TrustedInstaller

[dmex]

This plugin allows you to create processes with TrustedInstaller privileges.

32bit plugin download:

TrustedInstallerPlugin_x32.zip

(38.71 KiB) Downloaded 3873 times

64bit plugin download:

TrustedInstallerPlugin_x64.zip

(43.88 KiB) Downloaded 8445 times

Installation instructions:
#1: Copy the plugin from the zip into your "\Process Hacker 2\plugins\" directory.
#2: Restart Process Hacker.

How to run processes with TrustedInstaller privileges:
#1: Open the Hacker menu and select the "Run as trusted installer..." menu:



You can also manually create processes with TrustedInstaller privileges without installing this plugin:
#1: Select the Services tab and start the TrustedInstaller service.
#2: Go back to the Processes tab and right-click TrustedInstaller.exe
#3: In the context menu, select the Miscellaneous > "Run as this user..." menu item.

[qwerty12]

Thank you!

[MagicAndre1981]

works fine, but the URL is missing in the plugins list of process hacker

[dmex]

works fine, but the URL is missing in the plugins list of process hacker

Fixed.

[Zorkov Igor]

Is there source code for TrustedInstallerPlugin?

[dmex]

Is there source code for TrustedInstallerPlugin?

https://github.com/processhacker2/plugi ... llerPlugin

[Zorkov Igor]

Thanks

[GuDule-StAr]

Works fine.
Helped me to delete a "sethc.exe" which was used by a customer to bypass a Windows password he forgot.
Thanks to your plugin, I was able to delete the "sethc.exe" and replaced it by the orignal one with a remote session on the computer. It was detected as a virus by the antivirus software and a pop-up was displayed continuously.
My customer is at 1h of my office, so many thanks ;)

Nice job.

[Joe123]

Does not work. I'm trying to delete a system file which only TrustedInstaller has permissions for, SYSTEM has Read permissions, owner is TI as well. I started cmd.exe, ran del command to delete the file, and got access denied. Also confirmed by whoami returning nt authority\system instead of nt service\trustedinstaller. Windons 10 Pro v1803 17134.523

[dmex]

whoami returning nt authority\system instead of nt service\trustedinstaller

TrustedInstaller is a token group:

[TITry2]

Not working. I tried to execute this command : cp "D:\Secure.txt" "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11231.20192.0_x64__8wekyb3d8bbwe\Bundle"

But I could not find the file "D:\Secure.txt" in the folder

[mrlithium]

Can confirm this plugin still works, only issue I have is not posessing the BackupPrivelege token.
https://i.imgur.com/iv1PV0H.png
I will have to manually assign that to myself somehow (possibly under system policy). That could perhaps be why the previous posts "cp" file operation failed.