James Forshaw's blog: www.tiraniddo.dev/2017/08/the-art-of-becoming-trustedinstaller.html I love seeing the sentiment for "just run Linux", or "just boot into Safe Mode", or "just attach a recovery USB", etc., but I think in the case of leveraging this for a penetration test, red team engagement, or offensive security work, if it is a remote Windows target (where you can't change the OS or have physical access) you have to live off the land and the constraints of the environment. This process should be valuable when you've got initial access, escalated privileges, and can do further post-exploitation to do damage or set up some sneaky persistence -- you can't as easily make changes, but you can sure as hell run PowerShell code. Just an option and one of many ways to skin a cat :)
Cheers, was checking the comments for the link, wanna check it out myself and get some more context. Maybe pin it to the top (atm its somewhere down your own page)? Great vid, cheers man.
@@daanmageddon Hmmm, it should be a pinned comment, and is now in the description -- sorry I hadn't had it there earlier! Thanks so much for watching! 💙
Challenge for you, try disabling the delivery optimization service without touching the registry. (i don't know about windows 11 but its pretty tough on windows 10).
:3 Reddit is thankfully just 200+ million Google Play downloads for how toxic it gets. Cesspool, indeed. I almost entirely avoid using it. A lot of inaccurate info, down voting anything they don't like, getting banned by groups easily, far-left cancer, far-right cancer, etc.
I want to like this fun and interesting content about getting back control of Windows, but at the same time I just see this as a bunch of BS steps to get around something that shouldn't have been in the way in the first place, it's so hard to be unbiased about OSs when Windows is this bad lol
3:06 what stackoverflow is like now - Q: "How do I do X" A: "Why would you do that? dont do that." (if your lucky they give an alternative) What it should be: "You *can* do that by doing this, but you this is the better way"
@@elijahjflowers GPT is only good for surface level stuff,i.e. questions that are already answered somewhere on the internet. It's basically useless for any questions that aren't in some way already answered.
Windows XP were the golden days of computers... I still have a VM on my PC where Windows XP Professional 64-Bit is installed... I even copy-pasted the Pinball Game into Windows 10 AND IT STILL WORKS despite being soooo goddamn old... Also, you make great videos, i love them ❤
This to this date can happen if you run explorer.exe as TI or "NT Authority\System" I think he didn't GUI of notepad.exe on 13:28 because he wasn't running explorer.exe as "NT Authority\System" (He ran privileged command prompt from Sysinternals as System)
@@HoneypawsModsDE I think they just scrapped it because they couldn't make it run native x64 in time and didn't want to use WoW64 🤔 One beauty of Windows, the backwards compatibility
the single worst thing about reddit is that you get suggestions and advice instead of answers when you come there with a question. I DO NOT ASK HOW BIG IS THE ROOM I SAID "I CAST FIREBALL"
The entirety of the site is like that, everybody thinks they know everything and are aggressive as shit about everything. That's why I stopped using it.
Every single time i watch Jhon Hammond i look at myself and say : I'm a noob in IT even though i was that strange kid that was obsessed over computers out of curiosity. I was the only kid who hacked my school and sold wifi passwords for admin privilege at my first year of high-school. I fixed my first laptop (from a friend) replacement with hardware when i was 11 but yet Jhon Hammond reminds me the learning curve in IT is ENDLESS! *GOD I LOVE THE ENDLESS LEARNING*
I really enjoyed the way you broke this problem down. Add this to the list of follies that is Windows OS. Once Linux is fully able to boot whatever games I want I will fully drop windows. It’s so annoying to have to jump through so many hoops to delete programs from your own PC.
The fact that this is denied by Microsoft as a vulnerability, instead they call it "normal behavior" raises all kinds of red flags to me. Not that Windows in itself wasn't one huge backdoor already... for all that matters I cannot check for myself as the OS is proprietary. Fixing this exploit would probably put a lot of "cheap and easy" backdoors out of service as privileges would work much better.
I will only switch to Linux when le terminal™ is no longer used for everything (even the most basic thing), but that will never happen, which is bad because the only good thing it currently does is shutting down in less than a minute
Steam's work on Proton has greatly enhanced game compatibility on Linux in the past few years; if you last checked for compatibility before the release of the Steam Deck it may be worth taking another look.
@@HEXiT_ triggering a dumb AV program is simply an elevated permission state. Get your plugin from the dev and you can turn AV off and just use MB's who are more than aware of Process Hacker. Anyone with a modern PC should be using a VM to run Process Hacker on first anyway and if you aren't already then you haven't learnt that lesson yet. Image your OS into a VM, test and then decide. Only kids run exe's or scripts on their gaming machines.
cmd is the exact opposite of a GUI app. It's descended of MS-DOS and was the equivalent of a Linux shell or...whatever BSD derived thing iFruit computers use. You have limited scripting and access to MS-DOS operating system executables like COPY, DELETE, etc. Up to Windows 98, in fact, MS-DOS, or that same command prompt, bootstrapped Windows, and there were MS-DOS configuration files for Windows that probably caused a lot of headache for Microsoft, leading to what has been a slow, slow move away from it, starting with XP. It remains as a useful artifact of the past, but if you use Windows Terminal in Windows today, the default tab will be a Powershell prompt. Anyway, GUI stands for "Graphical User Interface."
Fixing the family computer when my dad broke it when I was a kid is what started my hacking journey and a lifelong love of computers. Break all the things!
I barely use that joke of a website but every time I've had to because there was no other option, 99% of my experience from reddit has been almost exactly what you showed in the video. Armchair redditors answering everything besides the question you're asking and in the most condescending way possible. I unironically have more competent conversations with people on /b/ than anywhere I've been forced to go on reddit. Great video btw
Amazing how people on Reddit will just bash you over and over for asking a simple question, on a tech forum nonetheless. Absolutely ridiculous behavior from these people
To be completely fair, the number of people I've seen complaining "hurr durr winblows bad because something broke while i was randomly changing registry values/acls/system files" over the decades suggests there is a huge number of Dunning-Krugers out there who really have no idea what they're doing. Feel free to run out in the middle of the highway and play in the traffic, but don't expect me to help you.
