Windows Trustedinstaller

[Abigail Tyrie]

Myidea was to create a simple batch that stops, eg., the antivirus program, specifically it's a System Center Endpoint which is hardened by microsoft and I found out that only the "TrustedInstaller" is able to stop it.

Good evening, I'm new to this forum. I should add a registry key on the [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] phat in regedit. the problem is that makes me do it only if I open regedit as TrustedInstaller. I was able to open it as TrustedInstaller using an executable found on the net "RunAsTI64". in this way,owhether I have to do it manually, I wanted to do was to create an executable or .bat file that adds the key, someone can help me? thank you

Simone

It is possible that RunasTI does not pass all parameters correctly (or only accepts a single parameter, i.e. the name of the executable), the error you are experiencing is most probably in the third screenshot (syntax of reg.exe) which is the same you get if running reg.exe with no parameters.

From this cmd.exe session, I launched programs, like fcw.exe (a File Commander/W, a port of an OS/2 program), and change to the gwx directory (\windows\system32\gwx). I renamed all the .EXE and .?AT files to .EX_ and .?A_

So I imagine the trick is to fire up cmd.exe and run the various batch files in order from that prompt. I do the same thing with my setup, where batch 0xxxx are run first, then 1xxxx etc. If you make a change to something like 1xxxx , then the various later ones have to be run.

I should imagine that it is the right place to run batches in. CDF (which is my generic W2K batch written around Frank Westlake's 'conset') works. This batch runs under cmd.exe, and changes drive and directory to any named directory in the shell directories, and you can create in registry, your own 'shell-folder' set, so eg "cdf batch" changes to the batch folder.

We have an issue in our environment where the registry on many of our pc's has become corrupt due to a bad version of Trend Micro Encryption. Because of this we can not install software or update IE once the registry is corrupt. We have worked with Trend but the only fix for this is to re-image the device. We have come to terms with this, but would like a way to find out which pc's in our environment have a corrupt registry so we can proactively "fix" them before it's a huge fire.

To check the registry, we simply go to a command prompt and type: net start trustedinstaller. If it starts (or is already started) successfully the registry is fine. If it fails, the registry is corrupt.

To check this, search for any device in sccm, right click, Resource Explorer, Services. Should see the services listed and the state they are in. Is this good enough or do you actively need to run "net start trustedinstaller" in order to verify if registry is bad or not

Now you can deploy the Configuration Baseline to a collection of your choice, which is similar to deploying an application. By right clicking the newly created deployment you can create your compliant/nonCompliant Collections.

well its running on my computer and i was curious why its been running for i dont nkow how long now iv noticed it for last bout 12 minutes since i started the malwarebytes full scan but im just curious why its running

and mse updates but i just cant figure out why it was running when i was running ascan with mbam or what it was doing exactly any idea?? its listed in the event viewer as the windows update modual service started but gives no reason as to the cause or reason it even started

and i updated MSE after the process stopped and when trustedinstaller.exe came up again i did the same thing and was taken to the exactly same file location so im assuming im probly just being paranoid oh i was playing world of warcraft before i noticed this thing running

i also noticed under the security section of event viewer at the same time as this trustedinstaller.exe was running that their is a security logon or something set not sure what it means but here sthe info

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

thank u fo your answer and ikow what the .exe is suposed to do but im curious why it was running mind now that its a half hour later i did notice another process running called sppsvc.exe could that be what it was prepping for?

thank you for your help and answering my questions the reason i brought this up is because i had opened an email( in the webbrowser) in hotmail that had to do with a game i play it turned out to be a phish and i know it couldnt download anything to my computer because i do run noscript and what not and i didnt get a pop up asking me to download anything nor was their an attachment to the email BUT as i said i then noticed the trustedinstaller running so i was just curious anyway thank you

Laughing at myself now. I just noticed my system bogging down and saw the same process running. Killed it immediately....who the hell names a process "TrustedInstaller"??? It just sounds like John Gacy in a clown suit...."don't mind me, I'm just a clown process...nothing going on here" Cheers all

I am trying to make a clean new install of adobe flashplayer. I have downloaded the uninstaller, run it, then went into C - Windows - System 32 - and wanted to deleted any remaining files - but I can't. It says "you require permission from TrustedInstaller to make changes to this file". This is my computer. Nobody else works on it

The screenshots you posted are the version of Flash Player that Microsoft bundled with Windows 10. Microsoft controls those folders. We can't write or delete in those locations. This is an intentional design choice on Microsoft's part.

This error is because you're attempting to delete the Flash Player files for the IE/Edge embedded Flash Player. As of Windows 8.x Microsoft embeds Flash Player in IE/Edge and those files are locked by Microsoft, which is why you're getting this error attempting to delete them.

Microsoft has released an update, -us/help/4577586/update-for-removal-of-adobe-flash-player, to remove the IE/Edge embedded Flash Player ActiveX Control. If you encounter issues running this upate, please contact Microsoft for assistance.

Please ensure you have downloaded the correct file for your Windows version. When you go to the Microsoft Update Catalog website (linked to from -us/topic/update-for-the-removal-of-adobe-flash-player-october-27-20...) to download the actual update there are 38 files for the different Windows and Windows Server versions available, including architecture.

If you've downloaded the correct file for your system and it doesn't work, please contact Microsoft for assistance. Be sure to tell them you are contacting them about the browser embedded version of Flash Player and running their update. I've seen too many instances of their support people telling folks to come back to Adobe for help with their browser-embedded Flash Player and update.

Adobe does not offer technical support for products that it gives away for free, like Flash Player. These user-to-user forums are provided as a courtesy, and the folks that actually work on the product team are here on voluntary basis, in our spare time.

We strongly recommend that you uninstall at this point and find other content that doesn't require Flash Player. Future updates to all of the major browsers will drop support for browser plug-ins across the board (Safari and Chrome already have), so regardless of whether or not you have Flash Player installed, future browser updates are going to render it useless. It's time to move on.

The upside of this model is that you're pretty likely to get support from people with deep expertise (we've been trying to do right by the community and respond to all of the posts here, particularly during this transition). My point was that you're unlikely to get real-time support here, but you're pretty likely to get a high quality answer in a reasonable period of time.

Yes i was in a chat from support, but it took a while and the connection got lost. That was a pity, because that one was of great help. but they already explained i should go to the forum, so here i am.

I did read the responses i got, and i have to say that i already followed those steps.

I run the uninstaller, but the folder in system32\macromed\flash cannot get deleted. (mentioned the -player/kb/uninstall-flash-player-mac-os.html )

Now i cannot delete the folder because it is owned by TrusdedInstaller, and i can also not change the rights. I even tried creating a new administrator account and to it from there (while being logged out my own account) but this didn't do the trick.

Like Maria said, if you're attempting to remove the ActiveX Flash Player on Windows 8 and higher, that version is distributed directly by Microsoft. We don't have the ability to modify those locations, which is why we don't produce installers or uninstallers for those locations.

I'm surprised that you were able to rename the folder. You should have been limited by the same permission restrictions that you're encountering when you attempt to delete it. If you set a system restore point before you started modifying system files, you could revert to that point. That's probably the easiest path, but since it's typically disabled by default, unless you went through the work of doing this in advance, it's not going to help (but worth knowing about for future reference).

3a8082e126