AppDev: Something You Should Know by Irena Kennedy

How to add "NT SERVICE\TrustedInstaller" for some folder by calling win api, e.g AllocateAndInitializeSid and SetNamedSecurityInfo?

WHat if the installer is a remote source? How do I enable it to modify, say, a .dll file?

In your procedure needs to add "Restart"

Is TrustedInstaller using TrustedInstaller.exe as a wrapper or shell? I'm debugging the following event from Windows Update Vista 64.

Faulting application TrustedInstaller.exe, version 6.0.6000.16386, time stamp 0x4549b6e9, faulting module wcp.dll, version 6.0.6000.16386, time stamp 0x4549d331, exception code 0x80000003, fault offset 0x0000000000187d75, process id 0xb14, application start time 0x01c7e76866e06be8.

I had problem with the command

NT SERVICE\TrustedInstaller on my Vista so wrote it like this instead.

NT Service\TrustedInstaller

After that it found it.

In your post you write "The way this protection is implemented is by setting an ACL on these resources only to allow the TrustedInstaller user to modify them."

In my experience, an application with backup/restore privileges can modify files regardless of their ACL/DACL.  But these files can't be modified unless the owner of the file is changed to something other than TrustedInstaller.  How is this protection accomplished by WFP?

thank you a lot I modified some files and I wanted all back exactly as it was before, thank you!!!

hi, i'm managing to repair my rundll32.exe at the system32 folder in the windows folder, i tried to add the TrustedInstaller permission, because it haven't but, when i add the permission and press ok or apply, it says "Unable to save permission change on rundll32, access is denied" but, i activate the DISABLE UAC feature and reboot my computer (restart). please give me an idea, i want to install microsoft C++ 2005, to play warcraft 3:frozen throne version 1.22a and play at the battle.net, but i can't install the C++ because of it.

Anyone know how to get TrustedInstaller to delete (or change ownership) of files that only TrustedInstaller has full rights for?

For some crazy reason in 2006 I copied 1GB of of system files to an external hard drive as part of a manual backup. These files are completely useless so I want to delete them... but as you might guess, I don't have access even as member of the Administrator's group. Thanks to article http://technet.microsoft.com/en-us/magazine/2007.06.acl.aspx I've looked through their ACLs and determined these files all have owner=TrustedInstaller and only TrustedInstaller has full rights. All other ACL entries (including local system and Administrators) only have read/write, so I can't delete these files.

Perhaps someone knows of a utility or steps that can either ignore NTFS ACLs for delete OR perhaps generate a manifest and trigger uninstall of specified target files.

Open an elevated command prompt:

takeown /F "G:\path\goes\here\*" /A /R /D Y

Then grant yourself full priviledges and delete away.

I tried this (Vista Home Premo). CL response was success but ownership was NOT changed.