Guess what, recently Windows started harassing me with the win11 update by installing a program called RUXIM, and every time i deleted it windows just installed it back. So i changed the privilige from system to me, and i denied write access for system :d
Yes. Ruximics exe > Properties > Security tab > Advanced > Change Owner (from SYSTEM or TrustedInstaller to your user name) > Apply > Edit permissions > Deny ALL
13:45 Notepad.exe is not a service binary. "Service binaries are different in the sense that they must “check in” to the service control manager (SCM) and if it doesn’t, it will exit execution." -specterops, Offensive Lateral Movement
Whoa, this was a great video with some even better enthusiasm! Thanks for sharing this, I learned several new things and I have some new ideas for setting up security policies around the trusted installer or attempts to a abuse it. 🙏🙏🙏🔥🔥🔥
I'm pretty sure it could also be used by a malicious software to remove the current antivirus and then install itself as TrustedInstaller to incrust itself into the system... Even better would be to replace the AV by a fake one so it takes more time for the user suspect anything wrong.
@@Alfred-Neuman You don't need TrustedInstaller for that. An administrator can set the AV program without any additional rights. In fact every AV installer does this: register itself as the main antivirus program by setting a simple key in the registry, that is writeable by an admin.
I absolutely love how cool this is and how much work went into this when you can just change the owner and delete the folder all within the Security tab 🤣🤣 You do amazing work John, it's always a pleasure to see your videos or guest appearances with others, keep it up 🔥🔥💪 (I also hope UA-cam doesn't come for you for mentioning TrustedInstaller like they did with Enderman... 😶🤫)
I was on the path to be a programmer, but I got kicked out of computer science in high school for getting caught having full access to the hd, bypassing the name/password.. I didn't keep up with it. I became a musician for the last 25 years and became really good at that, realizing now, If i would have continued my computer programming path, I'd be smart enough to follow all of this video, but now it's over my head.. lol.. The way he talks as if it's obvious to do this and that.. Shake my head and smile, the world is in the hands of people far smarter than I ... :)
That reminds me, but not as technical... I forget how I did it, but late 90s high school computer class, I made the login window on NT 4.0 show up as porn. On all 30 computers in the lab. I was on the shitlist from then on.
@@MattExzy I also guessed a student in another classes password, but they thought I hacked everyone's, so they made an announcement that everyone including the teachers all had to change their passwords... lol I told them the truth but they didn't believe me..
It's not about being smarter, it's about taking the time to learn. Your choice if you do it or not. Sometimes it's harder for intelligent people to learn things because they're not used to hitting barriers/hurdles, so the moment they do they simply stop. Those who are used to struggling often get further because to them hurdles are the norm.
@@roboverholt9959 In college I was not happy that they would not give me privileges on the lab computer I worked on (6 months from my CE) and thought a simple boot locker was sufficient to secure the systems so as a joke I accessed the boot locker and turned on the screen saver function and used "Micheal Angelo at Work !!!" as the bouncing text and came back the next monday to find out they had low level formatted all the internal systems at the school! LOL what a bunch of idiots.
@@LabelsAreMeaningless Its more difficult for more intelligent people to learn things that do not adhere to logic such as languages. When contradictory information just boils down to rote memorization the more intelligent among us will go off on tangents to find out why and how to fix the problem rather than just memorizing and moving on. And when they figure out how to fix the problem they will find out they are running into entrenched established institutional monoliths that will fight them tooth and nail rather than admit any wrong which is the first step to addressing change.
As admin you can take ownership of the folder and then remove "Trusted installer" from the permissions, add yourself as full control and then delete the folder. Alternatively I removed trusted installer as a user from the local account, which breaks all the permissions, you can then take ownership of the whole drive, obviously this is a massive security risk though. This was on the first release of windows 10, this may be harder or impossible now. The other thing this does is prevents the os from doing updates as it no longer has permission to save updates to the staging folder it uses, so if you want an update you need to do it yourself
The reason you're getting the error when setting binpath for the service is because there are certain requirements for executables designed to operate as Windows services, one of which is to respond to queries from the service control manager. Obviously tools that aren't designed this way (like cmd.exe) don't respond and the service control manager thinks "this service is not responding and didn't start correctly." The reason you still see the executable being run is due to a small timeout that the service control manager uses to wait for the service to initialize. The reason you can't see graphical applications like notepad is because services don't run under the local user session and don't have access to the desktop.
You should be able to run a GUI app, you just need to flag the service to interact with the desktop. It's been a while since I have messed with with, but its an option for launching a service somewhere.
It was possible in NT4 and 2000, because there the interactive user was on window station session 0. THis is now randomized and so this was intentionally killed.
It might also be worthwhile noting that any process run in "Session 0" will always result be in a non-gui context. AFAIK "most" services are run as Session 0 meaning they will never have a GUI to interact with.
So MS trying to transform Windows in a smartphone again and locking the admin from his own files. Miss the old days of NT4 where being part of Administrator's group already gave you all this, like Dave Cutler wanted.
Penetration testing doesn't matter when you give away the credentials or other valuable information directly in the software. Keep it in mind and keep on keeping on. Best to ya.
I did a lot of this research a few years ago and got stuck where you were at like 12:45. This is awesome, seeing the next steps I could never quite get. Will be removing windows defender from my computer as soon as I get home
Great. Had some issues with TI and at the end I forced to reinstall windoes but the path for beging forced to delete my windows was actually educative.
14:00 notepad isn't showing up because services are started in Session 0, it's a special windows session (like being logged in as another user that would also be a different session), you can even see it in process explorer :)
This a comment about the responses to the reddit posts in the video. It is more of an anecdote, really. The year was 1992 and my parents surprised me by giving me my own pc. It was by all means barebones, even in those days. It was a AMD 80386DX 40 mhz with 4mb of RAM. There was no sound card or CD-ROM. And of course no modem or network. And the hdd was only 120 MB. My dad being the computer guru he was, had setup MS-DOS 6.0 and Windows 3.1 along with a carefully selected Word processor ( my teachers at the time were very leary of me wanting to type out my assignments on a computer. So my dad heard out their concerns and chose a very basic wysiwyg word processor - dos based, of course). My dad also installed a menu frontend and passworded it. I couldn't exit or use the only game on the system ( a shareware copy of Tank Wars) without it. I also could not access the command prompt or windows. But.... Guess what.... It took all of two minutes to break out of the menu front end. Lol. So I began exploring my new PC. Back then security was pretty non-existent in windows. So my explorations pretty quickly made windows start malfunctioning. It started doing weird things.... Clicking any icon to open it in program manager would cause the program icon to duplicate. Things like that. I did not know what I was doing.... Any ways, things kept going like this, and my dad ended up having to reinstall dos and windows several times, until he told me if I screwed up my system again, then that was it. Naturally, being 12, I ignored him and his attempts at locking things down even further. I ended up with a big pc sized paper weight for 6 months. Then my mom finally got involved. She convinced my dad to make a copy of the dos and windows disk ( three dos floppy's, and 6 windows floppies) and gave them to me. He told me that if I screwed up the floppies, then that really was the last time, and he would even take the PC away. I didn't screw those up. But I did end up reinstalling the os multiple times before too long. Eventually it got to where I only screwed things up and needed a reinstall maybe once a year. These days the interval is much longer. Anyways.... Some people learn by doing. No amount of warning or telling will do any good. I think the poster asking about how to become a trusted installer just needed to experience his mistakes to learn that he shouldnt do that. And if he needed to reinstall Windows as part of the process, the isnt that just a part of the process? FYI... I would have posted this on the the reddit, but the thread was locked.
