none
What is the purpose of TrustedInstaller ?

    Question

  • I've been reading a few forums about what issues the TrustedInstaller has caused on Windows Vista / Windows 7 and Windows 2008. It appears for those forums that TrustedInstaller is responsible for Windows Updates and ownership of the boot volume "C:\".

    My question is: What are the implcations of removing TrustedInstaller as an owner of the operating system volume C:\ ?
    Has anyone come across a defintion of the service and depenances the Trustedinstaller is repsonisble for?

    I'm running a terminal server on Windows 2008 from a web interface and I want to lockdown the boot volume so commands such as cmd or windows explorer can't be launched by joe user in running excel.

    Thanks for taking the time to read my post
    Tuesday, October 27, 2009 10:10 AM

Answers

  • Hi,

    TrustedInstaller.exe is Windows Module Installer service which is part of Windows Resource Protection.

    Windows Resource Protection (WRP) is a technology that restricts access to certain core system files, folders, and registry keys that are part of the Windows Vista installation. WRP prevents files with .dll, .exe, .ocx, and .sys file extensions from being modified or replaced.

    Protecting these key resources is important to overall system stability, and, as such, they can only be modified by the Windows Module Installer service (TrustedInstaller.exe). If someone with administrative rights attempts to modify or replace a file that is protected by WRP, he will be presented with the message "Access Denied".

    If you change TrustedInstaller settings, you put your system at risk and your system may not function properly. It’s not suggested to remove it.

    Thanks.

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Thursday, October 29, 2009 7:25 AM

All replies

  • Hi,

    TrustedInstaller.exe is Windows Module Installer service which is part of Windows Resource Protection.

    Windows Resource Protection (WRP) is a technology that restricts access to certain core system files, folders, and registry keys that are part of the Windows Vista installation. WRP prevents files with .dll, .exe, .ocx, and .sys file extensions from being modified or replaced.

    Protecting these key resources is important to overall system stability, and, as such, they can only be modified by the Windows Module Installer service (TrustedInstaller.exe). If someone with administrative rights attempts to modify or replace a file that is protected by WRP, he will be presented with the message "Access Denied".

    If you change TrustedInstaller settings, you put your system at risk and your system may not function properly. It’s not suggested to remove it.

    Thanks.

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Thursday, October 29, 2009 7:25 AM
  • Mervyn, is this protection done only by removing the Administrators group from such file ACLs and having its owner being the TrustedInstaller? or is there even any other protection mechanism in place?

    also what in the case of for example DELEGWIZ.INF file in System32 which is alse secured this way but is supported to be modified to create the Delegation of Control Wizard templates? Or is there any other best practice to add the templates?

    thank you.

    ondrej.


    • Proposed as answer by Jason21271 Friday, November 05, 2010 12:41 PM
    Saturday, October 31, 2009 1:59 PM
  • Hi Ondrej,

    As we know, it’s suggested to use normal user without administrative rights to perform daily operation. It’s a variant of this principle to use TrustedInstaller instead of Administrator.

    Regarding DELEGWIZ.INF, we may need manually to take ownership of this file if necessary.

    Thanks.

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Monday, November 02, 2009 7:57 AM
  • Well there is a problem with TrustedInstaller.  As an End User, I take it upon myself to mess up my system and to fix my system.  However, that isn't the purpose of my post.

    I had to reinstall Windows 7 because the boot.mgr thought it was damaged when I removed a drive and repair would not repair.  The duel boot configuration was completely unintentional, but the issue I have now is another windows folder that I cannot delete because of TrustedInstaller.

    It tells me that I do not have permissions to modify this folder.  My account is Admin and I have also used the Admin account all to no avail.  I transfered ownership and I still get the same error message.  So then how do disable WRP so that I can delete this folder to free up space?

    I disabled the Windows Module Installer service but all that did was not allow me to install updates.
    Wednesday, January 13, 2010 1:46 PM
  • Monday, August 30, 2010 9:03 PM
  • Next click on the Owner tab and you’ll now see that the current owner is TrustedInstaller.

    trustedinstaller windows 7

    Now click on the Edit button and choose who you would like to change the owner to, either your account or the Administrators. If your account is an Administrator account, I would suggest just picking Administrators.

    So far I came but the trustinstaller ;Succeed with me not that,no name change ;I can type nothing

    Succeed with me not that was probably already have other done

    someone hacked me thanks to trustinstaller every day

    So format C and the trustinstaller trustintaller

    How can I remove trustinstaller so I have 100% control over my pc

    mail johnnytram@tele2.nl

    Friday, July 20, 2012 10:46 AM