Ulaiphur Posted October 22, 2015 Share Posted October 22, 2015 I have a test environment composed of A server 2012 promoted to a domain controller and 2 other machines connected to it. I would like to create a domain user that will have more permissions than built-in admin. I need to be able to replace system files and have full control over the os, which the built-in admin does not provide.Is such a thing possible? Link to comment Share on other sites More sharing options...
jaclaz Posted October 22, 2015 Share Posted October 22, 2015 Well, if you want System level access you need to become System. but that may not even be enough , and you probably want to become TrustedInstaller.Replacing System files is of course "tricky business" and the usual recommendation applies, kids, don't do this at home .However:http://www.msfn.org/board/topic/155910-taking-back-the-registry-from-trustedinstaller/http://reboot.pro/topic/17501-runassystem-and-runfromtoken/ jaclaz Link to comment Share on other sites More sharing options...
Tripredacus Posted October 22, 2015 Share Posted October 22, 2015 I need to be able to replace system files and have full control over the os Also while you can take ownership of the entire OS if you wanted, services and applications will take back ownership as it sees fit. Link to comment Share on other sites More sharing options...
vinifera Posted October 22, 2015 Share Posted October 22, 2015 shouldn't System be above TrustedInstaller ? Link to comment Share on other sites More sharing options...
jaclaz Posted October 22, 2015 Share Posted October 22, 2015 shouldn't System be above TrustedInstaller ?Maybe should, but reportedly is not (on the given thread):http://www.msfn.org/board/topic/155910-taking-back-the-registry-from-trustedinstaller/?p=993006 jaclaz Link to comment Share on other sites More sharing options...
loblo Posted October 22, 2015 Share Posted October 22, 2015 On my Win7 Home Premium x64 laptop I found files and registry entries related/belonging to Microsoft Security Essentials, which I wanted to wipe off completely, I could not take ownership of, no matter what but perhaps I did something wrong/uncompletely, only PC Hunter, which appears to be able to bypass any privilege level, finally allowed me to clean all traces of it completely. Link to comment Share on other sites More sharing options...
vinifera Posted October 23, 2015 Share Posted October 23, 2015 shouldn't System be above TrustedInstaller ?Maybe should, but reportedly is not (on the given thread):http://www.msfn.org/board/topic/155910-taking-back-the-registry-from-trustedinstaller/?p=993006 wow that's f***ing retardedthen why didn't they make system processes to be ran by TI Link to comment Share on other sites More sharing options...
Tripredacus Posted October 23, 2015 Share Posted October 23, 2015 Trusted Installer runs under the security context of System. http://www.msfn.org/board/topic/174336-question-user-accounts/#entry1106603 As an example, Trusted Installer has the ability to take ownership of things because it is a child to System. But System is not a full account as it doesn't have the natural ability to run in the interactive user session. This is why you can't really use it as a true user account. I recall in Vista there was some trick that you could get Windows to log on in Session 1 as System (it had something to do with cmd and screensavers) but the OS was pretty much unusable. If you look at the history of Windows development, you see it is mostly a bunch of add-ons. The system account is very old and Trusted Installer is relatively recent by comparison. It would be easier to give Trusted Installer certain priveledges rather than rewriting everything in Windows to no longer use System. Link to comment Share on other sites More sharing options...
vinifera Posted October 24, 2015 Share Posted October 24, 2015 well there were tricks for XP too but why creating something new, they could simply upgrade code for SYSTEMto make things even worse, you can directly replace TrustedInstaller.exe with malwarefrom either PE or host with WIM and then repack, and this is just noob approach what about those clever malware creators that nuke UAC and Firewall within 2 seconds Link to comment Share on other sites More sharing options...
Ulaiphur Posted October 26, 2015 Author Share Posted October 26, 2015 Also while you can take ownership of the entire OS if you wanted, services and applications will take back ownership as it sees fit. Don't think you can do that if those processes are running. but why creating something new, they could simply upgrade code for SYSTEM I've been asking myself this for so long... If trustedinstaller.exe is an executable how come it is a user? Or only SYSTEM is the user and calls trustedinstaller? Link to comment Share on other sites More sharing options...
vinifera Posted October 26, 2015 Share Posted October 26, 2015 its useless as uac is Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now