I like plain old simple unlocker. Iobit software with all their boosters and stuff feels like something that might end up on a ctf machine because it has a vulnerable service.
Global computer/server outages due to solar winds endpoint security update causing BSOD on all windows machines it was pulled to. Hospitals, airlines and other critical infrastructure affected worldwide
reddit used to be a cool place to get help and meet great people. Today it's complete garbage, highly politicized, and just down right filled with wrong information. I miss old reddit before mods ruined the site.
"SYSTEM" has full admin privileges "Local Service" has privileges similar to a regular non-admin user "Network Service" has the same privileges as "Local Service" but it can use the computer's identity. This one is a bit complex: First off, if there is no central password management server, "Local Service" and "Network Service" are the same. Otherwise... Assuming... * You're in a university with an "Active Directory Domain Controller" server that manages the users and passwords for the entire network * There's a shared network folder Z:\ * You are logged on as user "Steve" on the PC "Library-01" Then... * GUI programs on the desktop will access the shared folder as "Steve" * "Local Service" will try to access the shared folder as a guest with no password * "Network Service" will access the shared folder as "Library-01$" Hope this makes sense.
@@haraberu Thanks for the explanation 😛 Even though I didn't understand 50% of it the first time I read it, but I quess these "accounts" just exist because some software requires these special properties to work.
Challenge for you, try disabling the delivery optimization service without touching the registry. (i don't know about windows 11 but its pretty tough on windows 10). Also I don't even know why it can't be disabled even after taking ownership of its parent service i.e. the infamous svhost.
I actually used some of this one time. I had installed the SSD from my old laptop as a second drive in my new laptop. I had some large and important media on it so I didn't want to reformat it, because I didn't have enough spare diskspace to copy it to first. So figuring out how to dupe TrustedInstaller entries in the ACL was the only way to make the hard drive look like a normal secondary harddrive.
Does the SYSTEM and/or TrustedInstaller privilege thing run at the kernel level, or just a very high privilege level outside the kernel? 2nd Question: Are all kernel drivers and other kernel software running *in the ntoskrnl.exe process* OR *outside the ntoskrnl.exe process* in a service or something?
for 1) trusted installer is just a dummy privilege used to own system files (think component store/winsxs and msstore) to prevent malicious modifications and accidental deletions. it isn't a security boundary and is unrelated to the kernel. ill leave 2 for someone with more expertise regarding the kernel.
Kernel mode drivers run in the same context as the kernel, and on windows, they generally use the native Windows API. But they do not necessarily need to interact with the OS. If they're launched via a UEFI bootstrapper they can technically run entirely platform independent. They can directly interact with hardware through interrupts, PCI lanes, and unvirtualized memory addresses. They don't _have_ to, but they can. Therefore, they're not resident in any specific process unless injected. They do often operate on Windows via svchost as a service, though, since this is a simple way to manage such low-level drivers. This is why the SC command is typically used to launch them. However, note that services and kernel mode drivers are not the same thing! The kernel mode driver has far less restrictive permissions. Therefore, the service needs to be specifically configured to launch such drivers in the proper context.
@@Mavendow Thank you for the VERY detailed explanation of the second question ❤ I didn't know that drivers could be launched via a "UEFI bootstrapper". I thought that the only task for the BIOS/UEFI relating to the OS was to launch the "OS boot instruction code" (or BOOTMGR for the Windows OS), but from what I understood from your speech, there are other capabilities as well such as loading drivers.
@@privatechannel1272 Yes, this is how the LAN and USB works in some modern UEFIs. It would be a hassle to hardcode every individual motherboard's configuration. Drivers basically expose hardware properties to specific memory addresses that other firmware or software can hook, therefore a driver written without proprietary code can technically work in any context. Though, in the case of Windows, DLL/SYS itself is proprietary. More often these will be compiled as SO or shared objects.
You can install Take Ownership which lets you take ownership of the file so you can edit or delete it. I used to do that on Windows 7 and 8 when I was using it. You could also unlock God Mode by editing the Windows Explorer file by typing in a registry key. I don't know if that's changed on Windows 10 because I am using Linux now.
This brings me back to high school, I used to screw with settings enough that I was able to access the trusted installer security pass, Since I was a TI, I had the access to change the permissions for every other file system on my laptop, and every other device on the schools local network, Good times, good times,
Also, if you just tap the change button in the properties settings, if you are already TI, then you’ll be able to change the highest access to modify those files to the user group and just be able to access TI restricted files and turn them into user accessible files, Recommendation.. fuck around and find out
@@atorik1076 it's fine to be ignorant on the internet, but hopefully not irl. If Linux were really to be a hobby project, it shouldn't be used as servers by Microsoft itself. RedHat literally exists, that's a hobby project?
Classic reddit bullshit > Tries to ask how to do this to learn for education ONLY > Cue the cesspool of bullshit "DO NOT DO IT, IT WILL DIE" People, PEOPLE WANT TO LEAAAAAARN
We knew the world would not be the same. A few people laughed, a few people cried, most people were silent. I remembered the line from the Hindu scripture, the Bhagavad-Gita. Vishnu is trying to persuade the Prince that he should do his duty and to impress him takes on his multi-armed form and says, “Now, I am become Death, the destroyer of worlds.” I suppose we all thought that one way or another.
This is sooo Microsoft. They have a long history in practically every product where admin isn't admin, removal doesn't remove, hidden and then there's extra hidden, etc.
You should be able to launch UI apps from a service (eg TrustedInstaller) when you configure the option 'allow interaction with the desktop' on the service. Windows will then ask you to open a separate user interface which in turn will show the service app on screen.
