer, to the folder containing the file or folder you want to be able to access, for example, "C:\Program Files\Microsoft Visual Studio 9.0\Common7"

    2.  Right-click on the folder/file, for example IDE, and choose Properties.

    3.  Click the Security tab.

    4.  Click Administrators on the top, and view the permissions you have in the bottom pane.

    5.  Assuming you don't have permissions to do what you want ("Full Control"), click the [ Advanced ] button near the bottom-right.

    6.  Click the Owner tab.

    7.  If "Administrators" is not the owner and you want it to be, press the [ Edit ] button near the bottom.

    8.  Click on Administrators.

    9.  Decide whether you'd like to perform this change on this folder all others below it, and if so check the "Replace owner on subcontainers and objects".

    10.  Press [ OK ] to make the change.  Once you have taken ownership, you'll need to close all the way back out with OK buttons, and go through steps 1 through 5 again.

    11.  Now you'll want to change permissions so that you (as a member of the Administrators account) have Full Control.

    12.  At the Security tab, click Administrators, and Edit.

    13.  In the "Permissions for xxxxx" dialog, verify that Administrators is selected, then check the Full Control box.  OK out of all dialogs.

    You now have permissions to do whatever you want to the folder/file(s).

    Now, if you're developing for others, you'll want to test your software with UAC enabled at all levels and other settings (e.g., permissions) at their defaults.  Virtual machines are the greatest inventions of the new millenium for just this kind of testing...  I have VMs for all the different environments I want to sell software into.  Bottom line is you can set your host workstation for your best productivity, and still have all the security junk for the masses turned on in the VMs.

    By the way, I'm still running Vista x64 on my main workstation, and will be until I'm convinced Windows 7 (running in VMs and on my MacBook) is willing to shoulder the load.  I need the workstation to be rock solid reliable and stable 24/7 as it is the SVN software server for my developers.  The only (and I mean ONLY) reboots it gets now are for Windows updates, and I do TONS of stuff with it.

    -Noel

    • Proposed as answer by Noel Carboni Saturday, December 12, 2009 5:35 PM
    Saturday, December 12, 2009 5:16 PM
  • Renee Culver wrote:
    > Having been a developer for a major, major corporation, I've been around
    > computers for around fory years. Security is an anathema to me since it gets in
    > my way especially when I am developing like....now.


    That being the case, please stop developing software. You, and other
    developers like you, are the reason the Windows world is so rife with
    viruses and malware.


    --

    Bruce Chambers

    Help us help you:
    http://www.catb.org/~esr/faqs/smart-questions.html

    http://support.microsoft.com/default.aspx/kb/555375

    ntial liberty to obtain a little temporary
    safety deserve neither liberty nor safety. ~Benjamin Franklin

    Many people would rather die than think; in fact, most do. ~Bertrand Russell

    The philosopher has never killed any priests, whereas the priest has
    killed a great many philosophers.
    ~ Denis Diderot
    Saturday, December 12, 2009 6:16 PM
  • Renee Culver wrote:
    > Having been a developer for a major, major corporation, I've been around
    > computers for around fory years. Security is an anathema to me since it gets in
    > my way especially when I am developing like....now.


    That being the case, please stop developing software. You, and other
    developers like you, are the reason the Windows world is so rife with
    viruses and malware.


    --

    Bruce Chambers

    Help us help you:
    http://www.catb.org/~esr/faqs/smart-questions.html

    http://support.microsoft.com/default.aspx/kb/555375

    ntial liberty to obtain a little temporary
    safety deserve neither liberty nor safety. ~Benjamin Franklin

    Many people would rather die than think; in fact, most do. ~Bertrand Russell

    The philosopher has never killed any priests, whereas the priest has
    killed a great many philosophers.
    ~ Denis Diderot


    HERE HERE !

    I'm a modest user no where upt par with a professional developer but in my spare time have bean accumulating knowledge and choose to share when applicable.

    This being said I've come up with a script for Win 7 unlike any other to assist people like Renee in being the proud owner of files and folders of any type imaginable but please be aware that this is only for administrators and those who do not use UAC.

    The other requirement is that you add subinacl.exe to %windir%\
    Why subinacl? Answer: 75% faster than take own + icacls. Handles legacy links.



