How To Run Programs As System Services

[German]In some cases it could be helpful to execute programs as Arrangement or Trusted Installer to avert access denied conflicts. This blog post introduces ii solutions for Windows 10.

What'south the problem?

Some registry entries or files could not exist accessed/changed from users belonging to Ambassador group, because the ownership is set up to System or TrustedInstaller. In forums you volition discover the suggestion, to take ownership and grant total access using the Security property page or the commands takeown and icacls. While this works, it's a sub optimal solution.

Would it not be meliorate, if yous can admission objects like registry entries or file and folders with System or TrustedInstaller privileges? Well that's possible, let's have a brusque look at the situation.

Working with System credentials using PsExec.exe

I came across this solution several years ago. I run the registry editor (regedit.exe) via Run as administrator, but I wasn't able to change some registry keys. My problem was, that I've used VMLite and Virtualbox on the same car, and ended with USB back up problems. I was in need to delete a registry primal, but that was refused. I've discussed this effect long fourth dimension ago within my High german weblog post VMLite/VirtualBox und der USB-Support.

Instead of tampering with access rights and take ownership of the cardinal, I came across a smoother solution. The Sysinternals-Suite contains the program PsExec.exe, that can be run from control prompt. Using the command:

PsExec.exe -s -i regedit

enables usa to rung registry editor with System privileges (the switch –s volition force that). The switch –i requests an interactive mode for the program). The command has to be executed from an administrative command prompt windows (see Windows x: Open command prompt window equally ambassador).

But that won't piece of work with Explorer

What I used as a smooth solution to access registry keys owned past System could also be helpful to admission files and folders owned past System. But there is a problem: Files and folders volition be accessed via Windows Explorer (explorer.exe). And the solution provided above won't work for explorer.exe. An endeavor to access an object via explorer volition be rejected.

Ordner03

I've discussed this issue in 2011 inside my German blog postal service Explorer als Ambassador ausführen. The technical background: Windows Explorer is also used equally Windows shell – and Windows has an internal rule that prevents executing explorer.exe with Organisation user rights. But at that place is a simple solution: Utilize a third party file manager instead of explorer.exe and execute it with System privileges.

Ordner06

I prefer portable file managers like FreeCommander or Explorer++ for this purpose and use PSExec to grant Organisation privileges.

Execute programs as TrustedInstaller, is that possible?

Some objects (registry keys and files/folders) are owned by TrustedInstaller – that's a security characteristic to protect Windows app folders and system files from existence altered by users and malware. The PSExec trick won't allow access such objects and alter files, folders or keys.

I've discussed a solution in October 2016 within my German blog mail service Programme als Arrangement oder TrustedInstaller ausführen. At that place is a free program, chosen PowerRun, from sodrum.org, that could exist used for that purpose. Martin Brinkmann has also introduced this tool within this English article.

During writing a book well-nigh Windows 10 I decided back in January 2016 to examination PowerRun again. But I failed to utilize PowerRun nether Windows 10 – so I couldn't execute a program as TrustedInstaller. The reason was simple: Windows Defender and Smart Screen filter blocked this tool as malicious. I wasn't able to download and unpack PowerRun under Windows vii and Windows x. Although I'm certain, PowerRun isn't malicious, this solution is dead. I tested a few other tools (RunAsSystem and RunFromToken), merely accept had other problems.

Use Process Hacker and a Plugins

Finally I came across a Process Hacker forum thread from 2015. There are some hints how to execute a program as TrustedInstaller.

You need Process Hacker (see SourceForge.internet) – I used the portable version offered here (just unpack the annal into a local folder).
Download too the TrustedInstaller plugins, mentioned within this forum thread. Unpack the zip archive and copy the .dll files to the appropriate 32/64 bit plugin sub folders.

After preparing ProcessHacker in that way, it's simple to execute a Win32 program using the steps below.

ane. Launch ProcessHacker using the Run every bit administrator to grant administrative privileges.

2. Open ProcessHacker menu Hacker and select the command Run equally trusted installer.

three. Enter the command into the dialog box Run equally trusted installer – use Scan push button to select the .exe file and confirm it via OK.

ProcessHacker launches the TrustedInstaller services and easily over the process, that needed to be run with TrustedInstaller privileges. The process will be executed with Autority [NT-Autorität\Organisation], equally it is shown below in Sysinternals Process Explorer.

This works with registry editor and with portable file managers like Explorer++. It allows me, to change organisation files without obtaining buying and granting total access rights. So I can change things without leaving traces in ownership and admission rights. Mayhap it's helpful for others.

Similar articles
Win10 Wiki
Windows 10: Open command prompt window as ambassador
Uninstalling 'uninstallable' Windows Updates
Tip: Tools SetACL and Delproof2 now are gratuitous for commercial use
heidoc.internet and 'Windows und Office ISO Download Tool' – an update
Bugs in Windows Disk Management tool
Tool test: MiniTool Division Sorcerer Free