I have a mild interest in w7 since it is my very upper limit for that OS type, which I don't use much or often - it is just something I'll tinker with when I'm not otherwise engaged. So, I found a very nice release which can replace my existing & very annoying w7 ultimate and much to my delight it has many or most of the annoyances already knocked out of it...BUT: It has the ugliest boot & shutdown BMP ever so I wanted to get rid of that - found it in the OOBE directory, & went to delete or rename it - and couldn't. Admin level with 'god mode' ain't enough ?!? Absurd. And why is this=> That action requires 'TrustedInstaller privileges'. Jeez. Just how stooopid can these things get ?!? So I looked into that & did the 'leventy-seven steps needed to undo that & got rid of that ugly thing. Better, and a bit later I ran into mention of this little goodie=> Windows 7-11 Automated Tweaks Script https://forums.mydigitallife.net/th...fications-overview.83744/page-17#post-1683742 Which also brought me to this: https://forums.mydigitallife.net/th...fications-overview.83744/page-17#post-1683288 And either of the above seems very attractive to me until I see 'Needs TrustedInstaller privileges'...again. So here (finally) is my query for today: Is there a way to permanently meet or join or disable this absurd 'Needs TrustedInstaller privileges' such that an admin user with 'god mode' need NEVER run into it again ?? Yes - I am aware that it is for that mythical thing I call see-kyur-eet-tay, but I don't care about that because I can very easily just wipe that HDD anytime if anything bad happens within that OS. Thanks for any truly helpful replies !!
Good for you !! As I clearly said in the OP: NOT being 'windows dependent' in today's world sure is great !!!
u can run regedit / winxshell [explorer replacement] as TI give the permissions u need to ur self / administrators like access to system32 folder or same reg folder and do any changes from there by ur admin user
no but u can run regedit from winxshell like running cmd in the path and then if winxshell is TI also everything thats run from there is TI Im pretty sure u can add new group u will create to all the objects in regedit and also to all folders with inheritance and when u need full access add ur admin user to that group when u done remove just to be sure nothing will break or crash but im doing lots of work with TI and using winxshell maded it very easy and comfort for me
Hi LiteOS. Meaning Explorer++, yes ?? If so - nope it jest doont open no matter what I try. Hopefully its dev will be helpful & know how to fix that.
Explorer++ (any version) works just fine with RunAsTI from this very forum the usual procedure is to execute the script once; afterwards right-click Explorer++ and select Send to - RunAsTI if you're gonna do this often, you could edit the script or create another one to point the snippet to Explorer++ something like: explorer++.bat Code: @call :RunAsTI "%~dp0Explorer++.exe" & exit /b #:RunAsTI: #2 snippet to run as TI/System, with /high priority and /priv ownership set ^ #=& set "0=%~f0"& set 1=%*& powershell -nop -c iex(([io.file]::ReadAllText($env:0)-split':RunAsTI\:.