    Warning: While this procedure might solve the issue or problem, serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk. For more information about modifying the registry, see Microsoft support article 256986.


    batch file code:

    @echo off
    
    COPY subinacl.exe %systemdrive%\WINDOWS\
    
    REM FILE
    
    reg add "HKEY_CLASSES_ROOT\*\shell\Take Ownership" /f /ve /d "Take Ownership"
    reg add "HKEY_CLASSES_ROOT\*\shell\Take Ownership" /f /v "HasLUAShield"
    reg add "HKEY_CLASSES_ROOT\*\shell\Take Ownership\command" /f /ve /d "CMD /C subinacl.EXE /noverbose /file ""%%1\"" /owner=%username% && subinacl.EXE /noverbose /file ""%%1\"" /grant=%username%=f"
    
    REM Folder
    
    reg add "HKEY_CLASSES_ROOT\Folder\shell\Take Ownership" /f /ve /d "Take Ownership"
    reg add "HKEY_CLASSES_ROOT\Folder\shell\Take Ownership" /f /v "HasLUAShield"
    reg add "HKEY_CLASSES_ROOT\Folder\shell\Take Ownership\command" /f /ve /d "CMD /C subinacl.EXE /noverbose /file ""%%1\"" /owner=%username% && subinacl.EXE /noverbose /subdirectories  ""%%1\*.*\"" /owner=%username% && subinacl.EXE /noverbose /file ""%%1\"" /grant=%username%=f && subinacl.EXE /noverbose /subdirectories ""%%1\*.*\"" /grant=%username%=f"
    
    REM .CMD FILE
    
    reg add "HKEY_CLASSES_ROOT\cmdfile\shell\Take Ownership" /f /ve /d "Take Ownership"
    reg add "HKEY_CLASSES_ROOT\cmdfile\shell\Take Ownership" /f /v "HasLUAShield"
    reg add "HKEY_CLASSES_ROOT\cmdfile\shell\Take Ownership\command" /f /ve /d "CMD /C subinacl.EXE /noverbose /file ""%%1\"" /owner=%username% && subinacl.EXE /noverbose /file ""%%1\"" /grant=%username%=f"
    
    REM .EXE FILE
    
    reg add "HKEY_CLASSES_ROOT\exefile\shell\Take Ownership" /f /ve /d "Take Ownership"
    reg add "HKEY_CLASSES_ROOT\exefile\shell\Take Ownership" /f /v "HasLUAShield"
    reg add "HKEY_CLASSES_ROOT\exefile\shell\Take Ownership\command" /f /ve /d "CMD /C subinacl.EXE /noverbose /file ""%%1\"" /owner=%username% && subinacl.EXE /noverbose /file ""%%1\"" /grant=%username%=f"
    
    
    
    
    
    
    
    
    
    
    

    Seasons greetings!
    • Edited by Ronnie VernonMVP, Moderator Saturday, December 12, 2009 7:11 PM Required Registry Warning.
    • Edited by ONE ZERO Saturday, December 12, 2009 7:29 PM
    • Proposed as answer by Brian Borg Saturday, December 12, 2009 10:23 PM
    Saturday, December 12, 2009 6:48 PM
  • So it's not complicated:

    Dave's Sky


    This also works on XP.

    I will add this diclosure:

    Warning: While this procedure might solve the issue or problem, serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk. For more information about modifying the registry, see Microsoft support article 256986




    Seasons greetings!
    • Edited by ONE ZERO Wednesday, December 16, 2009 5:11 AM
    Saturday, December 12, 2009 7:14 PM
  • No Bruce. People who do viruses are vandals it's pure and simple and that parts not complicated at all. I refuse to take any responsibility for viruses at all.  I have been around a lot longer than you have.

    Dave, thank you.

    Renee
    Sunday, December 13, 2009 4:06 AM
  • Renee Culver wrote:
    > No Bruce. People who do viruses are vandals it's pure and simple and that parts
    > not complicated at all. I refuse to take any responsibility for viruses at all.
    > I have been around a lot longer than you have.
    >

    I don't care how long you've been around. (And even I know that DEC
    was purchased by Compaq, not HP - I was a field service engineer for
    them. Years later, HP acquired Compaq, getting the whole ball of wax,
    so to speak.) If you're a developer who claims that security is an
    you're one of the weak links that open the doors
    for the virus writers. I'd almost have to call you a deliberate
    collaborator, in fact. Either learn to develop securely, or find
    another line of work. Please.


