Trusted Installer

[Guest KWilson]

Why is Trusted Installer the owner of my C drive? And who is

TrustedInstaller, which is the way it is spelled on the Advanced Security

Settings for Local Disk (C:) under the Owner tab?

[Guest indivmed2008]

I have the same question--and am having the same issues! I did a search in

the registry from 'trustedinstaller' and did find a few entries, but I don't

remember seeing this term ever used on Windows systems for security group

purposes...

 

 

"KWilson" wrote:

<span style="color:blue">

> Why is Trusted Installer the owner of my C drive? And who is

> TrustedInstaller, which is the way it is spelled on the Advanced Security

> Settings for Local Disk (C:) under the Owner tab?</span>

[Guest Jacee]

<span style="color:blue">

> trustedinstaller is an integral part of Windows Vista.

> This will affect all servicing so the ability to install all os

> updates

> including security updates may not be available, the ability to change

> optional components may not work, or to add or remove OS related

> components..

> Thanks,

> Darrell Gorter[MSFT]</span>

 

It's best to leave this alone style_emoticons/

 

 

--

Jacee

 

MS-MVP Windows-Security 2006 & 2007

Posted via http://www.vistaheads.com

[Guest Darrell Gorter[MSFT]]

Hello,

This is part of the new ACLS to help improve security in Windows Vista

 

From this link below: I am posting a couple of paragraphs that talk about

Trusted Installer:

 

http://www.microsoft.com/technet/technetma...CL/default.aspx

 

Trusted Installer The Trusted Installer is actually a service, not a user,

even though you see permissions granted to it all over the file system.

Service hardening allows each service to be treated as a full-fledged

security principal that can be assigned permissions just like any other

user. For an overview of this feature, see the January 2007 issue of

TechNet Magazine. The book Windows Vista Security (Grimes and Johansson,

Wiley Press, 2007) explores service hardening in detail, including how it

is leveraged by other features, such as the firewall and IPsec.

 

Trusted Installer In Windows Vista, most of the OS files are owned by the

TrustedInstaller SID, and only that SID has full control over them. This is

part of the system integrity work that went into Windows Vista, and is

meant specifically to prevent a process that is running as an administrator

or Local System from automatically replacing the files. In order to delete

an operating system file, you thus need to take ownership of the file and

then add an ACE on it that lets you delete it. This provides a thin layer

of protection against a process that is running as LocalSystem and has a

System integrity label; a process that has lower integrity is not supposed

to be able to elevate itself to change ownership. Some services, for

instance, can run with medium integrity, even though they are running as

Local System. Such services cannot replace system files so an exploit that

takes over one of them can’t replace operating system files, making it a

bit harder to install a rootkit or other malware on the system. It also

becomes more difficult for system administrators who are offended by the

mere presence of some system binary to remove that binary.

 

 

 

 

Thanks,

Darrell Gorter[MSFT]

 

This posting is provided "AS IS" with no warranties, and confers no rights

--------------------

|> From: Jacee <Jacee.30kq8k@no-mx.forums.vistaheads.com>

|> Subject: Re: Trusted Installer

|> Date: Sat, 24 Nov 2007 22:12:23 +0000

|> Message-ID: <Jacee.30kq8k@no-mx.forums.vistaheads.com>

|> Organization: Vistaheads Windows Vista Community

|> User-Agent: vBulletin USENET gateway

|> X-Newsreader: vBulletin USENET gateway

|> X-Originating-IP: 12.73.26.107

|> References: <57375AB4-4CBD-4AE8-B968-3D2533C8B3BD@microsoft.com>

<5648F33C-9854-40FC-8912-65BB350A7262@microsoft.com>

|> Newsgroups: microsoft.public.windows.vista.security

|> NNTP-Posting-Host: violet.webhostingireland.ie 81.17.241.50

|> Lines: 1

|> Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP05.phx.gbl

|> Xref: TK2MSFTNGHUB02.phx.gbl

microsoft.public.windows.vista.security:10905

|> X-Tomcat-NG: microsoft.public.windows.vista.security

|>

|> <span style="color:blue">

> trustedinstaller is an integral part of Windows Vista.</span>

|> > This will affect all servicing so the ability to install all os<span style="color:blue">

> updates</span>

|> > including security updates may not be available, the ability to change

|> > optional components may not work, or to add or remove OS related

|> > components..

|> > Thanks,

|> > Darrell Gorter[MSFT]

|>

|> It's best to leave this alone style_emoticons/

 

 

--

Jacee

 

MS-MVP Windows-Security 2006 & 2007

Posted via http://www.vistaheads.com

 

|>

[Guest jotaene]

|> > components..

 

|> > Thanks,

|> > Darrell Gorter[MSFT]

|>

|> It's best to leave this alone style_emoticons/

 

 

--

Jacee

 

MS-MVP Windows-Security 2006 & 2007

Posted via http://www.vistaheads.com

 

|>

Actually there is a way around. Found it after testing a free software

that left one file in /windows/system32 after uninstalling the program.

Left other crap in the registry also, which could be removed manually.

I did the following:

- right click over the file

- go to propierties of xxx.dll (or whatsoever), select security tab

- advanced options tab

- owner tab

-edit

- mark your username NNN which shuld be in the lower list

- set as new owner in the list

- close the windows that opened

- right click on the file again

- click propierties

- point to your username NNN

- now you can change the propierties, beeing able to set write, delete,

etc.

 

Just tried (just for checking) with another file (a MS .dll file), worked

OK too.

I use the spanish Vista version, tab names were translated, some tab

names could be different in english.

 

jotaene

 

 

--

jotaene

Posted via http://www.vistaheads.com