I have a legal question: (Note: using analogy here, no demand for accuracy is required to make the point.) If "Trusted Installer" is the Windsows OS owned by Microsoft, akin to an OS installed on an electric app-capable vehicle owned by the same vehicle company, the subscription service to make the car's computer work is what makes the vehicle function, the lease or owner has a no-right-to-repair clause because both the vehicle and the OS are proprietary, the same we would expect of a Microsoft computer running Windows, just like Google runs Chromebook. Ok, so just like we'll never see a truck OS on a jeep vehicle, we won't see Windows on a Chromebook, not without extensive modification and agreement between companies for such, so an agreement-to-modify exists. So....why is Windows operating a Trusted Installer limitation on non-Microsoft computers where it doesn't have authority to compel an owner to operate their computer to OS standards not designed explicitly for it? The OS must match the device for it to function, be it a vehicle or computer, in order for tangible operations to match digital limitations, whereby the digital is limiting the tangible, like how Windows wouldn't be compatible to a Chromebook inherently, the agreement to modify must prevail, with or without license? I say this because purchasing Windows OS is not requiring a Microsoft computer explicitly.
You are, and i mean this as close to literal as possible, comparing apples to oranges here... first off trustedinstaller is not the OS, it is just a brick wall within the windows os designed to keep idiots from bricking their system and has been used to also protect their bloatware. And second do you remember the part of your windows installation where it said something to the effect of "terms and conditions" you are literally agreeing to everything they do, and a chromebook is infact designed to run on the windows os idk what tf you think it runs on, so that part of your "point" literally meant nothing. And to rain on your parade some more, if you own a computer of any kind, odds are microsoft owns some part or all of it bc they own like 90% of all computer technology atp bc they just buy out any competition. Go ahead and look up who owns all those different companies that make the parts in your computer and youll notice, unsuprisingly, that microsoft either owns them or owns a major part of their company and thus more or less owns them anyway. And imma just absolurely rip on you now for that last part "the os must match the device in order for it to function" factually incorrect as the os and the hardware are 2 VASTLY different and incomparable things, the hardware provides the body and the os provides the brain (see THATS how you make an analogy that makes sense in this context btw) the reason vehicles work differently is bc each vehicle company functions ENTIRELY inpdepandant of one another where as consumer use computers are made by many different companies all working together (and still ofc microsoft owning an uncomfortable majority of them bc they are a monopoly) so to attempt to actually answer your question is pointless bc you have a general misunderstanding of even the base concept of software versus hardware and have failed to make a question that makes any form of sense, itd be like if i asked you what your favorite color of the alphebet is, it doesnt make any sense bc thats not even remotely how either of those things work, does that kinda help guide you towards the general idea of what im trying to tell you?
The way I get rid of ANYTHING I want on windows is to boot from the usb recovery disk offered by windows and then drop to a cmd prompt. I can then dir/delete/move etc anything and that includes hidden and system files as well. A great utility for browsing the windows hard drive from DOS is called Q-Dir and that would be the portable version. Another trick to have complete control of all windows files is to boot up a live Linux system from usb and browse that way with the sudo. In some instances when trying to access the windows hard drive from a Linux boot disk the windows disk will be locked and you cannot work with it. The fix , trick, is to do a restart from windows and when the screen goes blank showing windows is shut down press and hold the computer off button until the computer completely shuts down. Now boot up into your Live Linux and mount the windows hard drive . Using the root option then browse windows and do what you like! I like using a gui interface like Linux when doing operations on windows files because of all the file utilities available. :O)
At 14:00 or so - you need to presumably have to start something that will either act as a service or will do something before the service controller kills it. I thought services had a different entry point than ordinary applications, so I was surprised this approach worked.
To think this is basically the Windows equivalent of logging in as sudo, yet Reddit gets so agrressive about it because you can damage shit like. Yea that's the type of file access we're looking for-
The reason your Notepad didn't show up on your desktop is because you were running it from the "session 0" which does not have a desktop. So it was running, but couldn't display it's GUI.
John, is there resources that you would recommend to learn all of these in depth and technical windows aspects that most people don’t know? How do you go about learning all of this like win32, LSASS, etc
Fun story: I once had to install a sketchy "run executable as" app to run an antivirus installer as TrustedInstaller because a malware was preventing me from running the antivirus installer normally. The malware of course didn't have much of a chance after that.
The reason the service timeout errors occur is that you are running applications and not services, where service executables handle events and ate stateful based on them e.g. start, stop, pause, resume, etc
Oh I believe there are way more, even higher than what Windows is capable of exposing e.g. Ring 0. I think there are ways to go even higher than that as well.
James Forshaw's blog: www.tiraniddo.dev/2017/08/the-art-of-becoming-trustedinstaller.html
I love seeing the sentiment for "just run Linux", or "just boot into Safe Mode", or "just attach a recovery USB", etc., but I think in the case of leveraging this for a penetration test, red team engagement, or offensive security work, if it is a remote Windows target (where you can't change the OS or have physical access) you have to live off the land and the constraints of the environment. This process should be valuable when you've got initial access, escalated privileges, and can do further post-exploitation to do damage or set up some sneaky persistence -- you can't as easily make changes, but you can sure as hell run PowerShell code. Just an option and one of many ways to skin a cat :)
Cheers, was checking the comments for the link, wanna check it out myself and get some more context. Maybe pin it to the top (atm its somewhere down your own page)?
Great vid, cheers man.
@@daanmageddon Hmmm, it should be a pinned comment, and is now in the description -- sorry I hadn't had it there earlier! Thanks so much for watching! 💙
Challenge for you, try disabling the delivery optimization service without touching the registry.
(i don't know about windows 11 but its pretty tough on windows 10).
:3 Shalom.
:3 Reddit is thankfully just 200+ million Google Play downloads for how toxic it gets. Cesspool, indeed. I almost entirely avoid using it. A lot of inaccurate info, down voting anything they don't like, getting banned by groups easily, far-left cancer, far-right cancer, etc.
I've bricked my vm windows install 3 times this year since I found this channel, excellent video!!
If you use Linux, it is easier to brick your system! Give it a try lol.
@@vidal9747this is the way
@@vidal9747 its also easier to fix.
@@vidal9747 If your'e bricking anything, then you just dont know wtf youre doing isnt it lol
User: "can I uninstall Edge?"
Windows: "absolutely not."
