{"id":2334,"date":"2017-02-22T07:38:27","date_gmt":"2017-02-22T06:38:27","guid":{"rendered":"http:\/\/borncity.com\/win\/?p=2334"},"modified":"2022-06-23T21:03:00","modified_gmt":"2022-06-23T19:03:00","slug":"windows-10-execute-programs-as-systemtrustedinstaller","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2017\/02\/22\/windows-10-execute-programs-as-systemtrustedinstaller\/","title":{"rendered":"Windows 10: Execute programs as System\/TrustedInstaller"},"content":{"rendered":"

[German<\/a>]In some cases it could be helpful to execute programs as System or Trusted Installer to avoid access denied conflicts. This blog post introduces two solutions for Windows 10. <\/p>\n

<\/p>\n

What's the problem?<\/h3>\n

\"\"Some registry entries or files could not be accessed\/changed from users belonging to Administrator group, because the ownership is set to System<\/em> or TrustedInstaller<\/em>. In forums you will find the suggestion, to take ownership and grant full access using the Security <\/em>property page or the commands takeown<\/em> and icacls<\/em>. While this works, it's a sub optimal solution. <\/p>\n

Would it not be better, if you can access objects like registry entries or file and folders with System or TrustedInstaller privileges? Well that's possible, let's have a short look at the situation. <\/p>\n

Working with System credentials using PsExec.exe<\/h3>\n

I came across this solution several years ago. I run the registry editor (regedit.exe) via Run as administrator, <\/em>but I wasn't able to change some registry keys. My problem was, that I've used VMLite and Virtualbox on the same machine, and ended with USB support issues. I was in need to delete a registry key, but that was refused. I've discussed this issue long time ago within my German blog post VMLite\/VirtualBox und der USB-Support<\/a>. <\/p>\n

Instead of tampering with access rights and take ownership of the key, I came across a smoother solution. The Sysinternals-Suite<\/a> contains the program PsExec.exe<\/em>, that can be run from command prompt. Using the command:  <\/p>\n

PsExec.exe -s -i regedit<\/em> <\/p>\n

enables us to rung registry editor with System privileges (the switch \u2013s <\/em>will force that). The switch \u2013i <\/em>requests an interactive mode for the program). The command has to be executed from an administrative command prompt windows (see Windows 10: Open command prompt window as administrator<\/a>). <\/p>\n

But that won't work with Explorer<\/h3>\n

What I used as a smooth solution to access registry keys owned by System could also be helpful to access files and folders owned by System. But there is a problem: Files and folders will be accessed via Windows Explorer (explorer.exe). And the solution provided above won't work for explorer.exe<\/em>. An attempt to access an object via explorer will be rejected. <\/p>\n

\"Ordner03\"<\/a> <\/p>\n

I've discussed this issue in 2011 within my German blog post Explorer als Administrator ausf\u00fchren<\/a>. The technical background: Windows Explorer is also used as Windows shell \u2013 and Windows has an internal rule that prevents executing explorer.exe <\/em>with System <\/em>user rights. But there is a simple solution: Use a third party file manager instead of explorer.exe <\/em>and execute it with System privileges. <\/p>\n

\"Ordner06\" <\/p>\n

I prefer portable file managers like FreeCommander<\/a> or Explorer++<\/a> for this purpose and use PSExec<\/em> to grant System privileges. <\/p>\n

Execute programs as TrustedInstaller, is that possible?<\/h3>\n

Some objects (registry keys and files\/folders) are owned by TrustedInstaller \u2013 that's a security feature to protect Windows app folders and system files from being altered by users and malware. The PSExec<\/em> trick won't allow access such objects and alter files, folders or keys. <\/p>\n

I've discussed a solution in October 2016 within my German blog post Programme als System oder TrustedInstaller ausf\u00fchren<\/a>. There is a free program, called PowerRun<\/em>, from sodrum.org<\/a>, that could be used for that purpose. Martin Brinkmann has also introduced this tool within this English article<\/a>.<\/p>\n

During writing a book about Windows 10 I decided back in January 2016 to test PowerRun again. But I failed to use PowerRun under Windows 10 \u2013 so I couldn't execute a program as TrustedInstaller. The reason was simple: Windows Defender and Smart Screen filter blocked this tool as malicious. I wasn't able to download and unpack PowerRun under Windows 7 and Windows 10. Although I'm sure, PowerRun isn't malicious, this solution is dead. I tested a few other tools (RunAsSystem and RunFromToken<\/a>), but have had other issues. <\/p>\n

Use Process Hacker and a Plugins<\/h3>\n

Finally I came across a Process Hacker<\/a> forum thread from 2015. There are some hints how to execute a program as TrustedInstaller. <\/p>\n