    --

    Bruce Chambers

    Help us help you:
    http://www.catb.org/~esr/faqs/smart-questions.html

    http://support.microsoft.com/default.aspx/kb/555375

    They that can give up essential liberty to obtain a little temporary
    safety deserve neither liberty nor safety. ~Benjamin Franklin

    Many people would rather die than think; in fact, most do. ~Bertrand Russell

    The philosopher has never killed any priests, whereas the priest has
    killed a great many philosophers.
    ~ Denis Diderot
    Sunday, December 13, 2009 4:32 AM
  • I'm sure all of us here are familiar with the security tab but I think Culver has a valid point where Windows is now over protective and security oriented to the point where productivity may be sacrificed. It's my guess the security measures in windows are more for marketing, to put the public at ease from the hysteria the press has caused on security issues. Most of the hysteria is based upon the non-existent.
    Seasons greetings!
    Sunday, December 13, 2009 4:32 AM
  • I find that, largely after my accident, I have to relearn Windows. Are you talking about the security tab each file has?

    I'm not like other developers. I have specific opions about computer users. They should learn computers. No learn? No computer. Of course capitalism enters in here and makes money from people remaining ignorant.
    Renee
    Sunday, December 13, 2009 4:54 AM


  • Let me go a little further with the thought. There is a fair amount of money in people remaining ignorant of computers so the moneys goes toward exteremely simplified computers INSTEAD of having the business people learn computing (gasp). This way a relative fortune can be be spent on software that's easy to use by people that don't know anything about computers. The secret of no viruses is educated people not to simple stupid operating systems which is the direction we've beeen going in.
    Renee
    Sunday, December 13, 2009 5:05 AM
  • I totally agree with you on this, a real knowledge of security is going to be the number one factor for keeping a system clean for any amount of time and for this, some of the added security measures won't make a bit of difference where the new security features often resemble parental controls.


    Seasons greetings!
    Sunday, December 13, 2009 5:16 AM
  • I have been watching this thread with a lot of interest.

    Let me just say that I agree with both of you, Renee and Defcon 1,

    UAC annoys me so much I have disabled it with Group Policy on my domain at home.  I also routinely take over ownership of the registry and entire drives so that I can set permissions.

    If I get a virus, or mess up windows, it is my own da__ fault.
    Sunday, December 13, 2009 5:26 AM
  • Hello Brian,
    Last night I totally disabeled the UAC on my machine. They have made it scaryer than they did with Vista. Actually it going to have less of an issue with Windows Seven now. My issues are down to two. Windows 7 does not return statuses like it did on Vista and the control panel has been rearranged to the point that it doesn't make sense. Windows 7 is really no longer an operating system. At least not as I define them.
    Renee
    Sunday, December 13, 2009 3:38 PM
  • "I don't care how long you've been around. (And even I know that DEC
    was purchased by Compaq, not HP - I was a field service engineer for
    them. Years later, HP acquired Compaq, getting the whole ball of wax,
    so to speak.) If you're a developer who claims that security is an
    you're one of the weak links that open the doors
    for the virus writers. I'd almost have to call you a deliberate
    collaborator, in fact. Either learn to develop securely, or find
    another line of work. Please."

    Well I didn't want to bore anyone so I left out the entirety of the history. I write systems code and I've never had and infection on my systems. I'd call that secure. I am on constantly.

    Security is definitely something that slows systems down and impedes people who know what they are doing.

    Renee
    Sunday, December 13, 2009 10:52 PM
  • Re: Control Panel . See this thread I just started and ended, answering my own question.

    How to make Control Panel show all entries as I was able to do in Win 7 RC1
    Rich
    Monday, December 14, 2009 2:05 AM
  • "What is it? A service?"


    The "Trusted Installer Service". It's a service and it's listed here: 

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrustedInstaller


    Seasons greetings!
    Monday, December 14, 2009 9:28 PM
  • STRINGTABLE
    LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
    {
    100,  "Windows Modules Installer"
    101,  "Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer."
    }


    (taken from trustedinstaller.exe.mui)
    Seasons greetings!
    Monday, December 14, 2009 9:41 PM
  • You know, I am writing a file scanner and security is pretty atrocious and I still have the feeling that the trusted installer is behind this.

