How to remove unneeded large asian font files from font folder

Anytime I try to remove a large asian system font from the font folder it
seems I can't because it is owned by the "trustedinstaller" group which
evidently even the system administrator is not a member of. I do not need or
want these humogous files in my fonts folder. What can be done about this?

Charles Fischer

 

You could add yourself to the trusted installer group (you can belong to
more than one group) and then try deleting the unwanted files and folders.

 

Vista initially offers only two groups - Administrator and User. After
running MMC and adding the relevant snap-ins, you get the choice of 14
groups, none of which is labelled "trusted" "installer" or "trusted
installer" - so now what?

Charles

 

Right click My Computer> Manage will bring up an MMC console with Users and
Groups. Sorry you ended up taking the long way around.

Am also going to apologize for a bum steer. "Trusted Installer" was a group
in during the public preview stages of Vista development. It is no longer
included.

Have you tried going to Properties of the font file. On the Security tab
you'll see various user groups (including Trusted Installers) listed. If
you click on TrustedInstaller, you'll see that "Full Control" is marked. If
you click on "Administrators," you'll see that only Read and Read and
Execute are active. Click the shielded button. The shield indicates
Administrator privileges are required and clicking the button will bring up
a UAC prompt. OK that button. Edit the permissions for Administrators to
include Full Control. Then delete the unwanted font files.

Personally and barring the optional removal of components through Turn
Windows Features On/Off, I recommend leaving all operating system files
including fonts untouched but it's your boat...

 

Sharon,

I had already tried that, with no success. After you click the shield, you
can VIEW all the privileges, but you cannot actually EDIT them since the
checkboxes are all greyed out, so it's not really "my boat" after all. Big
Brother Knows Best!

Charles

 

Hello,

This is part of Windows Vista's system file protection - By default, not
even administrators have write access to protected system files.

The TrustedInstaller is NOT a group; it is actually a service (the
TrustedInstaller service), which handles service pack updates.

However, fear not, you are STILL an administrator, and CAN access the files
.... you just have to go thru some extra steps.

* Windows Business or Ultimate editions

In the security tab of the properties screen:

- click Advanced
- Click Owner tab
- Click Edit button
- Click Administrators in the list
- Click OK
- Keep clicking OK until you close out of all of the properties screens

Now, go back into the file properties and you can edit the permissions
however you like

* Windows Home Editions

- Click start
- Type: cmd
- Right-click cmd and click Run As Administrator
- cd to the folder that contains the file you wish to have access to
- Type these commands into the command prompt, where FILE is the filename
that you wish to be able to modify:

takeown /F FILE /A
icacls FILE /grant AdministratorsF)


--
- JB
Microsoft MVP - Windows Shell/User

Windows Vista Support Faq
http://www.jimmah.com/vista/

 

It was a group at one time, Jimmy, and removed before RTM.

Thanks for the "take ownership" info (figured something would eventually
work but get nervous when folks want to remove default system files).

 

Hmm ... didn't notice that during the beta . The TrustedInstaller service
ownership of the files is a good example of the new ability for services to
be associated with a security principle. I hope third-party service
developers use this feature! I imagine with Vista's new tight security model
in "userland", many more malware authors will start looking for exploits in
privileged third-party services.

You're welcome .

I agree ... changing/removing system files manually is a *BAD* idea in most
cases. But, even though MS has made it more difficult to do, it is important
people realize that it is still possible.

If it's easy for the user to do, it will be even easier for malware to do.

This is one of the few times that taking ownership of files is required.
Most of the time it is not necessary. The only thing ownership means from a
security standpoint is "This account can look at and change permissions,
even if not explicitly granted in the permission list". The actual
permission list is what is important - taking ownership is only necessary if
you are locked out of changing permissions.


--
- JB
Microsoft MVP - Windows Shell/User

Windows Vista Support Faq
http://www.jimmah.com/vista/