Page 1 of 1

TrustedInstaller

Posted: 12 Aug 2016 16:55
by dmex
This plugin allows you to create processes with TrustedInstaller privileges.

Download the nightly build:
https://processhacker.sourceforge.io/nightly.php

Application menu > Run:
Image


If you're using v2.39 you'll need to manually download and install this plugin instead:

32bit plugin download:
TrustedInstallerPlugin_x32.zip
(38.71 KiB) Downloaded 6078 times

64bit plugin download:
TrustedInstallerPlugin_x64.zip
(43.88 KiB) Downloaded 14789 times

Installation instructions:
#1: Copy the plugin from the zip into your "\Process Hacker 2\plugins\" directory.
#2: Restart Process Hacker.

How to run processes with TrustedInstaller privileges:
#1: Open the Hacker menu and select the "Run as trusted installer..." menu:

Image

You can also manually create processes with TrustedInstaller privileges without installing this plugin:
#1: Select the Services tab and start the TrustedInstaller service.
#2: Go back to the Processes tab and right-click TrustedInstaller.exe
#3: In the context menu, select the Miscellaneous > "Run as this user..." menu item.

Re: TrustedInstaller

Posted: 12 Aug 2016 18:13
by qwerty12
Thank you!

Re: TrustedInstaller

Posted: 13 Aug 2016 19:09
by MagicAndre1981
works fine, but the URL is missing in the plugins list of process hacker

Re: TrustedInstaller

Posted: 19 Aug 2016 07:07
by dmex
MagicAndre1981 wrote:
works fine, but the URL is missing in the plugins list of process hacker
Fixed.

Re: TrustedInstaller

Posted: 02 Oct 2016 14:07
by Zorkov Igor
Is there source code for TrustedInstallerPlugin?

Re: TrustedInstaller

Posted: 02 Oct 2016 17:40
by dmex
Zorkov Igor wrote:
Is there source code for TrustedInstallerPlugin?
https://github.com/processhacker2/plugi ... llerPlugin

Re: TrustedInstaller

Posted: 02 Oct 2016 18:31
by Zorkov Igor
Thanks

Re: TrustedInstaller

Posted: 07 Dec 2018 15:22
by GuDule-StAr
Works fine.
Helped me to delete a "sethc.exe" which was used by a customer to bypass a Windows password he forgot.
Thanks to your plugin, I was able to delete the "sethc.exe" and replaced it by the orignal one with a remote session on the computer. It was detected as a virus by the antivirus software and a pop-up was displayed continuously.
My customer is at 1h of my office, so many thanks ;)

Nice job.

Re: TrustedInstaller

Posted: 21 Jan 2019 20:25
by Joe123
Does not work. I'm trying to delete a system file which only TrustedInstaller has permissions for, SYSTEM has Read permissions, owner is TI as well. I started cmd.exe, ran del command to delete the file, and got access denied. Also confirmed by whoami returning nt authority\system instead of nt service\trustedinstaller. Windons 10 Pro v1803 17134.523

Re: TrustedInstaller

Posted: 21 Jan 2019 20:39
by dmex
Joe123 wrote: 21 Jan 2019 20:25
whoami returning nt authority\system instead of nt service\trustedinstaller
TrustedInstaller is a token group:

Image

Re: TrustedInstaller

Posted: 11 Mar 2019 11:37
by TITry2
Not working. I tried to execute this command : cp "D:\Secure.txt" "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11231.20192.0_x64__8wekyb3d8bbwe\Bundle"

But I could not find the file "D:\Secure.txt" in the folder

Re: TrustedInstaller

Posted: 05 Aug 2019 01:07
by mrlithium
Can confirm this plugin still works, only issue I have is not posessing the BackupPrivelege token.
https://i.imgur.com/iv1PV0H.png
I will have to manually assign that to myself somehow (possibly under system policy). That could perhaps be why the previous posts "cp" file operation failed.

Re: TrustedInstaller

Posted: 17 Jul 2020 13:23
by ccppuu
TrustedInstallerPlugin crash with 3.0.3184 at start and I have to restart.

Re: TrustedInstaller

Posted: 18 Jul 2020 06:51
by dmex
ccppuu wrote: 17 Jul 2020 13:23
TrustedInstallerPlugin crash with 3.0.3184
TrustedInstallerPlugin should be deleted since you can run processes using TrustedInstaller from the main menu > run dialog

Re: TrustedInstaller

Posted: 18 Jul 2020 06:53
by ccppuu
I did not know. ty.

Re: TrustedInstaller

Posted: 26 Sep 2020 06:09
by andrewlol124
When I'm trying to use TrustedInstaller it's showing a error that says: This option requires elevation. Help! :( :thinking:

Re: TrustedInstaller

Posted: 09 Feb 2021 19:05
by Jxy
GuDule-StAr wrote: 07 Dec 2018 15:22
Works fine.
Helped me to delete a "sethc.exe" which was used by a customer to bypass a Windows password he forgot.
Thanks to your plugin, I was able to delete the "sethc.exe" and replaced it by the orignal one with a remote session on the computer. It was detected as a virus by the antivirus software and a pop-up was displayed continuously.
My customer is at 1h of my office, so many thanks ;)

Nice job.
uhhhhh you dont need system to uhm delete that file
technically you could just open security and set the owner to u then give u perms, and then u can delete the file