    I keep seeing exceptions like this:

    Access to the path 'C:\Documents and Settings' is denied. I have the feeling that Windows 7 is going to be ugly.

    Renee
    Tuesday, December 15, 2009 6:42 AM
  • 'C:\Documents and Settings' is denied



    Reason for this: the "folder" 'Documents and Settings' is really a redirect link for older programs that used the old path and the new path for 7 is "Users". The "folder" 'Documents and Settings' is a special link so older programs won't get lost with Vista and 7's new directory structure. To access the example User "C:\Documents and Settings\Joe Franken" you don't want to use that link but find it through "C:\Users\Joe Franken" so in this case it wouldn't be Trusted Installer, just a legacy link.
    Seasons greetings!
    Tuesday, December 15, 2009 6:52 AM
  • As Defcon 1 said, it a link, or reparse point.  If you really want to follow the link, you can change the permissions using the /L switch for attrib (in a command prompt). You might have to take over ownership too.

    C:\>attrib /?
    Displays or changes file attributes.
    
    ATTRIB [+R | -R] [+A | -A ] [+S | -S] [+H | -H] [+I | -I]
           [drive:][path][filename] [/S [/D] [/L]]
    
      +   Sets an attribute.
      -   Clears an attribute.
      R   Read-only file attribute.
      A   Archive file attribute.
      S   System file attribute.
      H   Hidden file attribute.
      I   Not content indexed file attribute.
      [drive:][path][filename]
          Specifies a file or files for attrib to process.
      /S  Processes matching files in the current folder
          and all subfolders.
      /D  Processes folders as well.
      /L  Work on the attributes of the Symbolic Link versus
          the target of the Symbolic Link
    
    C:\>dir/ad
    . . .
    04/22/2009  03:22 AM    <JUNCTION>     Documents and Settings [C:\Users]
    
    C:\>attrib "Documents and Settings"
         R       C:\Documents and Settings
    
    C:\>attrib "Documents and Settings" /L
       SH   I    C:\Documents and Settings
    
    C:\>attrib -s -h "Documents and Settings" /L
    
    C:\>attrib "Documents and Settings"
         R       C:\Documents and Settings
    
    C:\>attrib "Documents and Settings" /L
            I    C:\Documents and Settings
    

    This by itself does not do it.  By default, the link is owned by SYSTEM.  But it also has an ACL which includes a Deny "List folder / read data" for Everyone.  This can be removed using the Security tab of the folder properties page.
    • Edited by Brian Borg Tuesday, December 15, 2009 9:48 PM
    Tuesday, December 15, 2009 9:39 PM
  • If I change the ACL of a symbolic link will older programs still work? For example opening folders with the command promt will still work with the old path style if I don't change it?
    Seasons greetings!
    Tuesday, December 15, 2009 9:47 PM
  • Before and after removing the Deny:

    C:\>dir    "Documents and Settings"
     Volume in drive C is 148g WD IDE
     Volume Serial Number is C24A-5367
    
     Directory of C:\Documents and Settings
    
    File Not Found
    
    C:\>dir    "Documents and Settings"
     Volume in drive C is 148g WD IDE
     Volume Serial Number is C24A-5367
    
     Directory of C:\Documents and Settings
    
    10/17/2009  01:47 PM    <DIR>          .
    10/17/2009  01:47 PM    <DIR>          ..
    10/19/2009  05:16 PM    <DIR>          Administrator
    12/14/2009  05:25 PM    <DIR>          Administrator.BORG
    10/13/2009  08:11 PM    <SYMLINKD>     All Users [Public]
    12/15/2009  02:42 PM    <DIR>          Brian
    10/17/2009  01:47 PM    <SYMLINKD>     Brian.Borg [Brian]
    04/22/2009  08:11 AM    <DIR>          Default
    04/22/2009  03:22 AM    <JUNCTION>     Default User [C:\Users\Default]
    10/13/2009  08:17 PM    <DIR>          Public
    11/29/2009  07:30 PM               278 desktop.ini
                   1 File(s)            278 bytes
                  10 Dir(s)  77,280,108,544 bytes free
    Tuesday, December 15, 2009 9:55 PM
  • Try this command before you change permission:

    explorer "C:\Documents and Settings"
    Seasons greetings!
    Tuesday, December 15, 2009 10:04 PM
  • Right, "Access is denied".