User: "can I uninstall the Kernal"
Linux: "Let's find out!"
linux, afterward: "Welcome to systemd emergency mode!"
I want to like this fun and interesting content about getting back control of Windows, but at the same time I just see this as a bunch of BS steps to get around something that shouldn't have been in the way in the first place, it's so hard to be unbiased about OSs when Windows is this bad lol
@@bluelindenSystemd? More like grub recovery shell!
@@KCKingcollinIt's incredibly that in old machines, Linux LITERALLY GIVE YOU PERMISSION to destroy the BIOS of the system, that's how powerful it is.
@@SleepTime-Dark That's actually something I didn't know, that's kinda cool, but also sounds dangerous lmao
3:06 what stackoverflow is like now -
Q: "How do I do X"
A: "Why would you do that? dont do that." (if your lucky they give an alternative)
What it should be: "You *can* do that by doing this, but you this is the better way"
The problem is the commenters don't know how to do it themselves. And if they don't know something, no one should do that, right? ; )
gpt for the win | in this case
@@elijahjflowers GPT is only good for surface level stuff,i.e. questions that are already answered somewhere on the internet.
It's basically useless for any questions that aren't in some way already answered.
@@boltez6507 - GPT = a web-scraper mostly from Wikipedia, which you could do yourself in seconds with better focus. lol
That's known as a X Y problem
Now imagine deleting every single internet application apart from teamviewer and anydesk and calling tech scam call centers.
Amazing idea 😆
That shit would be hilarious
we do a little trolling
why imagine when you can do?
@@AjarnSpencer because I do not have the time, skill or patience to do it.
Reminds me of how on XP you could actually become System, complete with XP startmenu identifying as system.
Windows XP were the golden days of computers... I still have a VM on my PC where Windows XP Professional 64-Bit is installed... I even copy-pasted the Pinball Game into Windows 10 AND IT STILL WORKS despite being soooo goddamn old...
Also, you make great videos, i love them ❤
This to this date can happen if you run explorer.exe as TI or "NT Authority\System"
I think he didn't GUI of notepad.exe on 13:28 because he wasn't running explorer.exe as "NT Authority\System" (He ran privileged command prompt from Sysinternals as System)
I didn't know that :o
Man I *just* came here after watching one of your videos xd
@@HoneypawsModsDE I think they just scrapped it because they couldn't make it run native x64 in time and didn't want to use WoW64 🤔 One beauty of Windows, the backwards compatibility
Great to see you here Eric, I have been loving all your recent videos! 😁
Redditors are so aggressive about being wrong that it's quite comical.
the single worst thing about reddit is that you get suggestions and advice instead of answers when you come there with a question. I DO NOT ASK HOW BIG IS THE ROOM I SAID "I CAST FIREBALL"
I found Reddit to be an absolutely creepy place. Tried it for a short while…nope, not for me.
Reddit is a hivemind of group think. You made a great decision.
The entirety of the site is like that, everybody thinks they know everything and are aggressive as shit about everything. That's why I stopped using it.
Classic behavior.
Every single time i watch Jhon Hammond i look at myself and say :
I'm a noob in IT even though i was that strange kid that was obsessed over computers out of curiosity.
I was the only kid who hacked my school and sold wifi passwords for admin privilege at my first year of high-school.
I fixed my first laptop (from a friend) replacement with hardware when i was 11 but yet Jhon Hammond reminds me the learning curve in IT is ENDLESS!
*GOD I LOVE THE ENDLESS LEARNING*
I really enjoyed the way you broke this problem down. Add this to the list of follies that is Windows OS. Once Linux is fully able to boot whatever games I want I will fully drop windows. It’s so annoying to have to jump through so many hoops to delete programs from your own PC.
The fact that this is denied by Microsoft as a vulnerability, instead they call it "normal behavior" raises all kinds of red flags to me.
Not that Windows in itself wasn't one huge backdoor already... for all that matters I cannot check for myself as the OS is proprietary.
Fixing this exploit would probably put a lot of "cheap and easy" backdoors out of service as privileges would work much better.
I will only switch to Linux when le terminal™ is no longer used for everything (even the most basic thing), but that will never happen, which is bad because the only good thing it currently does is shutting down in less than a minute
@@revival_of_the_canned_justiceThat is incorrect, you can do everything without using terminal.
@@revival_of_the_canned_justice have u actually tried linux
Steam's work on Proton has greatly enhanced game compatibility on Linux in the past few years; if you last checked for compatibility before the release of the Steam Deck it may be worth taking another look.
There is a plugin for Process Hacker which allows you to start any process with TrustedInstaller permissions and even run GUI apps like cmd.
PSExec can do it via command line.
@@HEXiT_ triggering a dumb AV program is simply an elevated permission state. Get your plugin from the dev and you can turn AV off and just use MB's who are more than aware of Process Hacker.
Anyone with a modern PC should be using a VM to run Process Hacker on first anyway and if you aren't already then you haven't learnt that lesson yet.
Image your OS into a VM, test and then decide. Only kids run exe's or scripts on their gaming machines.
cmd is the exact opposite of a GUI app. It's descended of MS-DOS and was the equivalent of a Linux shell or...whatever BSD derived thing iFruit computers use. You have limited scripting and access to MS-DOS operating system executables like COPY, DELETE, etc.
Up to Windows 98, in fact, MS-DOS, or that same command prompt, bootstrapped Windows, and there were MS-DOS configuration files for Windows that probably caused a lot of headache for Microsoft, leading to what has been a slow, slow move away from it, starting with XP.
It remains as a useful artifact of the past, but if you use Windows Terminal in Windows today, the default tab will be a Powershell prompt.
Anyway, GUI stands for "Graphical User Interface."
@@NameThievery CMD by default opens as a terminal emulator and a shell. A terminal emulator is a GUI app. CMD is a GUI app.
@@HEXiT_ that could be said of anything. Stuff the fear mongering. Windows is literally spyware
Fixing the family computer when my dad broke it when I was a kid is what started my hacking journey and a lifelong love of computers. Break all the things!
Mine was breaking my dad’s XP install on his laptop by writing batch files and him making me fix it lol
I barely use that joke of a website but every time I've had to because there was no other option, 99% of my experience from reddit has been almost exactly what you showed in the video. Armchair redditors answering everything besides the question you're asking and in the most condescending way possible. I unironically have more competent conversations with people on /b/ than anywhere I've been forced to go on reddit.
Great video btw
Ublacklist lets you remove reddit or any other crap from coming up in searches.
