Windows 7 - Trusted Installer

Asked By KWilso on 24-Aug-07 05:34 PM
Why is Trusted Installer the owner of my C drive? And who is
TrustedInstaller, which is the way it is spelled on the Advanced Security
Settings for Local Disk (C:) under the Owner tab?

indivmed200 replied on 24-Nov-07 04:31 PM
I have the same question--and am having the same issues!  I did a search in
the registry from 'trustedinstaller' and did find a few entries, but I don't
remember seeing this term ever used on Windows systems for security group
Jacee replied on 24-Nov-07 05:12 PM
it is best to leave this alone :)


*MS-MVP Windows-Security 2006 & 2007*
Posted via
Darrell replied on 28-Nov-07 11:56 PM
This is part of the new ACLS to help improve security in Windows Vista

From this link below:  I am posting a couple of paragraphs that talk about
Trusted Installer:

Trusted Installer The Trusted Installer is actually a service, not a user,
even though you see permissions granted to it all over the file system.
Service hardening allows each service to be treated as a full-fledged
security principal that can be assigned permissions just like any other
user. For an overview of this feature, see the January 2007 issue of
TechNet Magazine. The book Windows Vista Security (Grimes and Johansson,
Wiley Press, 2007) explores service hardening in detail, including how it
is leveraged by other features, such as the firewall and IPsec.

Trusted Installer In Windows Vista, most of the OS files are owned by the
TrustedInstaller SID, and only that SID has full control over them. This is
part of the system integrity work that went into Windows Vista, and is
meant specifically to prevent a process that is running as an administrator
or Local System from automatically replacing the files. In order to delete
an operating system file, you thus need to take ownership of the file and
then add an ACE on it that lets you delete it. This provides a thin layer
of protection against a process that is running as LocalSystem and has a
System integrity label; a process that has lower integrity is not supposed
to be able to elevate itself to change ownership. Some services, for
instance, can run with medium integrity, even though they are running as
Local System. Such services cannot replace system files so an exploit that
takes over one of them can’t replace operating system files, making it a
bit harder to install a rootkit or other malware on the system. It also
becomes more difficult for system administrators who are offended by the
mere presence of some system binary to remove that binary.

Darrell Gorter[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights


*MS-MVP Windows-Security 2006 & 2007*
Posted via