Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > alt.comp.os.windows-10 > #181621
| From | Newyana2 <newyana@invalid.nospam> |
|---|---|
| Newsgroups | alt.comp.os.windows-10 |
| Subject | Re: More on disabling unneeded services in Windows 10 |
| Date | 2025-01-20 22:28 -0500 |
| Organization | A noiseless patient Spider |
| Message-ID | <vmn47l$3p0p9$1@dont-email.me> (permalink) |
| References | <vmlk1t$35lk3$1@dont-email.me> <vmlokq$37d3t$1@dont-email.me> <vmm8c4$3clor$1@dont-email.me> <vmmi91$3frih$1@dont-email.me> <vmn0gf$3k5l1$1@dont-email.me> |
On 1/20/2025 9:24 PM, Paul wrote:
>
> If a key is owned by TrustedInstaller, you won't be owning it.
>
Maybe I'm thinking of System. I know that I've changed
ownership to Administrators in order to give myself full control.
At least one such case was with a services key.
I wrote my own program during Win7 era to remove restrictions
on files/folders. I don't think that's ever failed me, though I have
found that in Win10 Windows will take back control after some
period of time. It turned out there were numerous routes to
takling ownership and removing restrictions. I took what seemed to
be the easiest. I didn't know that wMI could be used.
> If you had the ability to elevate as TrustedInstaller, then some
> sort of plan could be formed to become the owner (or more likely,
> to delete it). There aren't normally keys that you need to access
> that are protected by TrustedInstaller. The most likely situation
> is a key installed by a malware, and the malware people know
> how hard it is for mere users to undo such things. You would most
> likely be trying to delete the key, and TrustedInstaller is the
> only "owner".
>
> It's possible a registry editor that does not respect permissions
> could be used to edit a key.
>
> I'm just annoyed I can't run a Command Prompt window while
> holding the TrustedInstaller token, as that enabled a lot more
> freedom to get things done. Sooner or later, someone will find
> a new way to do that. It all depends on whether the Administrator
> account has been gutted or not (had the Impersonate privilege removed).
>
> No, it's not Impersonate, it's a problem with communicating with WMI
> and getting the token.
>
> OpenProcessToken: Access is denied
>
> [Picture]
>
> https://i.postimg.cc/1tr0T6MF/WMI-Run-As-Token-W10.gif
>
> Paul
>
Back to alt.comp.os.windows-10 | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
More on disabling unneeded services in Windows 10 "John C." <r9jmg0@yahoo.com> - 2025-01-20 05:45 -0800
Re: More on disabling unneeded services in Windows 10 Newyana2 <newyana@invalid.nospam> - 2025-01-20 10:04 -0500
Re: More on disabling unneeded services in Windows 10 Paul <nospam@needed.invalid> - 2025-01-20 14:32 -0500
Re: More on disabling unneeded services in Windows 10 Newyana2 <newyana@invalid.nospam> - 2025-01-20 17:22 -0500
Re: More on disabling unneeded services in Windows 10 Paul <nospam@needed.invalid> - 2025-01-20 21:24 -0500
Re: More on disabling unneeded services in Windows 10 Newyana2 <newyana@invalid.nospam> - 2025-01-20 22:28 -0500
Re: More on disabling unneeded services in Windows 10 wasbit <wasbit@nowhere.com> - 2025-01-21 09:41 +0000
Re: More on disabling unneeded services in Windows 10 Newyana2 <newyana@invalid.nospam> - 2025-01-21 08:21 -0500
Re: More on disabling unneeded services in Windows 10 Marion <marion@facts.com> - 2025-01-20 16:35 +0000
csiph-web