TrustedInstaller

Extensions from the community
Post Reply
User avatar
dmex
Admin
Posts: 1517
Joined: 17 Jan 2011, 05:43

TrustedInstaller

Post by dmex »

This plugin allows you to create processes with TrustedInstaller privileges.

32bit plugin download:
TrustedInstallerPlugin_x32.zip
(38.71 KiB) Downloaded 3873 times
64bit plugin download:
TrustedInstallerPlugin_x64.zip
(43.88 KiB) Downloaded 8445 times

Installation instructions:
#1: Copy the plugin from the zip into your "\Process Hacker 2\plugins\" directory.
#2: Restart Process Hacker.

How to run processes with TrustedInstaller privileges:
#1: Open the Hacker menu and select the "Run as trusted installer..." menu:

Image

You can also manually create processes with TrustedInstaller privileges without installing this plugin:
#1: Select the Services tab and start the TrustedInstaller service.
#2: Go back to the Processes tab and right-click TrustedInstaller.exe
#3: In the context menu, select the Miscellaneous > "Run as this user..." menu item.

qwerty12
Member
Posts: 14
Joined: 27 Oct 2011, 09:41
OS: Windows 10 64-bit

Re: TrustedInstaller

Post by qwerty12 »

Thank you!

User avatar
MagicAndre1981
Member
Posts: 230
Joined: 22 Nov 2011, 12:02
OS: Windows 8Pro(x64) with Win7 UI

Re: TrustedInstaller

Post by MagicAndre1981 »

works fine, but the URL is missing in the plugins list of process hacker

User avatar
dmex
Admin
Posts: 1517
Joined: 17 Jan 2011, 05:43

Re: TrustedInstaller

Post by dmex »

MagicAndre1981 wrote:works fine, but the URL is missing in the plugins list of process hacker
Fixed.

Zorkov Igor
Member
Posts: 112
Joined: 18 Jan 2011, 10:11
OS: Windows 7, 10
Location: Великая Русь
Contact:

Re: TrustedInstaller

Post by Zorkov Igor »

Is there source code for TrustedInstallerPlugin?

User avatar
dmex
Admin
Posts: 1517
Joined: 17 Jan 2011, 05:43

Re: TrustedInstaller

Post by dmex »

Zorkov Igor wrote:Is there source code for TrustedInstallerPlugin?
https://github.com/processhacker2/plugi ... llerPlugin

Zorkov Igor
Member
Posts: 112
Joined: 18 Jan 2011, 10:11
OS: Windows 7, 10
Location: Великая Русь
Contact:

Re: TrustedInstaller

Post by Zorkov Igor »

Thanks

GuDule-StAr

Re: TrustedInstaller

Post by GuDule-StAr »

Works fine.
Helped me to delete a "sethc.exe" which was used by a customer to bypass a Windows password he forgot.
Thanks to your plugin, I was able to delete the "sethc.exe" and replaced it by the orignal one with a remote session on the computer. It was detected as a virus by the antivirus software and a pop-up was displayed continuously.
My customer is at 1h of my office, so many thanks ;)

Nice job.

Joe123

Re: TrustedInstaller

Post by Joe123 »

Does not work. I'm trying to delete a system file which only TrustedInstaller has permissions for, SYSTEM has Read permissions, owner is TI as well. I started cmd.exe, ran del command to delete the file, and got access denied. Also confirmed by whoami returning nt authority\system instead of nt service\trustedinstaller. Windons 10 Pro v1803 17134.523

User avatar
dmex
Admin
Posts: 1517
Joined: 17 Jan 2011, 05:43

Re: TrustedInstaller

Post by dmex »

Joe123 wrote:
21 Jan 2019, 20:25
whoami returning nt authority\system instead of nt service\trustedinstaller
TrustedInstaller is a token group:

Image

TITry2

Re: TrustedInstaller

Post by TITry2 »

Not working. I tried to execute this command : cp "D:\Secure.txt" "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11231.20192.0_x64__8wekyb3d8bbwe\Bundle"

But I could not find the file "D:\Secure.txt" in the folder

mrlithium

Re: TrustedInstaller

Post by mrlithium »

Can confirm this plugin still works, only issue I have is not posessing the BackupPrivelege token.
https://i.imgur.com/iv1PV0H.png
I will have to manually assign that to myself somehow (possibly under system policy). That could perhaps be why the previous posts "cp" file operation failed.

Post Reply