*')[1])& exit/b $_CAN_PASTE_DIRECTLY_IN_POWERSHELL='^,^'; function RunAsTI ($cmd) { $id='RunAsTI'; $sid=((whoami /user)-split' ')[-1]; $code=@' $ti=(whoami /groups)-like"*1-16-16384*"; $DM=[AppDomain]::CurrentDomain."DefineDynamicAss`embly"(1,1)."DefineDynamicMod`ule"(1) $D=@(); 0..5|% {$D+=$DM."DefineT`ype"("M$_",1179913,[ValueType])}; $I=[int32];$P=$I.module.gettype("System.Int`Ptr"); $U=[uintptr] $D+=$U; 4..6|% {$D+=$D[$_]."MakeB`yRefType"()};$M=$I.module.gettype("System.Runtime.Interop`Services.Mar`shal");$Z=[uintptr]::size $S=[String]; $9=$D[0]."DefinePInvokeMeth`od"("CreateProcess","kernel`32",8214,1,$I,@($S,$S,$I,$I,$I,$I,$I,$S,$D[7],$D[8]),1,4) $DF=0,($P,$I,$P),($I,$I,$I,$I,$P,$D[1]),($I,$S,$S,$S,$I,$I,$I,$I,$I,$I,$I,$I,[int16],[int16],$P,$P,$P,$P),($D[3],$P),($P,$P,$I,$I) 1..5|% {$k=$_;$n=1;$AveYo=1; $DF[$_]|% {$9=$D[$k]."DefineFie`ld"('f'+$n++,$_,6)}}; $T=@(); 0..5|% {$T+=$D[$_]."CreateT`ype"()} 0..5|% {nv "A$_" ([Activator]::CreateInstance($T[$_])) -force}; function F ($1,$2) {$T[0]."GetMeth`od"($1).invoke(0,$2)}; if (!$ti) { $g=0; "TrustedInstaller","lsass"|% {if (!$g) {net1 start $_ 2>&1 >$null; $g=@(get-process -name $_ -ea 0|% {$_})[0]}} function M($1,$2,$3){$M."GetMeth`od"($1,[type[]]$2).invoke(0,$3)}; $H=@(); $Z,(4*$Z+16)|% {$H+=M "AllocHG`lobal" $I $_}; M "WriteInt`Ptr" ($P,$P) ($H[0],$g.Handle); $A1.f1=131072;$A1.f2=$Z;$A1.f3=$H[0];$A2.f1=1;$A2.f2=1;$A2.f3=1;$A2.f4=1;$A2.f6=$A1 $A3.f1=10*$Z+32;$A4.f1=$A3;$A4.f2=$H[1]; M "StructureTo`Ptr" ($D[2],$P,[boolean]) (($A2 -as $D[2]),$A4.f2,$false); $w=0x0E080600 $out=@($null,"powershell -win 1 -nop -c iex `$env:A",0,0,0,$w,0,$null,($A4 -as $T[4]),($A5 -as $T[5])); F "CreateProcess" $out } else { $env:A=''; $PRIV=[uri].module.gettype("System.Diagnostics.Process")."GetMeth`ods"(42) |? {$_.Name -eq "SetPrivilege"} "SeSecurityPrivilege","SeTakeOwnershipPrivilege","SeBackupPrivilege","SeRestorePrivilege" |% {$PRIV.Invoke(0, @("$_",2))} if (!$cmd) {$cmd='cmd'}; start cmd -args ("/q/x/d/r title $id && start `"$id`" /high",$cmd) -win 1} # AveYo 2021 '@; $key="Registry::HKEY_USERS\$sid\Volatile Environment"; $a1="`$id='$id';`$key='$key';";$a2="`$cmd='$($cmd-replace"'","''")';`n" sp $key $id $($a1,$a2,$code) -type 7 -force; $arg="$a1 `$env:A=(gi `$key).getvalue(`$id)-join'';rp `$key `$id -force; iex `$env:A" $_PRESS_ENTER='^,^'; start powershell -args "-win 1 -nop -c $arg" -verb runas }; <#,#> RunAsTI $env:1; #:RunAsTI:
.. that's obvious as TrustedInstaller, like the name and comments suggest. You already have explorer++; create a .bat script next to it with the content I have posted and then just try it. .. also obvious that to run as TI you first need admin rights, but the script takes care of that by asking your permission if UAC enabled Once running, check Task Manager Details tab, explorer++ is gonna have SYSTEM user. A more competent tool (process explorer) is gonna list TrustedInstaller in it's Security tab.
Thanks BAU, but...: Whatever you aim that at is NOT obvious - and=> I asked whether EXP++ opens for you normally WITHOUT any error message. Since it is a file manager and I try to open it as admin user - and it fails with an error - THAT problem is my starting point rather than trying to make it work at a higher level of authority as my 1st action. It will not always be needed at that higher level, so if it cannot be used in place of the 'regular' explorer, that is a real problem.