    This is the result of Deny "List folder / read data" for Everyone.  Nobody can even look at it.

    But you are still allowed read/right and other rights for folders and files accessed using paths using the link.  The concept is extended to the classical folders within each user folder.  At least that's the way it's supposed to work.
    Tuesday, December 15, 2009 10:47 PM
  • Typing explorer.exe "C:\Documents and Settings" opens my users directory, so my guess is older software that use the old address type use these links to stay compatible, the reason they are blocked through the UI is so they are not accidentely deleted and also so people will use the new style folders so while it is possible to change permission of these objects I recommend to leave them as - is and use the new folder structure. 


    Seasons greetings!
    Tuesday, December 15, 2009 11:04 PM


  • You fellows might want to advise a bit of caution while discussing this topic.   See  Endless Application Data folders in Windows Explorer



    That's why I don't mess with 'em.
    Seasons greetings!
    Tuesday, December 15, 2009 11:06 PM
  • "You fellows might want to advise a bit of caution while discussing this topic.  "

    We're all not fellows.

    Renee
    Wednesday, December 16, 2009 12:02 AM

  • I don't know what a 'ping-back' is.... But I do know this.... I am forgetful because I am brain injured. But overall I am cautious and do thank those people who unselfishfully provide things. I am interested in the topic. I am equally uninterested in people who look for thanks.
    Renee
    Wednesday, December 16, 2009 1:08 AM
  • Pingback
    Seasons greetings!
    Wednesday, December 16, 2009 1:13 AM

  • "A pingback is one of three types of linkbacks, methods for Web authors to request notification when somebody links to one of their documents. This enables authors to keep track of who is linking to, or referring to their articles. Some weblog software, such as Movable Type, Serendipity, WordPress and Telligent Community, support automatic pingbacks where all the links in a published article can be pinged when the article is published.

    Essentially, a pingback is an XML-RPC request (not to be confused with an ICMP ping) sent from Site A to Site B, when an author of the blog at Site A writes a post that links to Site B. However, it also requires a hyperlink. When Site B receives the notification signal, it automatically goes back to Site A checking for the existence of a live incoming link. If that link exists, the pingback is recorded successfully. This makes pingbacks less prone to spam than trackbacks. Pingback-enabled resources must either use an X-Pingback header or contain a <link> element to the XML-RPC script.

    Some web users[who?] find pingbacks annoying because pingbacks are placed in comments sections[citation needed] and people read comments sections for comments, not pingbacks."

    Thank you.
    Renee

    Wednesday, December 16, 2009 1:24 AM
  • Thank you, Daniel.

    Renee
    Wednesday, December 16, 2009 1:29 AM

  • OK Dave. Let us hope that this is the first of many. I am currently looking for gpedit.msc in Windows 7. I haven't found it yet. I'll keep on looking.
    Renee
    Wednesday, December 16, 2009 2:08 AM
  • Carey,

    Do you have something against me? This is the second time this week you have moved a thread of mine. Windows 7 Misc was an appropriate place for that thread. In case you haven't noticed I rarely ever leave the Misc section and I make an effort to stay with in the rules.
    Renee
    Wednesday, December 16, 2009 4:56 AM
  • Noel,

    Thanks very much for your detailed explanation; without it I did not have permission to copy TrustedInstaller.exe back into "C:\Windows\servicing".

    A followup question, if you don't mind: I (mistakenly) deleted TrustedInstaller.exe at the recommendation of my AV program (Avast!) and soon discovered without it I could no longer use Windows Update (on my Vista/64bit PC). Now that you so eloquently walked me through copying TrustedInstaller.exe back it appears that Windows Update is now working. But just to be certain, is copying TrustedInstaller.exe all I had to do? ie, there are no registry entries, etc... that I need be concerned about?

    Thanks again for your detailed explanation.

    Dan

    Saturday, August 14, 2010 12:16 AM
  • Without knowing more than just what you've written above, I imagine if TrustedInstaller.exe as a file was simply deleted by the AV software, you should be able to just put it back.  I can't think that the AV software would have gone hunting for its registry entries.

    Another option, failing the above, is to use System Restore to restore Windows back to a point where the file existed.

