Trusted Installer

Discussion in 'Windows Vista Security' started by KWilson, Aug 24, 2007.

  1. KWilson

    KWilson Guest

    Why is Trusted Installer the owner of my C drive? And who is
    TrustedInstaller, which is the way it is spelled on the Advanced Security
    Settings for Local Disk (C:) under the Owner tab?
    KWilson, Aug 24, 2007
    1. Advertisements

  2. KWilson

    indivmed2008 Guest

    I have the same question--and am having the same issues! I did a search in
    the registry from 'trustedinstaller' and did find a few entries, but I don't
    remember seeing this term ever used on Windows systems for security group
    indivmed2008, Nov 24, 2007
    1. Advertisements

  3. KWilson

    Jacee Guest

    It's best to leave this alone :
    Jacee, Nov 24, 2007
  4. Hello,
    This is part of the new ACLS to help improve security in Windows Vista

    From this link below: I am posting a couple of paragraphs that talk about
    Trusted Installer:

    Trusted Installer The Trusted Installer is actually a service, not a user,
    even though you see permissions granted to it all over the file system.
    Service hardening allows each service to be treated as a full-fledged
    security principal that can be assigned permissions just like any other
    user. For an overview of this feature, see the January 2007 issue of
    TechNet Magazine. The book Windows Vista Security (Grimes and Johansson,
    Wiley Press, 2007) explores service hardening in detail, including how it
    is leveraged by other features, such as the firewall and IPsec.

    Trusted Installer In Windows Vista, most of the OS files are owned by the
    TrustedInstaller SID, and only that SID has full control over them. This is
    part of the system integrity work that went into Windows Vista, and is
    meant specifically to prevent a process that is running as an administrator
    or Local System from automatically replacing the files. In order to delete
    an operating system file, you thus need to take ownership of the file and
    then add an ACE on it that lets you delete it. This provides a thin layer
    of protection against a process that is running as LocalSystem and has a
    System integrity label; a process that has lower integrity is not supposed
    to be able to elevate itself to change ownership. Some services, for
    instance, can run with medium integrity, even though they are running as
    Local System. Such services cannot replace system files so an exploit that
    takes over one of them can’t replace operating system files, making it a
    bit harder to install a rootkit or other malware on the system. It also
    becomes more difficult for system administrators who are offended by the
    mere presence of some system binary to remove that binary.

    Darrell Gorter[MSFT]

    This posting is provided "AS IS" with no warranties, and confers no rights
    |> From: Jacee <>
    |> Subject: Re: Trusted Installer
    |> Date: Sat, 24 Nov 2007 22:12:23 +0000
    |> Message-ID: <>
    |> Organization: Vistaheads Windows Vista Community
    |> User-Agent: vBulletin USENET gateway
    |> X-Newsreader: vBulletin USENET gateway
    |> X-Originating-IP:
    |> References: <>
    |> Newsgroups:
    |> NNTP-Posting-Host:
    |> Lines: 1
    |> Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP05.phx.gbl
    |> Xref: TK2MSFTNGHUB02.phx.gbl
    |> X-Tomcat-NG:
    |> > This will affect all servicing so the ability to install all os
    |> > including security updates may not be available, the ability to change
    |> > optional components may not work, or to add or remove OS related
    |> > components..
    |> > Thanks,
    |> > Darrell Gorter[MSFT]
    |> It's best to leave this alone :)


    *MS-MVP Windows-Security 2006 & 2007*
    Posted via

    Darrell Gorter[MSFT], Nov 29, 2007
  5. KWilson

    jotaene Guest

    |> > components.

    |> > Thanks
    |> > Darrell Gorter[MSFT
    |> It's best to leave this alone :


    *MS-MVP Windows-Security 2006 & 2007
    Posted via

    Actually there is a way around. Found it after testing a free softwar
    that left one file in /windows/system32 after uninstalling the program
    Left other crap in the registry also, which could be removed manually
    I did the following
    - right click over the file
    - go to propierties of xxx.dll (or whatsoever), select security ta
    - advanced options ta
    - owner ta
    - mark your username NNN which shuld be in the lower lis
    - set as new owner in the lis
    - close the windows that opene
    - right click on the file agai
    - click propiertie
    - point to your username NN
    - now you can change the propierties, beeing able to set write, delete

    Just tried (just for checking) with another file (a MS .dll file), worke
    OK too
    I use the spanish Vista version, tab names were translated, some ta
    names could be different in english

    jotaene, Jan 17, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.