Amazing how people on Reddit will just bash you over and over for asking a simple question, on a tech forum nonetheless. Absolutely ridiculous behavior from these people
Do you know a place where poeple are not like that ?
They're fake idiots farming karma. None of them would exist on a real hacking forum.
To be completely fair, the number of people I've seen complaining "hurr durr winblows bad because something broke while i was randomly changing registry values/acls/system files" over the decades suggests there is a huge number of Dunning-Krugers out there who really have no idea what they're doing.
Feel free to run out in the middle of the highway and play in the traffic, but don't expect me to help you.
@@throwaway6478 I'll help you play in the middle of a highway :)
sounds like rtfm neckbeards
"You have unlocked god mode."
"For more information on this issue..."
Guess what, recently Windows started harassing me with the win11 update by installing a program called RUXIM, and every time i deleted it windows just installed it back. So i changed the privilige from system to me, and i denied write access for system :d
I actually pulled an uno revers card on the system. " If I can't touch your files, then you can't touch mine"
Yes. Ruximics exe > Properties > Security tab > Advanced > Change Owner (from SYSTEM or TrustedInstaller to your user name) > Apply > Edit permissions > Deny ALL
So... let me get this straight: RUXIM helps keep Windows updated and performing well by scheduling and delivering necessary updates.. Why delet?
It doesn't do that. It pesters you to upgrade to 11. wuauclt.exe along with several other binaries handles system patches.
@@Mario583aaverage reddit comment
13:45 Notepad.exe is not a service binary.
"Service binaries are different in the sense that they must “check in” to the service control manager (SCM) and if it doesn’t, it will exit execution."
-specterops, Offensive Lateral Movement
Whoa, this was a great video with some even better enthusiasm!
Thanks for sharing this, I learned several new things and I have some new ideas for setting up security policies around the trusted installer or attempts to a abuse it. 🙏🙏🙏🔥🔥🔥
In other words, removing bloatware with the equivalent of Linux sudo
fr hahaha
Or delete the windows stuff through a secondary Linux os
I'm pretty sure it could also be used by a malicious software to remove the current antivirus and then install itself as TrustedInstaller to incrust itself into the system... Even better would be to replace the AV by a fake one so it takes more time for the user suspect anything wrong.
You can remove that stuff without such tricks in official ways you know.
@@Alfred-Neuman You don't need TrustedInstaller for that. An administrator can set the AV program without any additional rights. In fact every AV installer does this: register itself as the main antivirus program by setting a simple key in the registry, that is writeable by an admin.
Hahaha, this thumbnail aged like fine wine :D
How it was uploaded 8 days ago it doesn’t have time to age
Wait i dont get it
?
FyViRS6000mosixwablEatSDineroRobertsWaiDioReilyJSubJoustesPerAnt0!!
I absolutely love how cool this is and how much work went into this when you can just change the owner and delete the folder all within the Security tab 🤣🤣
You do amazing work John, it's always a pleasure to see your videos or guest appearances with others, keep it up 🔥🔥💪
(I also hope UA-cam doesn't come for you for mentioning TrustedInstaller like they did with Enderman... 😶🤫)
I was on the path to be a programmer, but I got kicked out of computer science in high school for getting caught having full access to the hd, bypassing the name/password.. I didn't keep up with it. I became a musician for the last 25 years and became really good at that, realizing now, If i would have continued my computer programming path, I'd be smart enough to follow all of this video, but now it's over my head.. lol.. The way he talks as if it's obvious to do this and that.. Shake my head and smile, the world is in the hands of people far smarter than I ... :)
That reminds me, but not as technical... I forget how I did it, but late 90s high school computer class, I made the login window on NT 4.0 show up as porn. On all 30 computers in the lab. I was on the shitlist from then on.
@@MattExzy I also guessed a student in another classes password, but they thought I hacked everyone's, so they made an announcement that everyone including the teachers all had to change their passwords... lol I told them the truth but they didn't believe me..
It's not about being smarter, it's about taking the time to learn. Your choice if you do it or not. Sometimes it's harder for intelligent people to learn things because they're not used to hitting barriers/hurdles, so the moment they do they simply stop. Those who are used to struggling often get further because to them hurdles are the norm.
@@roboverholt9959 In college I was not happy that they would not give me privileges on the lab computer I worked on (6 months from my CE) and thought a simple boot locker was sufficient to secure the systems so as a joke I accessed the boot locker and turned on the screen saver function and used "Micheal Angelo at Work !!!" as the bouncing text and came back the next monday to find out they had low level formatted all the internal systems at the school! LOL what a bunch of idiots.
@@LabelsAreMeaningless Its more difficult for more intelligent people to learn things that do not adhere to logic such as languages. When contradictory information just boils down to rote memorization the more intelligent among us will go off on tangents to find out why and how to fix the problem rather than just memorizing and moving on. And when they figure out how to fix the problem they will find out they are running into entrenched established institutional monoliths that will fight them tooth and nail rather than admit any wrong which is the first step to addressing change.
"...for I have become TrustedInstaller, destroyer of Windows."
--Barbara Millicent Roberts-Oppenheimer
As admin you can take ownership of the folder and then remove "Trusted installer" from the permissions, add yourself as full control and then delete the folder. Alternatively I removed trusted installer as a user from the local account, which breaks all the permissions, you can then take ownership of the whole drive, obviously this is a massive security risk though. This was on the first release of windows 10, this may be harder or impossible now. The other thing this does is prevents the os from doing updates as it no longer has permission to save updates to the staging folder it uses, so if you want an update you need to do it yourself
The reason you're getting the error when setting binpath for the service is because there are certain requirements for executables designed to operate as Windows services, one of which is to respond to queries from the service control manager. Obviously tools that aren't designed this way (like cmd.exe) don't respond and the service control manager thinks "this service is not responding and didn't start correctly." The reason you still see the executable being run is due to a small timeout that the service control manager uses to wait for the service to initialize.
The reason you can't see graphical applications like notepad is because services don't run under the local user session and don't have access to the desktop.
It’s seems like every new video John’s hair grows larger and flows further up and to the left maybe one day it will look like Johnny Bravo’s
Last I checked, Johnny Bravo did not have a beard nor a mustache.
Edit: I doubt Mr. Hammond will shave them off.
@@Mario583ameant more the height of his hair
You should be able to run a GUI app, you just need to flag the service to interact with the desktop. It's been a while since I have messed with with, but its an option for launching a service somewhere.
