home-Browsers-What is Trustedinstaller: How to Request Permission on Windows. Replace all child object permission entries with inherited from this object

What is Trustedinstaller: How to Request Permission on Windows. Replace all child object permission entries with inherited from this object

Do you want to delete some old or unnecessary system folder, but you get a message that you need to get permission from Trustedinstaller? The reason is the lack of rights to change the folder (even for the administrator account). Many faced this problem on Windows 7, but today we will talk about Windows 8. Let's figure out how to get full control over folders ...

So, I will show an example of deleting an unnecessary Windows folder that was left after reinstalling the operating system. When trying to delete a folder, the following message appears:

First, make sure you are logged in with an administrator account. Otherwise, you will not be able to make some changes to the settings. Right-click on this folder and select the item " Properties". In the parameters window, go to the " Security"And click on the button" Additionally«.

The window “ Additional security options". Above it is indicated who is the owner of the folder (Trustedinstaller), click on the link “ Change«.

In the previous window, you will see that the owner has changed. Just below, check the box “ Replace owner of subcontainers and objects"And then press the button" Apply«.

We are waiting for a couple of minutes while all files are processed.

If any messages pop up, always click " Yes«.

Everyone, you are the owner of the main folder and all objects included in it. Push OK.

Now we get full control over this folder. To do this, the list “ Permission elements"Select your account and click the button" Change«.

Set permissions:

  • Type of- Allow
  • It applies to- For this folder, its subfolders and files
  • General Permissions- Full Control, Modify, Read and Execute, List Folder Contents, Read, Write

And click " OK«.

Just in case, repeat this step for all accounts with your name (or generally all in the list). Also enable inheritance and check the box next to “ Replace all child object permission entries with inherited from this object". And confirm all changes by clicking " Apply«.

The system will ask: “Do you want to continue?”, Feel free to press “ Yes«!

Again, wait until all files are processed (2-3 minutes).

We close the properties and try to delete the Windows folder (to which we have received permissions).

Yes, everything is great. The folder is completely deleted and no longer takes up space on your hard drive!

If more than one user has access to the computer, often some of them do not have certain rights: to view some folders, change and delete data, install new applications, and others. In this case, it is easy to solve the problem - just log into an account that has administrator rights. But it so happens that his rights are not enough.

Even a computer administrator cannot change and delete all Windows system files without exception. Most importantly, the TrustedInstaller account is worth it, and when trying to change a particular system file, the administrator may see a message that access is denied, and it must be requested from TrustedInstaller. Below we will take a closer look at how to request TrustedInstaller permission, what this account is, and how it can be used to increase the security of a specific folder or group of files.

TrustedInstaller: what it is and why this account is used

As we noted above, TrustedInstaller is an account that has more privileges than an administrator. It is created during the installation of the Windows operating system, and you cannot start the computer on behalf of the TrustedInstaller user.

The main task of this account is to have exclusive rights to be able to change or delete certain files and folders. Most often, TrustedInstaller protects important system files, the deletion of which can lead to system failure. It is for this reason that we recommend granting permission from TrustedInstaller as a last resort, even to the administrator account.

The question may arise, why send a request to an additional user if, when performing most important actions, the computer displays a dialog box to confirm the action from the administrator? Quite simply, many computer users, who are administrators by default, do not pay due attention to the number of programs that they allow to work with maximum rights. That is why the most important files are closed using the TrustedInstaller account, and only after a series of manipulations can the administrator gain access to them.

The simplest example of when permission from TrustedInstaller might be needed is when needed. To make changes to the folder with the browser (change the file names or delete them), you will need to contact TrustedInstaller.

To request TrustedInstaller permission, you need to do the following:

After the above steps, the selected user will have the necessary permissions from TrustedInstaller to delete or modify the selected folder (s).

How to set a permission request from TrustedInstaller to a folder or file

To protect a file (folder) from accidental deletion, as well as access to it from the side of virus software, you can set access to it only from the side of the TrustedInstaller user. Please note that you can increase the rank of a user not only so that others cannot change or delete the file, but also restrict them from reading.

To request TrustedInstaller rights when deleting or modifying a file, you must do the following:

  1. Follow the 3 points that were described above in the instructions for removing the restriction to the TrustedInstaller file;
  2. Next, place the mouse cursor in the "Enter the names of the selected objects" column, and write the command to access the file (folder) from the TrustedInstaller, it looks like this:
NT SERVICE \ TrustedInstaller

  1. After that click "OK", and the TrustedInstaller will become the owner of the object again;
  2. Next, you need to re-arrange the rights between users, as described in the instructions above.

