Jump to content

What is above built-in admin account?

Ulaiphur

By Ulaiphur
in Windows 8

 Share

Recommended Posts

Ulaiphur

Ulaiphur

Posted
Posted

I have a test environment composed of A server 2012 promoted to a domain controller and 2 other machines connected to it. I would like to create a domain user that will have more permissions than built-in admin. 

I need to be able to replace system files and have full control over the os, which the built-in admin does not provide.

Is such a thing possible?


jaclaz

jaclaz

Posted
Posted

Well, if you want System level access you need to become System. :yes: but that may not even be enough :w00t:, and you probably want to become TrustedInstaller.

Replacing System files is of course "tricky business" and the usual recommendation applies, kids, don't do this at home :no:.

However:

http://www.msfn.org/board/topic/155910-taking-back-the-registry-from-trustedinstaller/

http://reboot.pro/topic/17501-runassystem-and-runfromtoken/

 

jaclaz

Tripredacus

Tripredacus

Posted
Posted

I need to be able to replace system files and have full control over the os

Also while you can take ownership of the entire OS if you wanted, services and applications will take back ownership as it sees fit.

loblo

loblo

Posted
Posted

On my Win7 Home Premium x64 laptop I found files and registry entries related/belonging  to Microsoft Security Essentials, which I wanted to wipe  off  completely, I could not take ownership of, no matter what but perhaps I did something wrong/uncompletely, only PC Hunter, which appears to be able to bypass any privilege level, finally allowed me to clean all traces of it completely. 

Tripredacus

Tripredacus

Posted
Posted

Trusted Installer runs under the security context of System.

http://www.msfn.org/board/topic/174336-question-user-accounts/#entry1106603

As an example, Trusted Installer has the ability to take ownership of things because it is a child to System. But System is not a full account as it doesn't have the natural ability to run in the interactive user session. This is why you can't really use it as a true user account. I recall in Vista there was some trick that you could get Windows to log on in Session 1 as System (it had something to do with cmd and screensavers) but the OS was pretty much unusable.

If you look at the history of Windows development, you see it is mostly a bunch of add-ons. The system account is very old and Trusted Installer is relatively recent by comparison. It would be easier to give Trusted Installer certain priveledges rather than rewriting everything in Windows to no longer use System.

vinifera

vinifera

Posted
Posted

well there were tricks for XP too

 

but why creating something new, they could simply upgrade code for SYSTEM

to make things even worse, you can directly replace TrustedInstaller.exe with malware

from either PE or host with WIM and then repack, and this is just noob approach

 

what about those clever malware creators that nuke UAC and Firewall within 2 seconds

Ulaiphur

Ulaiphur

Posted
  • Author
Posted
Also while you can take ownership of the entire OS if you wanted, services and applications will take back ownership as it sees fit. 

 

Don't think you can do that if those processes are running.

 

but why creating something new, they could simply upgrade code for SYSTEM

 

I've been asking myself this for so long... 

 

If trustedinstaller.exe is an executable how come it is a user? Or only SYSTEM is the user and calls trustedinstaller?

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...