    Yet another option is to run the SFC /VERIFYONLY function at the command line, which will tell you about any Windows protected system files it knows about that have been removed or corrupted.  SFC /SCANNOW can be used to restore them if any are turned up...  I'm not sure whether TrustedInstaller is a protected system file or not, but I would guess it is.  Note that these System File Checker utility commands take a long time to run.

    -Noel

    Saturday, August 14, 2010 12:57 AM
  • The UAC was one of the first things I turned off when I went to windows 7.

     

    Renee

    Saturday, August 14, 2010 1:20 AM
  • You Know.

    I wrote a virus on a netwok long before the Internet existed. All it did was to copy itself to nodes it could see, write me a note and then it deleted iitself.As it turned out that piece of software scared the living be-Jesus out of me. But the power of it scared me. Other than that I've never written any malovolent software and I RESENT the implication.

    Renee

    Saturday, August 14, 2010 1:31 AM
  • Just to be clear, Renee, I was responding to danny bromberg's question.

    -Noel

    Saturday, August 14, 2010 1:31 AM
  • I started to say, "What changed directory Structure?", but I now have to agree that with the additions of unions and reparsepoints it seems like "new" is less remote.

    Renee

    Saturday, August 14, 2010 2:01 AM
  • I use XP.
    Saturday, August 14, 2010 9:51 AM
  • I write many systems utilities, like right now I'm writing Filescan which will find files below and often an entire disk is searched. It's true I am torn because filescan is not just for me. And I do run as an Admininistrator. If you like a copy of Filescan, that can be arranged too.

    Like yourself I imagine, I have loved writing utilities. Mandatory File protections are killing efforts like this. There are future plans to do searches for text.

    Renee

    Saturday, August 14, 2010 3:13 PM
  • I still prefer to just take ownership and allow permissions for administrators, or even everyone, on everything.

    It doesn't seem to mess up anything.  I just need to remember which folders are links and where the real targit is.

    Saturday, August 14, 2010 4:21 PM
  • Not once did I have any trouble with Vista. I have inordinate file potection problems because of the trusted installer. It's fairly to se that Microsoft has taken a popular function and combined it with an unpopular funtion ie; the trusted installer.

    I have a better sense of the problem now and microsoft's solutions are minimally palatable.

    Renee


    "MODERN PROGRAMMING is deficient in elementary ways BECAUSE of problems INTRODUCED by MODERN PROGRAMMING." Me

    Wednesday, February 15, 2012 2:49 PM
  • I turn the UAC completey off upon installation.

    I know how to do it Neil. I feel that file security is excessive. Rember, I come from VMS development. That system was a sierus system. It was was very secure BUT it had a privilege that had to be assigned called BYPASS and it did exactly that. I wouldn't work without that privilege when I was in the field.

    Renee


    "MODERN PROGRAMMING is deficient in elementary ways BECAUSE of problems INTRODUCED by MODERN PROGRAMMING." Me

    Wednesday, February 15, 2012 2:58 PM
  • Actually it because MS's business plan has been to sell to dummies....and look where we are now.

    By the way I way to thank you for the script BUT I have a caveat....with VMS, it was very secure but with the privilege I didn't have to do ANYTHING and I never once got any problems from the file system.

    Renee


    "MODERN PROGRAMMING is deficient in elementary ways BECAUSE of problems INTRODUCED by MODERN PROGRAMMING." Me

    Wednesday, February 15, 2012 3:09 PM
  • OH! So you are willing to take responsibility for yourself....

    Renee


    "MODERN PROGRAMMING is deficient in elementary ways BECAUSE of problems INTRODUCED by MODERN PROGRAMMING." Me

    Wednesday, February 15, 2012 3:11 PM
  • Wow, you've dredged up an old thread.

    I think you and I are of a mind, Renee...  Like you, I choose to disable UAC, which makes your administrator account have just what you need - full time administrative access.

    Hey, to prove my undying love for Digital you should know this.  I just took delivery of two new-old-stock LK250 keyboards, because anything else just isn't as good.  :)

    -Noel


    Detailed how-to in my new eBook: Configure The Windows 7 "To Work" Options

    Wednesday, February 15, 2012 7:29 PM
  • I definitely prefer not having to worry about ownership and getting the file.

    LK250's WOW!!!!

    There used to be an explorer mod to modify the sub menu for Take Ownership. Does anyone know where I can find it or how to turn it on?