Setting permissions exclusively for the TrustedInstaller user is not a reliable way to protect a file from deletion or modification by the computer administrator. However, this method allows you to reliably protect against actions with a specific file (folder) by virus software.

Windows 10 and earlier users encounter a problem when trying to make changes to files. A notification appears on the screen: “You need permission to perform this operation. Request permission from TrustedInstaller to modify this file. " What it is - TrustedInstaller and how to get this "permission" I will describe in this article.

What it is?

TrustedInstaller is a Windows service for installing modules that is powered by Windows Resource Protection technology. Also, the service is responsible for the security of access to system files. In fact, users only encounter it when trying to delete, modify, and read files and folders on the system that need to be accessed. The TrustedInstaller service puts itself in the role of the "folder owner" and takes away the rights from system administrators, thereby forming protection from external influences.

Users also encounter TrustedInstaller.exe, which is an executable process file that is responsible for updating Windows components. It can load the system when available updates are collected.

How do I disable the service?

In order to gain access to the desired folder and bypass system protection, you must grant the current administrator access rights (take ownership by disabling the TrustedInstaller rights). To do this, follow a few simple steps:

  1. Right click on the folder and select "Properties". Security Tab - Click Advanced.
  2. In the Advanced Security Settings window, opposite the Owner item, click Change.
  3. In the window that opens, click "Advanced".
  4. In this window, click "Search".
  5. Select the owner (your admin profile) and click OK.
  6. In the next window, confirm your choice.
  7. To change the owner of the contents of the directory, check the box next to "Change the owner of subcontainers and objects" and click "OK".
  8. Wait for a while for the changes to take effect (if there are many attached files and folders in the folder).

The service was successfully disabled, but in order to interact with the folder, you need to bypass one more protection. Although I became the owner of the folder, I cannot delete or change its contents. When deleting a file, now you need to request permission from yourself.

To do this, assign the used administrator profile with the folder owner's rights:

  1. Go to "Properties" folder → "Security" tab and click "Advanced".
  2. See if your profile is in the Permission Items list. If not, click Add.
  3. In the window that opens, click "Select a subject". Use the search and select your profile. Check the box next to "Full access" and confirm the changes by clicking "OK".
  4. Now check the box "Replace all child object permission entries with inherited from this object" and click "OK". In the security window that opens, click "Yes" twice.
  5. Wait a while for the changes to take effect.

Now you can delete or modify files without hindrance. The only protection against changes to a file or folder may be the "read-only" item.

Important! Do not modify / delete system folders and files. This can lead to system instability. Make a Windows restore point before working with system files.

How do I turn the service back on?

The return is done in the same exact order, only for the "TrustedInstaller" user, but with a certain nuance:

  1. Go to the "Properties" folder → the "Security" tab → Advanced. Click "Change" next to the item "Owner".
  2. In the window that opens, in the "Enter the names of the selected objects" field, enter NT SERVICE \ TrustedInstaller

    and click Check Names.

With the release of the seventh version of Windows, absolutely all users faced a problem when the system does not allow editing, viewing or performing other actions with some files and folders, informing that this requires permission from TrustedInstaller Windows 7. What is this service, how to disable it and manipulate protected files, see below. So let's get started.

TrustedInstaller Windows 7 - what is it?

The component itself first appeared in Windows 7, after which it migrated to both the eighth and tenth modifications, so the proposed solutions can be equally applied to them. But first, let's dwell on the service itself? In the simplest sense, TrustedInstaller is a certain virtual user who "takes away" the rights of ordinary users and administrators to tamper with the structure of system files, preventing accidental or deliberate changes affecting the stability of the OS.

The service operates on the basis of WRP (Windows Resource Protection) technology, which protects system catalogs, DACLs and ACL folders, registry keys and corresponding files from being modified even if the user has administrator rights.

That is why, when you try to access, a warning appears that the file or directory is protected, it is easy to understand if you refer to the security policies. Roughly speaking, this is a component of the operating system's self-defense, which is a preventive means of maintaining efficiency when attempting to intervene. However, despite all the limitations, it is quite easy to bypass this blocking. More on that later.

Why is the service consuming too many system resources?

Many users complain that the TrustedInstaller service overloads the processor to an incredible degree, making it difficult for user processes to run.

Yes, indeed, the load on system resources for the active TrustedInstaller process can be observed. As a rule, these are two situations: Windows update and virus infection.

If the user in the "Task Manager" sees that TrustedInstaller is loading the processor too much, first you should try to complete this process, and then perform a deep scan of the system for viruses, malicious codes and any other threats. To do this, it is best to use an anti-virus package not installed on the system, but independent portable utilities like Dr. Web Cure It! or the Virus Removal Tool of Kaspersky Lab.

