TrustedInstaller permission deleted

  • Thread starter Thread starter Smithsonian
  • Start date Start date
S

Smithsonian

Ok, I accidentaly deleted TrustedInstaller trying to get full permission of
my C: drive. I havent found anything wrong but the windows installer service
wasnt working correctly. Is there a way to add it back?

Also my system restore is bugged(Wouldn't of made this post if it wasn't). I
edited the registry and it get stucks. I knew what I was doing when I was
editing the registry. I dont know if this was was a bug or I was just getting
impatient. My computer quit thinking while it was restoring the registry
 
Hello,

You can reference the trusted installer in the security permission dialog
box by using the name "NT SERVICE\TrustedInstaller".

It really does pay to be very careful when modifying security permissions on
system files/folders (I generally advise against doing it at all),
especially when you are near the root of the file system. Small changes on
system files/folders can have unforseen consequences (I found this out the
hard way myself).

As for system restore / registry problems, do you mean it froze while you
were doing a system restore, or are you referring to an import you were
doing in regedit?
 
I tried adding it back and it is telling me Access is denied to the following
locations:
C:\$RECYCLE.BIN
C:\$Vault$.AVG
C:\autoexec.bat
C:\BACKUP
C:\bcmwl6.log
C:\Boot
C:\bootmgr
C:\BOOTSECT.BAK
C:\config.sys
C:\Documents
C:\Documents and settings
C:\google
C:\hiberfil.sys (can not be accessed because in use)
C:\MOVE_RECOVERY
C:\MSOCache
C:\pagefile.sys (In use)
C:\power2go.log
C:\Program Files
C:\ProgramData
C:\System Volume Information
C:\User
C:\Users
C:\Windows

Thats my whole hard drive I think. Trusted installer is there and it shows
the file permssions but i dont think that is accurate.
 
It is interesting, I do not have the TrustedInstaller among my groups in
users and groups GUI. When I ran gpresult.exe at command prompt in
Windows\System32 I got this:

The user is a part of the following security groups
---------------------------------------------------
None
Everyone
Netmon Users
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
NTLM Authentication
High Mandatory Level

I am not a member of the TrustedIntaller (it is nowhere to be seen) and also
half of these groups never show up in the GUI which can be invoked by
lusrmgr.exe

Can anyone make any meaningful comment on all this fog?

I posted yesterday on my trouble with DAEMON malware and the
TrustedInstaller was the major figure in Properties box. I could not get rid
of it.

Also there was another crazy ghost: Rightful Owner. That might be the
malware writer himself:)
 
I noticed my cd drive is not working. it was working fine yesterday(when I
made post) Also it doesnt look like the audio driver loaded
 
Many folders beneath C are set not to inherit permission changes. Also, some
folders are protected by system file protection, so you would not be able to
modify them without performing additional steps.

TrustedInstaller is generally set as the owner of objects, I don't think it
is generally assigned specific permissions.

It sounds like your system may have more serious problems than permissions.
If you have a Windows setup CD, you might try the automatic repair option
available from the recovery section if you boot from it.
 
Hello,

TrustedInstaller is not a group, it is a service.

In Windows Vista, services can be assigned an SID which can be used to
specifically limit what a service has access to, without making it run in
the context of a SYSTEM account or a normal user account.

I have not heard of a "rightful owner" security group. Are you sure it was
not "CREATOR OWNER", which is legit?
 
Back
Top