Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


Ulaiphur

What is above built-in admin account?

Recommended Posts

I have a test environment composed of A server 2012 promoted to a domain controller and 2 other machines connected to it. I would like to create a domain user that will have more permissions than built-in admin. 

I need to be able to replace system files and have full control over the os, which the built-in admin does not provide.

Is such a thing possible?

Share this post


Link to post
Share on other sites

Well, if you want System level access you need to become System. :yes: but that may not even be enough :w00t:, and you probably want to become TrustedInstaller.

Replacing System files is of course "tricky business" and the usual recommendation applies, kids, don't do this at home :no:.

However:

http://www.msfn.org/board/topic/155910-taking-back-the-registry-from-trustedinstaller/

http://reboot.pro/topic/17501-runassystem-and-runfromtoken/

 

jaclaz

Share this post


Link to post
Share on other sites

I need to be able to replace system files and have full control over the os

Also while you can take ownership of the entire OS if you wanted, services and applications will take back ownership as it sees fit.

Share this post


Link to post
Share on other sites

On my Win7 Home Premium x64 laptop I found files and registry entries related/belonging  to Microsoft Security Essentials, which I wanted to wipe  off  completely, I could not take ownership of, no matter what but perhaps I did something wrong/uncompletely, only PC Hunter, which appears to be able to bypass any privilege level, finally allowed me to clean all traces of it completely. 

Share this post


Link to post
Share on other sites

Trusted Installer runs under the security context of System.

http://www.msfn.org/board/topic/174336-question-user-accounts/#entry1106603

As an example, Trusted Installer has the ability to take ownership of things because it is a child to System. But System is not a full account as it doesn't have the natural ability to run in the interactive user session. This is why you can't really use it as a true user account. I recall in Vista there was some trick that you could get Windows to log on in Session 1 as System (it had something to do with cmd and screensavers) but the OS was pretty much unusable.

If you look at the history of Windows development, you see it is mostly a bunch of add-ons. The system account is very old and Trusted Installer is relatively recent by comparison. It would be easier to give Trusted Installer certain priveledges rather than rewriting everything in Windows to no longer use System.

Share this post


Link to post
Share on other sites

well there were tricks for XP too

 

but why creating something new, they could simply upgrade code for SYSTEM

to make things even worse, you can directly replace TrustedInstaller.exe with malware

from either PE or host with WIM and then repack, and this is just noob approach

 

what about those clever malware creators that nuke UAC and Firewall within 2 seconds

Share this post


Link to post
Share on other sites
Also while you can take ownership of the entire OS if you wanted, services and applications will take back ownership as it sees fit. 

 

Don't think you can do that if those processes are running.

 

but why creating something new, they could simply upgrade code for SYSTEM

 

I've been asking myself this for so long... 

 

If trustedinstaller.exe is an executable how come it is a user? Or only SYSTEM is the user and calls trustedinstaller?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...