    Renee


    "MODERN PROGRAMMING is deficient in elementary ways BECAUSE of problems INTRODUCED by MODERN PROGRAMMING." Me


    • Edited by Renee Culver Thursday, February 16, 2012 4:56 AM
    Thursday, February 16, 2012 4:55 AM
  • No, Im not. I've never written a vrus and do not intend to. The reason that there are viruses is capitalism. Anyone can afford a computer so anyone one can write one.

    Renee :|


    "MODERN PROGRAMMING is deficient in elementary ways BECAUSE of problems INTRODUCED by MODERN PROGRAMMING." Me


    • Edited by Renee Culver Thursday, February 16, 2012 5:01 AM
    Thursday, February 16, 2012 4:59 AM
  • Bruce,

    Let me explain it to you nice and simply. VMS had priviledges. The BYPASS priviledge was to bypass file protection.

    I never ran without it. Few people ever got the bypass priviledge. I think you are childish and attacking.

    DEC was purchased by Compact who then went out of business and sold to HP.

    Develope securely? Why?

    Renee


    "MODERN PROGRAMMING is deficient in elementary ways BECAUSE of problems INTRODUCED by MODERN PROGRAMMING." Me




    • Edited by Renee Culver Thursday, February 16, 2012 5:18 AM
    Thursday, February 16, 2012 5:09 AM
  • LK250's WOW!!!!

    In the flesh.  With the addition of these two I have 7 now; I've worn 4 out over time and they have various failures (generally, key contacts that no longer close), but I keep them for parts.

    Funny thing, Digital shipped the new ones up with the spacebar popped-off.  Maybe that was so users could choose to install the little auxiliary spring - or not.  I like the spacebar stiff, so I put it in.

    New LK250 seeing the light of day for the first time in almost 30 years.

    Both the new keyboards powered-up and work perfectly.  Big ol' solid 8 bit technology from yesteryear still trumps modern junk.  Wow, these feel good to type on!

    New LK250 in service

    -Noel


    Detailed how-to in my new eBook: Configure The Windows 7 "To Work" Options

    Thursday, February 16, 2012 3:31 PM
  • Damn... now THIS is/was a thread worth reading!  Well said Renee. 

    I have been dealing with a some type of hosted vmm myself for several months... thus my reason for chiming in 9 months later, just wanted to say thank you for the knowledge, every lil bit helps!

    Stay safe.  F the Republicrats!  Vox Anon!


    AnonYmous

    Saturday, October 13, 2012 2:08 PM
  • You're welcome!

     I've worked on many things in the interim, but I am also working on that scanning task. The task fails for unknown reasons. What is done with the failure is anti-virus dependent. AVG will not allow the file to be touched. Kapersky crashes the system. There is a third choice which is to let me continue developing but neither will allow me to do that.

    Renee


    "MODERN PROGRAMMING is deficient in elementary ways BECAUSE of problems INTRODUCED by MODERN PROGRAMMING." Me


    Saturday, October 13, 2012 2:51 PM
  • Hi Renee,

    Do you have UAC on still?  People who know what they're doing usually turn it off (pull the slider to the bottom) and use Administrator accounts.  As an admin, essentially "elevated" all the time, you have the ability to take ownership of files without any additional software, and open up the security so that you can access anything and everything on your computer at will.  As it should be.

    As an elevated administrator, here's how you would do it:

    1.  Navigate, in Explorer, to the folder containing the file or folder you want to be able to access, for example, "C:\Program Files\Microsoft Visual Studio 9.0\Common7"

    2.  Right-click on the folder/file, for example IDE, and choose Properties.

    3.  Click the Security tab.

    4.  Click Administrators on the top, and view the permissions you have in the bottom pane.

    5.  Assuming you don't have permissions to do what you want ("Full Control"), click the [ Advanced ] button near the bottom-right.

    6.  Click the Owner tab.

    7.  If "Administrators" is not the owner and you want it to be, press the [ Edit ] button near the bottom.

    8.  Click on Administrators.

    9.  Decide whether you'd like to perform this change on this folder all others below it, and if so check the "Replace owner on subcontainers and objects".

    10.  Press [ OK ] to make the change.  Once you have taken ownership, you'll need to close all the way back out with OK buttons, and go through steps 1 through 5 again.

