Process Hacker and Windows discussion

TrustedInstaller

Post a reply


In an effort to prevent automatic submissions, we require that you complete the following challenge.
   

Expand view Topic review: TrustedInstaller

Re: TrustedInstaller

Post by mrlithium » 05 Aug 2019, 01:07

Can confirm this plugin still works, only issue I have is not posessing the BackupPrivelege token.
https://i.imgur.com/iv1PV0H.png
I will have to manually assign that to myself somehow (possibly under system policy). That could perhaps be why the previous posts "cp" file operation failed.

Re: TrustedInstaller

Post by TITry2 » 11 Mar 2019, 11:37

Not working. I tried to execute this command : cp "D:\Secure.txt" "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11231.20192.0_x64__8wekyb3d8bbwe\Bundle"

But I could not find the file "D:\Secure.txt" in the folder

Re: TrustedInstaller

Post by dmex » 21 Jan 2019, 20:39

Joe123 wrote:
21 Jan 2019, 20:25
whoami returning nt authority\system instead of nt service\trustedinstaller
TrustedInstaller is a token group:

Image

Re: TrustedInstaller

Post by Joe123 » 21 Jan 2019, 20:25

Does not work. I'm trying to delete a system file which only TrustedInstaller has permissions for, SYSTEM has Read permissions, owner is TI as well. I started cmd.exe, ran del command to delete the file, and got access denied. Also confirmed by whoami returning nt authority\system instead of nt service\trustedinstaller. Windons 10 Pro v1803 17134.523

Re: TrustedInstaller

Post by GuDule-StAr » 07 Dec 2018, 15:22

Works fine.
Helped me to delete a "sethc.exe" which was used by a customer to bypass a Windows password he forgot.
Thanks to your plugin, I was able to delete the "sethc.exe" and replaced it by the orignal one with a remote session on the computer. It was detected as a virus by the antivirus software and a pop-up was displayed continuously.
My customer is at 1h of my office, so many thanks ;)

Nice job.

Re: TrustedInstaller

Post by Zorkov Igor » 02 Oct 2016, 18:31

Thanks

Re: TrustedInstaller

Post by dmex » 02 Oct 2016, 17:40

Zorkov Igor wrote:
Is there source code for TrustedInstallerPlugin?
https://github.com/processhacker2/plugi ... llerPlugin

Re: TrustedInstaller

Post by Zorkov Igor » 02 Oct 2016, 14:07

Is there source code for TrustedInstallerPlugin?

Re: TrustedInstaller

Post by dmex » 19 Aug 2016, 07:07

MagicAndre1981 wrote:
works fine, but the URL is missing in the plugins list of process hacker
Fixed.

Re: TrustedInstaller

Post by MagicAndre1981 » 13 Aug 2016, 19:09

works fine, but the URL is missing in the plugins list of process hacker

Re: TrustedInstaller

Post by qwerty12 » 12 Aug 2016, 18:13

Thank you!

TrustedInstaller

Post by dmex » 12 Aug 2016, 16:55

This plugin allows you to create processes with TrustedInstaller privileges.

32bit plugin download:
TrustedInstallerPlugin_x64.zip
(43.88 KiB) Downloaded 7892 times
64bit plugin download:
TrustedInstallerPlugin_x32.zip
(38.71 KiB) Downloaded 3621 times

Installation instructions:
#1: Copy the plugin from the zip into your "\Process Hacker 2\plugins\" directory.
#2: Restart Process Hacker.

How to run processes with TrustedInstaller privileges:
#1: Open the Hacker menu and select the "Run as trusted installer..." menu:

Image

You can also manually create processes with TrustedInstaller privileges without installing this plugin:
#1: Select the Services tab and start the TrustedInstaller service.
#2: Go back to the Processes tab and right-click TrustedInstaller.exe
#3: In the context menu, select the Miscellaneous > "Run as this user..." menu item.