The optimal solution would be to scan using the Rescue Disk utilities, which have their own graphical interface, and the scan module is loaded even before the operating system starts.

In the second case, in order to avoid an increased load on system resources, you can simply turn off the automatic system update in the "Update Center". As far as appropriate, decide for yourself.

Component location

Now let's look at the TrustedInstaller software component itself. Where is this service located? The default location is the Windows system folder, which contains the servicing directory.

The TrustedInstaller.exe file located there is an executable component of the service. Often, you will not be able to start it manually, change it or perform any other actions with it. It has protection against deletion and substitution.

TrustedInstaller: how to disable a service?

Now directly about disabling this component. We assume that the user understands all the consequences of deactivating the TrustedInstaller service. How do I disable it? The whole process boils down to obtaining absolutely all the rights available in the system to change files and folders.

So, having selected the desired file, right-click and go to the properties line, where in a new window on the security tab, click the "Advanced" button.

In the next window, we use additional parameters and go to the owner tab, where we use the change from TrustedInstaller to the administrator group. We confirm the changes by clicking the "OK" button. In the pop-up message, do the same.

This is only half the battle of deactivating TrustedInstaller. How to disable the service for a specific file completely will be clear in the next step. To do this, go back to the properties window and on the security tab, select the group of administrators, click the "Change" button.

In the permissions window, put a checkmark on all the items in the list, and confirm the changes. All necessary rights have been obtained. Accordingly, after that, the file can be deleted, moved, copied, or even changed its contents.

How advisable is the shutdown?

Finally, one more important point related to the Windows 7 TrustedInstaller service. What it is, it is already clear how to deactivate the component, too. Naturally, a natural question arises: is it worth doing?

By and large, there is no point in dealing with such procedures for a user who never accesses system files. At best, you can only disable automatic system updates so that TrustedInstaller does not load resources.

But when specific software is installed on a computer, which needs to be given access to change system files and configuration, here comes the understanding of the specifics of the TrustedInstaller Windows 7 module. What is it? A permissive system, without obtaining rights from which the program simply will not work.

Instead of a total

Finally, it can be noted that the TrustedInstaller component itself usually does not block user files or applications. Its main purpose is to protect system components. So there is no particular point in deactivating the process. However, the load on the system is short-term (only for the period of installing the system update packages). In most cases, this will take a maximum of 5-10 minutes depending on the configuration and internet connection speed. So you can be patient.

As for the permissions for the installed software, you must be extremely careful and know for sure that granting rights to perform any actions with system files will not do any harm. Among other things, viruses that infect this particular component very often disguise themselves as the original service and even have the same name as it in the process tree displayed in the Task Manager. But it is quite elementary to determine a viral process by the absence of a description or signature of the publisher, especially if there are several of them. But this is very rare. If you have a powerful enough anti-virus software at the entrance, there is no need to be afraid of infection. And the component itself has a fairly strong protection.

Deleting folders is a simple task that even a novice user can handle. However, when deleting some files and folders, the system may display a warning that you need to request permission from the Trustedinstaller or the administrator to perform this operation. This is due to the fact that some system folders are protected by the administrator. Removing them is undesirable, as it can cause some applications and even the whole system to malfunction.

Problem solving method

Error: Ask for permission from Trustedinstaller can occur not only when deleting a folder or file, but also during its modification. Therefore, the essence of this method of fixing the problem will be to make the computer user the owner of the folder or file. To do this, it is worth performing a few simple steps:

  • Select the desired folder. Click on it with the right mouse button and select "Properties".
  • A new window will open. Go to the "Security" tab and click "Advanced".

  • The Advanced Security Settings window appears. Here you should pay attention to the "Owner" tab. Since the folder is protected, it will be owned by "Administrator / User Group" or "TrustedInstaller". In this tab, click "Change".

  • A window will appear. In it, click on the button "Other users or groups ...".

  • In the next window, click "Advanced".

  • Here you need to search for the account for which you want to grant owner rights. To do this, click "Search", select an account and click "Ok".

  • This gives you the rights to the folder. But now you also need to get editing rights. To do this, go back to the Advanced Security Settings window. There should be an item called "Extension Elements". We look at the position "Access" and set "Full access".
  • If there is no Extension Elements button, you should go to the Active Extensions tab. We put the mark "Full access" and click "OK".

  • Checking the rights.

Importantly, in Windows 8 and above, some of the steps for granting access are different. Therefore, we recommend that you carefully watch what actions you perform.

To learn how to become the owner of a folder in Windows 10 and get full rights to it, see the video:

Similar publications: