Well, we know that disabling these services during setup works. So there's some permission that setup has, that we don't. Is there any way to get literally all the permissions?
ok. trying to retrace steps to figure out what you do is a pain in the ***. got to learn to write things down. have stopped the service several times now without it restarting, but i have to refine my steps so i can report on it. and yes, it is done without restarting the system.
I think mb ure right i tired to make it write to autologger but only when googled somthing its start write to it
Nah he just RAM with it half the time. That's the reason why he has mobo n frodo issues. O may bad fatherboard sigh so easy to get these things screwed up.
if u want to erase those memories I know good address u can call or jump to 0x000000000 it can help a lot Its should be MILP p plug_in
That has nothing to do with what I am describing. I am saying that on some random window 8 (unpatched/untouched RTM ISO from 2013) machines, none of the token manipulation tools can elevate to trustedinstaller permissions. Not mine, not devxexec, not Joakim's. Something is preventing cmd.exe or powershell.exe from running under the trustedinstaller token while the OS is running. (except in safemode). Funny thing is these tools used to work a few months ago in these machines, now they do not. For the record, I do not do windows updates, plain vanilla RTM. Also, it should be noted that I have a VM based on a newer ISO (the may 2014 with Update) that has never seen the internet (offline VM), which powershell and cmd can spawn as trustedinstaller just fine. It's like something is preventing trustedinstaller account from being able to run CMD.exe, you get what I am saying now. What is so hard about taking ownership of the registry key ? I posted the SetACL syntax for doing so about 100 posts back. Just need replace the key in both lines and add to smorgans script (+ the setacl.exe file). I know this will work, because Venu said he already did it successfully.
I might be good at integration, but I suck at system permissions stuff. I don't know why I was acting as if I knew what I was talking about. I was clearly arguing from ignorance and using false assumptions. Thx for your tolerance
and we'll need a switch statement to determine x64 bitness and use the correct version of setacl. Code: If ((Get-WmiObject -class Win32_OperatingSystem | Select-Object OSArchitecture).OSArchitecture -eq '64-bit') { write 'x64 use SetACLx64.exe' } else { write 'x86 use SetACL.exe' }
if anyones interested i have a rough guide on how i stopped the dmwappushsvc service without restart. stopping it is easy. thing is the damn thing is like a virus, keeps restarting itself. the harder part was getting it to stay stopped. doesn't need anything except for taking ownership. no special permissions. MS actually made it pretty easy with a little work. like i said it's rough, i'm sure it can be refined with maybe less steps, and scripted. need a break from the computer i'm going blind. btw, i don't want to put it here for the general public. i know it works, but i don't want anyone complaining if they frag something.
We are not going to delete the service as that makes it a pain in the ass to add again. Jinjin what is the scripting to take proper ownership with setACL. I was taking the day off to get a little rest
If it's configured to start automatically, you'd need to set it to start= disabled If it keeps being restarted, even when set to disabled, that would require some sleuthing. I'm sorry guys I've been really busy with patch tuesday integrations for the last few days. I'll dive into this setacl stuff when I'm finally done.
Ok I pulled the SetACL from their website now we need to find the correct scripting to use on dmwappushsvc from the example seen here: Here is an example from the documentation about how to grant the ability to start/stop the Windows Time service domain1\group1. SetACL is pretty easy to use. SetACL.exe -on "\\server1\W32Time" -ot srv -actn ace -ace "nomain1\group1;p:start_stop" I'm guessing we use this: SetACL.exe -on "dmwappushsvc" -ot srv -actn ace -ace "n:administrators;p:start_stop" Just a guess at the moment.
Microsoft-Windows-DeviceManagement-DmWapPushSvc Code: sidType="unrestricted" requiredPrivileges="SeChangeNotifyPrivilege,SeCreateGlobalPrivilege,SeImpersonatePrivilege,SeIncreaseWorkingSetPrivilege"> BTW, why do you consider this service as part of the Tracker/Telemetry? is it because of its funny name?