You can not do this past windows xp (early 7). Session 0, can not have window (CreateWindow does not work)
@@stanislavpetkov7408 Yeah I think I wanted to have a gui app run as a service in win10 and was sad after my research
I think I saw a video of enderman just doing that. Gui apps all worked except for explorer.exe if I remember correctly
It was possible in NT4 and 2000, because there the interactive user was on window station session 0. THis is now randomized and so this was intentionally killed.
@@Lofote really? I could have swore I have done it in XP and Win7 back in the day.
It might also be worthwhile noting that any process run in "Session 0" will always result be in a non-gui context. AFAIK "most" services are run as Session 0 meaning they will never have a GUI to interact with.
With windows you use the OS with linux,you *own* the OS
"It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error." - HAL 9000...
So MS trying to transform Windows in a smartphone again and locking the admin from his own files. Miss the old days of NT4 where being part of Administrator's group already gave you all this, like Dave Cutler wanted.
Love watching CMD - powershell users. This is way above my pay grade, but I love peaking behind the curtain.
Great video, very informative! Thanks for sharing your knowledge!
get out
thank you chatgpt
Here specifically to spite UA-cam not letting you get ad dollars on this. Great content as always. It's a nice break from my web app pentest studies
Penetration testing doesn't matter when you give away the credentials or other valuable information directly in the software. Keep it in mind and keep on keeping on. Best to ya.
@@MrChrisRP I appreciate that got a code injection that allowed me to etc/passed the other night and it made me extatic
I thought this is today’s video, you actually time travelled!
Always something to learn. Great job, John. Thx.
Always fun John, thanks!
I did a lot of this research a few years ago and got stuck where you were at like 12:45. This is awesome, seeing the next steps I could never quite get. Will be removing windows defender from my computer as soon as I get home
That thumbnail was kind of prophetic, it seems 😂
a bored guy at crowd strike followed the tutorial, I suppose
Great. Had some issues with TI and at the end I forced to reinstall windoes but the path for beging forced to delete my windows was actually educative.
14:00 notepad isn't showing up because services are started in Session 0, it's a special windows session (like being logged in as another user that would also be a different session), you can even see it in process explorer :)
This a comment about the responses to the reddit posts in the video. It is more of an anecdote, really. The year was 1992 and my parents surprised me by giving me my own pc. It was by all means barebones, even in those days. It was a AMD 80386DX 40 mhz with 4mb of RAM. There was no sound card or CD-ROM. And of course no modem or network. And the hdd was only 120 MB. My dad being the computer guru he was, had setup MS-DOS 6.0 and Windows 3.1 along with a carefully selected Word processor ( my teachers at the time were very leary of me wanting to type out my assignments on a computer. So my dad heard out their concerns and chose a very basic wysiwyg word processor - dos based, of course). My dad also installed a menu frontend and passworded it. I couldn't exit or use the only game on the system ( a shareware copy of Tank Wars) without it. I also could not access the command prompt or windows. But.... Guess what.... It took all of two minutes to break out of the menu front end. Lol. So I began exploring my new PC. Back then security was pretty non-existent in windows. So my explorations pretty quickly made windows start malfunctioning. It started doing weird things.... Clicking any icon to open it in program manager would cause the program icon to duplicate. Things like that. I did not know what I was doing.... Any ways, things kept going like this, and my dad ended up having to reinstall dos and windows several times, until he told me if I screwed up my system again, then that was it. Naturally, being 12, I ignored him and his attempts at locking things down even further. I ended up with a big pc sized paper weight for 6 months. Then my mom finally got involved. She convinced my dad to make a copy of the dos and windows disk ( three dos floppy's, and 6 windows floppies) and gave them to me. He told me that if I screwed up the floppies, then that really was the last time, and he would even take the PC away. I didn't screw those up. But I did end up reinstalling the os multiple times before too long. Eventually it got to where I only screwed things up and needed a reinstall maybe once a year. These days the interval is much longer. Anyways.... Some people learn by doing. No amount of warning or telling will do any good. I think the poster asking about how to become a trusted installer just needed to experience his mistakes to learn that he shouldnt do that. And if he needed to reinstall Windows as part of the process, the isnt that just a part of the process? FYI... I would have posted this on the the reddit, but the thread was locked.
0:39 you could use iobit unlocker and unlock and delete it
I like plain old simple unlocker. Iobit software with all their boosters and stuff feels like something that might end up on a ctf machine because it has a vulnerable service.
Love how the NTAPI undocumented functions website looks like an old school help file!
so it was you
why was this so fun to leave on the background
this thumbnail has not aged well 🤣
Or amazingly well!
what happened? I've been living under a rock.
@@WarLightning042watch his most recent video
Global computer/server outages due to solar winds endpoint security update causing BSOD on all windows machines it was pulled to. Hospitals, airlines and other critical infrastructure affected worldwide
Crowdstrike not solar winds@@bjangles8718
Finally you upload John
reddit used to be a cool place to get help and meet great people. Today it's complete garbage, highly politicized, and just down right filled with wrong information. I miss old reddit before mods ruined the site.
Cool video I always wanted info on Trusted Installer.
Windows: "Noooo you can't uninstall critical software it will brick your installation noooo!!!"
Linux: "Hahah rm -rf / go brrrrr"
The only reason anyone would type that is if the FBI came knocking on your doors (that says a lot about you guys, honestly 🤨)
@@revival_of_the_canned_justiceits called a joke bruh 😐 its funny because WE all understand that unlike you apparently
@@surr3ald3sign I know what it does, you fanboy
@@revival_of_the_canned_justice they were talking about what a joke is not rm rf you unfilled water bottle
There are also the "Network Service" and "Loacl Service" users, I saw that some of my services were running at those "accounts", so what are those?
"SYSTEM" has full admin privileges
"Local Service" has privileges similar to a regular non-admin user
"Network Service" has the same privileges as "Local Service" but it can use the computer's identity. This one is a bit complex:
First off, if there is no central password management server, "Local Service" and "Network Service" are the same. Otherwise...
Assuming...
* You're in a university with an "Active Directory Domain Controller" server that manages the users and passwords for the entire network
* There's a shared network folder Z:\
* You are logged on as user "Steve" on the PC "Library-01"
Then...
* GUI programs on the desktop will access the shared folder as "Steve"
* "Local Service" will try to access the shared folder as a guest with no password
* "Network Service" will access the shared folder as "Library-01$"
Hope this makes sense.
