NoelC Posted September 24, 2016 Author Share Posted September 24, 2016 I'm not. I'm taking ownership and setting permissions to allow me to access things. However, there ARE some things it's fighting me over. When I've needed to become SYSTEM I've run psexec -i -s CMD to get a privileged cmd window. I'll check into Joakim's tools. Thanks for the tip. -Noel Link to comment Share on other sites More sharing options...
jaclaz Posted September 24, 2016 Share Posted September 24, 2016 Just in case/FYI, a new kid on the block: http://reboot.pro/topic/21211-powerrun-v10-run-as-trustedinstaller/ jaclaz 1 Link to comment Share on other sites More sharing options...
dencorso Posted September 24, 2016 Share Posted September 24, 2016 Yeah, but that one is not near as good as Joakim's. Joakim's original tools are over on reboot.pro and, while he has a new one, called RunasTI, which unifies the two origenal tool, I still prefer the original ones. In a nutshell one runs them as the TIcmd.cmd below: rem joakim http://reboot.pro/files/file/237-runassystem-and-runfromtoken/ net.exe start trustedinstaller runassystem64.exe "runfromtoken64.exe trustedinstaller.exe 1 cmd.exe" exit But one may substitute cmd.exe by any other valid command. Except for explorer.exe, which somehow regains a lower priviledge when one tries to get it running as TI. Then again, regedit will run all right and most, if not all, priviledge problems go away (although, then, the current user is "Local System"). There's also many other tools by Joakim on reboot.pro Joakim is a member here on MSFN, too, but does not visit often. This page, by fdv, also makes an interesting read. NB: While the tool's above let you become the TrustedInstaller, and the trick you posted above with psexec let you become SYSTEM, which has less rights, if one runs MS's own whoami it'll reply "SYSTEM" in both cases, because both use the LocalService Hive as its user hive. And, also BTW, there's paexec, too, as an alternative (if I don't tell this, jaclaz'll, so here it is). 1 Link to comment Share on other sites More sharing options...
aviv00 Posted September 25, 2016 Share Posted September 25, 2016 (edited) 22 hours ago, NoelC said: That's been long gone for a while now, and I haven't noticed any attempts to communicate associated with. But thanks very much for the idea. I think it's as deconfigured as it can be, but if you can think of places I could look for remnants of Settings Sync, I'll certainly double-check. -Noel Im using server 2016 with task scheduler running as ghost dont have this exe running in the background task scheduler is running but cant run task in the background Edited September 25, 2016 by aviv00 Link to comment Share on other sites More sharing options...
NoelC Posted September 25, 2016 Author Share Posted September 25, 2016 Hi aviv00, what do you mean by "task scheduler running as ghost"? Can you please be a little more specific? -Noel Link to comment Share on other sites More sharing options...
aviv00 Posted September 25, 2016 Share Posted September 25, 2016 (edited) Hey NoelC. I found way to make it still work but without actually able to run tasks in the background so metro part of explorer.exe and rest is still working Edited September 25, 2016 by aviv00 Link to comment Share on other sites More sharing options...
dencorso Posted September 25, 2016 Share Posted September 25, 2016 1 hour ago, aviv00 said: I found way to make it still work but without actually able to run tasks in the background Great! But how do you get it to run like that? Can you share the secret with us? Link to comment Share on other sites More sharing options...
aviv00 Posted September 25, 2016 Share Posted September 25, 2016 (edited) Yes how to make Task scheduler sterilized: with process hacker change it to own process in other tab remove all the req privilege just leave or add SeChangenotifyprivlage Disable SystemEventsBroker service[need trustedinstaller] after remove it first, from the dependency of Task scheduler [ using regedit, restart needed] Task scheduler should be sterilized Edited September 25, 2016 by aviv00 1 Link to comment Share on other sites More sharing options...
NoelC Posted September 26, 2016 Author Share Posted September 26, 2016 19 hours ago, aviv00 said: I found way to make it still work but without actually able to run tasks in the background Doesn't the same thing happen if you just disable all the specific scheduled jobs that do things you don't want? There ARE actually things I want to run in the background from Task Scheduler. I use it myself for some things. -Noel Link to comment Share on other sites More sharing options...
Tripredacus Posted September 26, 2016 Share Posted September 26, 2016 I went to check a Win10 system I have here, it does not have either of those processes running. Link to comment Share on other sites More sharing options...
dencorso Posted September 26, 2016 Share Posted September 26, 2016 Did you try Autoruns 13.62 already? If so, try again, but launch it as TI. You may create a .cmd batch for that and run it from the startup folder... Link to comment Share on other sites More sharing options...
aviv00 Posted September 26, 2016 Share Posted September 26, 2016 2 hours ago, NoelC said: Doesn't the same thing happen if you just disable all the specific scheduled jobs that do things you don't want? There ARE actually things I want to run in the background from Task Scheduler. I use it myself for some things. -Noel haven't tried this, duno if there really different between them but there few tasks that will be re-add after a while, that should avoid running them Link to comment Share on other sites More sharing options...
NoelC Posted September 26, 2016 Author Share Posted September 26, 2016 2 hours ago, Tripredacus said: I went to check a Win10 system I have here, it does not have either of those processes running. Your not having those processes auto-start may say that something I've configured (or DEconfigured) has caused Windows to enter some kind of restorative process. It could, for example, have something to do with the Security Center, which if you don't tell it to avoid doing so does pop things up some minutes after login. I have to leave the system completely alone for 5 minutes at least. If I even move the mouse a little the processes don't start. -Noel Link to comment Share on other sites More sharing options...
Tripredacus Posted September 26, 2016 Share Posted September 26, 2016 I will try that out tomorrow and see if it matters. The system I had checked is a custom image, who knows what the client changed. I can check on a fresh install too. What OS versions are you seeing this on? Link to comment Share on other sites More sharing options...
NoelC Posted September 26, 2016 Author Share Posted September 26, 2016 I see it on 14393 (all patch levels so far) and I'm pretty sure it was happening in 10586 as well, though it wasn't as obvious since I didn't have an Aero Glass ModernFrame debug console window start whenever ApplicationFrameHost ran. -Noel Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now