Process Hacker Forums

This plugin allows you to create processes with TrustedInstaller privileges.

Download the nightly build:
https://processhacker.sourceforge.io/nightly.php

Application menu > Run:



If you're using v2.39 you'll need to manually download and install this plugin instead:

32bit plugin download:
64bit plugin download:
Installation instructions:
#1: Copy the plugin from the zip into your "\Process Hacker 2\plugins\" directory.
#2: Restart Process Hacker.

How to run processes with TrustedInstaller privileges:
#1: Open the Hacker menu and select the "Run as trusted installer..." menu:



You can also manually create processes with TrustedInstaller privileges without installing this plugin:
#1: Select the Services tab and start the TrustedInstaller service.
#2: Go back to the Processes tab and right-click TrustedInstaller.exe
#3: In the context menu, select the Miscellaneous > "Run as this user..." menu item.

Thank you!

works fine, but the URL is missing in the plugins list of process hacker

MagicAndre1981 wrote:

works fine, but the URL is missing in the plugins list of process hacker

Fixed.

Is there source code for TrustedInstallerPlugin?

Zorkov Igor wrote:

Is there source code for TrustedInstallerPlugin?

https://github.com/processhacker2/plugi ... llerPlugin

Thanks

Works fine.
Helped me to delete a "sethc.exe" which was used by a customer to bypass a Windows password he forgot.
Thanks to your plugin, I was able to delete the "sethc.exe" and replaced it by the orignal one with a remote session on the computer. It was detected as a virus by the antivirus software and a pop-up was displayed continuously.
My customer is at 1h of my office, so many thanks ;)

Nice job.

Does not work. I'm trying to delete a system file which only TrustedInstaller has permissions for, SYSTEM has Read permissions, owner is TI as well. I started cmd.exe, ran del command to delete the file, and got access denied. Also confirmed by whoami returning nt authority\system instead of nt service\trustedinstaller. Windons 10 Pro v1803 17134.523

Joe123 wrote: ↑21 Jan 2019 20:25

whoami returning nt authority\system instead of nt service\trustedinstaller

TrustedInstaller is a token group:

Not working. I tried to execute this command : cp "D:\Secure.txt" "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11231.20192.0_x64__8wekyb3d8bbwe\Bundle"

But I could not find the file "D:\Secure.txt" in the folder

Can confirm this plugin still works, only issue I have is not posessing the BackupPrivelege token.
https://i.imgur.com/iv1PV0H.png
I will have to manually assign that to myself somehow (possibly under system policy). That could perhaps be why the previous posts "cp" file operation failed.

TrustedInstallerPlugin crash with 3.0.3184 at start and I have to restart.

ccppuu wrote: ↑17 Jul 2020 13:23

TrustedInstallerPlugin crash with 3.0.3184

TrustedInstallerPlugin should be deleted since you can run processes using TrustedInstaller from the main menu > run dialog

I did not know. ty.

When I'm trying to use TrustedInstaller it's showing a error that says: This option requires elevation. Help!

GuDule-StAr wrote: ↑07 Dec 2018 15:22

Works fine.
Helped me to delete a "sethc.exe" which was used by a customer to bypass a Windows password he forgot.
Thanks to your plugin, I was able to delete the "sethc.exe" and replaced it by the orignal one with a remote session on the computer. It was detected as a virus by the antivirus software and a pop-up was displayed continuously.
My customer is at 1h of my office, so many thanks

Nice job.

uhhhhh you dont need system to uhm delete that file
technically you could just open security and set the owner to u then give u perms, and then u can delete the file