[German]In some cases it could be helpful to execute programs as System or Trusted Installer to avoid access denied conflicts. This blog post introduces two solutions for Windows 10.
What’s the problem?
Some registry entries or files could not be accessed/changed from users belonging to Administrator group, because the ownership is set to System or TrustedInstaller. In forums you will find the suggestion, to take ownership and grant full access using the Security property page or the commands takeown and icacls. While this works, it’s a sub optimal solution.
Would it not be better, if you can access objects like registry entries or file and folders with System or TrustedInstaller privileges? Well that’s possible, let’s have a short look at the situation.
Working with System credentials using PsExec.exe
I came across this solution several years ago. I run the registry editor (regedit.exe) via Run as administrator, but I wasn’t able to change some registry keys. My problem was, that I’ve used VMLite and Virtualbox on the same machine, and ended with USB support issues. I was in need to delete a registry key, but that was refused. I’ve discussed this issue long time ago within my German blog post VMLite/VirtualBox und der USB-Support.
Instead of tampering with access rights and take ownership of the key, I came across a smoother solution. The Sysinternals-Suite contains the program PsExec.exe, that can be run from command prompt. Using the command:
PsExec.exe -s -i regedit
enables us to rung registry editor with System privileges (the switch –s will force that). The switch –i requests an interactive mode for the program). The command has to be executed from an administrative command prompt windows (see Windows 10: Open command prompt window as administrator).
But that won’t work with Explorer
What I used as a smooth solution to access registry keys owned by System could also be helpful to access files and folders owned by System. But there is a problem: Files and folders will be accessed via Windows Explorer (explorer.exe). And the solution provided above won’t work for explorer.exe. An attempt to access an object via explorer will be rejected.
I’ve discussed this issue in 2011 within my German blog post Explorer als Administrator ausführen. The technical background: Windows Explorer is also used as Windows shell – and Windows has an internal rule that prevents executing explorer.exe with System user rights. But there is a simple solution: Use a third party file manager instead of explorer.exe and execute it with System privileges.
Execute programs as TrustedInstaller, is that possible?
Some objects (registry keys and files/folders) are owned by TrustedInstaller – that’s a security feature to protect Windows app folders and system files from being altered by users and malware. The PSExec trick won’t allow access such objects and alter files, folders or keys.
I’ve discussed a solution in October 2016 within my German blog post Programme als System oder TrustedInstaller ausführen. There is a free program, called PowerRun, from sodrum.org, that could be used for that purpose. Martin Brinkmann has also introduced this tool within this English article.
During writing a book about Windows 10 I decided back in January 2016 to test PowerRun again. But I failed to use PowerRun under Windows 10 – so I couldn’t execute a program as TrustedInstaller. The reason was simple: Windows Defender and Smart Screen filter blocked this tool as malicious. I wasn’t able to download and unpack PowerRun under Windows 7 and Windows 10. Although I’m sure, PowerRun isn’t malicious, this solution is dead. I tested a few other tools (RunAsSystem and RunFromToken), but have had other issues.
Use Process Hacker and a Plugins
Finally I came across a Process Hacker forum thread from 2015. There are some hints how to execute a program as TrustedInstaller.
- You need Process Hacker (see SourceForge.net) – I used the portable version offered here (just unpack the archive into a local folder).
- Download also the TrustedInstaller plugins, mentioned within this forum thread. Unpack the zip archive and copy the .dll files to the appropriate 32/64 bit plugin sub folders.
After preparing ProcessHacker in that way, it’s simple to execute a Win32 program using the steps below.
1. Launch ProcessHacker using the Run as administrator to grant administrative privileges.
2. Open ProcessHacker menu Hacker and select the command Run as trusted installer.
3. Enter the command into the dialog box Run as trusted installer – use Browse button to select the .exe file and confirm it via OK.
ProcessHacker launches the TrustedInstaller services and hands over the process, that needed to be run with TrustedInstaller privileges. The process will be executed with Autority [NT-Autorität\System], as it is shown below in Sysinternals Process Explorer.
This works with registry editor and with portable file managers like Explorer++. It allows me, to alter system files without obtaining ownership and granting full access rights. So I can change things without leaving traces in ownership and access rights. Maybe it’s helpful for others.
Windows 10: Open command prompt window as administrator
Uninstalling ‘uninstallable’ Windows Updates
Tip: Tools SetACL and Delproof2 now are free for commercial use
heidoc.net and ‘Windows und Office ISO Download Tool’ – an update
Bugs in Windows Disk Management tool
Tool test: MiniTool Partition Wizard Free