    11.  Now you'll want to change permissions so that you (as a member of the Administrators account) have Full Control.

    12.  At the Security tab, click Administrators, and Edit.

    13.  In the "Permissions for xxxxx" dialog, verify that Administrators is selected, then check the Full Control box.  OK out of all dialogs.

    You now have permissions to do whatever you want to the folder/file(s).

    Now, if you're developing for others, you'll want to test your software with UAC enabled at all levels and other settings (e.g., permissions) at their defaults.  Virtual machines are the greatest inventions of the new millenium for just this kind of testing...  I have VMs for all the different environments I want to sell software into.  Bottom line is you can set your host workstation for your best productivity, and still have all the security junk for the masses turned on in the VMs.

    By the way, I'm still running Vista x64 on my main workstation, and will be until I'm convinced Windows 7 (running in VMs and on my MacBook) is willing to shoulder the load.  I need the workstation to be rock solid reliable and stable 24/7 as it is the SVN software server for my developers.  The only (and I mean ONLY) reboots it gets now are for Windows updates, and I do TONS of stuff with it.

    -Noel

    So, having done the above... I now get the "You require permission from Administrators to make changes to this folder" !!!

    I'm logged in as myself, I am added to the admisistrators group with full privileges, UAC is off.

    Scenario: New PC built from scratch (details are so boring) SSD as primary OS HDD (Win7 x64), 2TB HDD as main operating and installation HDD (My Documents, program files etc) and then my OLD 1TB Win7 x86 HDD.  this has a ton of software, research, CAD drawings that I do not want to have to re-download from many, many sources. All I want to do now is to delete the old "Program Files","Program Data" and "Windows" directories.  my 2TB hdd is nearly full so no longer have the space to move files then format the disk (Given how Windows/Win7 hides things, I will most likely miss stuff anyway)

    Any further suggestions?

    James

    Thursday, December 27, 2012 11:35 PM
  • You need to turn off UAC or run Explorer "As Administrator" to start with to get through those steps unhindered.

      

    -Noel


    Detailed how-to in my eBooks:  

    Configure The Windows 7 "To Work" Options
    Configure The Windows 8 "To Work" Options

    Friday, December 28, 2012 12:42 AM
  • first off al i'm not as experienced as you guys AT ALL so if you can give me a solution for my problem please describe it the easy way ;)

    also i do have windows 8 unfortunately and this is a windows 7 topic but i could find the right topic / right people to answer my question anywhere else

    so what i want to know is how i can become the trustedinstaller (owner) with full permission to every single detail in my computer (particularly to edit my register with regedit) IN WINDOWS 8 ofcourse :)

    -maxim-

    • Edited by -maxim- Friday, August 02, 2013 9:06 PM
    Friday, August 02, 2013 8:59 PM
  • first off al i'm not as experienced as you guys AT ALL so if you can give me a solution for my problem please describe it the easy way ;)

    also i do have windows 8 unfortunately and this is a windows 7 topic but i could find the right topic / right people to answer my question anywhere else

    so what i want to know is how i can become the trustedinstaller (owner) with full permission to every single detail in my computer (particularly to edit my register with regedit) IN WINDOWS 8 ofcourse :)

    -maxim-

    Friday, August 02, 2013 9:08 PM
  • You don't "become the trustedinstaller".  That doesn't make sense as stated.  You CAN become the OWNER of something.

    This is key:  A user who's a member of the Administrators group can Take Ownership of anything.

    Once you own a file, you can Set Permissions to suit your needs.

    If Windows 8 registry permissions have been set so as to block your editing of the registry - presumably because Microsoft doesn't think you're capable of dealing with the consequences of doing so - you may need to Take Ownership of a particular key or group of keys/values.  Then you may need to Set Permissions on those keys/values to allow you (either a member of the Administrators group or your username specifically) to do the thing(s) you want.

    My advice:  Don't try to Take Ownership of everything then give yourself Full Control permissions.  That can net you all kinds of things you don't want, trust me.  Leave things as they are, and just grant yourself the additional permissions you require to do what you need to do to specific things.

      

    -Noel


    Detailed how-to in my eBooks:  

    Configure The Windows 7 "To Work" Options
    Configure The Windows 8 "To Work" Options


    Saturday, August 03, 2013 4:02 AM
  • these are  windows marketing spies steal info and sent back to servers
    Sunday, August 11, 2013 2:09 PM