@@haraberu Thanks for the explanation 😛 Even though I didn't understand 50% of it the first time I read it, but I quess these "accounts" just exist because some software requires these special properties to work.
yeah I noticed. I WAS expecting a seperate video but this is perfect. Thanks.
Owls need HUGS
@@Margen67 Indeed. :D
Challenge for you, try disabling the delivery optimization service without touching the registry.
(i don't know about windows 11 but its pretty tough on windows 10).
Also I don't even know why it can't be disabled even after taking ownership of its parent service i.e. the infamous svhost.
"King Osirus" ->Great Observation and Reporting.
Or just run NSudo and run the process with TI priv
THANKS FOR TEACHING ME THIS POWER, FELLOW JOHN!!
it's your fault, wasn't it john?
why do i keep seeing these comments?? i dont get it
@@Jxhsxn we know what you did.
@@Jxhsxnidk but based on the user of the username of the commenter, it’s a bot. And for the person who replied to you, probably just a troll
i think im ben, not john smith in this tangent man...
Your voice is amazing. You would be killer in sales.
Meanwhile in Linux the root user is all powerful, and requires none of this weird working around
Yeah, any admin can just do "sudo su" and tad-dam! Full system acess granted, i can even delete Windows protected files mounted on Linux.
@@SleepTime-Dark any way i can use rm -rf to remove depression?
I actually used some of this one time. I had installed the SSD from my old laptop as a second drive in my new laptop. I had some large and important media on it so I didn't want to reformat it, because I didn't have enough spare diskspace to copy it to first. So figuring out how to dupe TrustedInstaller entries in the ACL was the only way to make the hard drive look like a normal secondary harddrive.
Does the SYSTEM and/or TrustedInstaller privilege thing run at the kernel level, or just a very high privilege level outside the kernel?
2nd Question: Are all kernel drivers and other kernel software running *in the ntoskrnl.exe process* OR *outside the ntoskrnl.exe process* in a service or something?
for 1) trusted installer is just a dummy privilege used to own system files (think component store/winsxs and msstore) to prevent malicious modifications and accidental deletions. it isn't a security boundary and is unrelated to the kernel.
ill leave 2 for someone with more expertise regarding the kernel.
Kernel mode drivers run in the same context as the kernel, and on windows, they generally use the native Windows API. But they do not necessarily need to interact with the OS. If they're launched via a UEFI bootstrapper they can technically run entirely platform independent. They can directly interact with hardware through interrupts, PCI lanes, and unvirtualized memory addresses. They don't _have_ to, but they can. Therefore, they're not resident in any specific process unless injected. They do often operate on Windows via svchost as a service, though, since this is a simple way to manage such low-level drivers. This is why the SC command is typically used to launch them. However, note that services and kernel mode drivers are not the same thing! The kernel mode driver has far less restrictive permissions. Therefore, the service needs to be specifically configured to launch such drivers in the proper context.
@@Mavendow Thank you for the VERY detailed explanation of the second question ❤
I didn't know that drivers could be launched via a "UEFI bootstrapper". I thought that the only task for the BIOS/UEFI relating to the OS was to launch the "OS boot instruction code" (or BOOTMGR for the Windows OS), but from what I understood from your speech, there are other capabilities as well such as loading drivers.
@@privatechannel1272 Yes, this is how the LAN and USB works in some modern UEFIs. It would be a hassle to hardcode every individual motherboard's configuration. Drivers basically expose hardware properties to specific memory addresses that other firmware or software can hook, therefore a driver written without proprietary code can technically work in any context. Though, in the case of Windows, DLL/SYS itself is proprietary. More often these will be compiled as SO or shared objects.
@@xorgfx-y4l Thank you for clearing up my ignorance 👍
The smiling blue screen isn't real, it can't hurt you.
*This thumbnail*
Windows is an absolute unfixable disaster.
It's fine for plebs like me.
@@KK-eg3em Until they blue screen you or use the recall feature
;)
You can install Take Ownership which lets you take ownership of the file so you can edit or delete it. I used to do that on Windows 7 and 8 when I was using it. You could also unlock God Mode by editing the Windows Explorer file by typing in a registry key. I don't know if that's changed on Windows 10 because I am using Linux now.
you don't need to install anything to take ownership you can do it from windows explorer or the command line already
That "GOD MODE" probably got many people clicking on this video :D
As you can attest! Lol
This brings me back to high school,
I used to screw with settings enough that I was able to access the trusted installer security pass,
Since I was a TI, I had the access to change the permissions for every other file system on my laptop, and every other device on the schools local network,
Good times, good times,
Also, if you just tap the change button in the properties settings, if you are already TI, then you’ll be able to change the highest access to modify those files to the user group and just be able to access TI restricted files and turn them into user accessible files,
Recommendation.. fuck around and find out
well well well
It's a deep subject! 🙃
Liked, commented and subscribed. Nice video, thank you.
Linux, Linux and Linux
Parrot OS and Mint are fantastic
Tetris , tetris, and tetris
Too many bugs and insecure asf. all hobby projects. For serious stuff NO. For fun def yes
@@atorik1076 it's fine to be ignorant on the internet, but hopefully not irl.
If Linux were really to be a hobby project, it shouldn't be used as servers by Microsoft itself. RedHat literally exists, that's a hobby project?
@@atorik1076how to sound like a moron
This brings back the feelings of system privs with the at command on XP
Bro has never heard of Advanced Run...
Nice Man U Have Clearly Earned My Sub This Is A Game Changer 100% Thank You
Classic reddit bullshit
> Tries to ask how to do this to learn for education ONLY
> Cue the cesspool of bullshit "DO NOT DO IT, IT WILL DIE"
People, PEOPLE WANT TO LEAAAAAARN
Thanks John. Very helpful unlike the first top Google results. 😡
We knew the world would not be the same. A few people laughed, a few people cried, most people were silent. I remembered the line from the Hindu scripture, the Bhagavad-Gita. Vishnu is trying to persuade the Prince that he should do his duty and to impress him takes on his multi-armed form and says, “Now, I am become Death, the destroyer of worlds.” I suppose we all thought that one way or another.
Or: "Now I am become TrustedInstaller the destroyer of Windows"
That thumbnail has been really popular the past few days 😅
I don’t understand any of this but I find it enjoyable
TrustedInstaller is so called Well-Known Security Principal, it is not visible in the local SAM database and is built-in the OS
Good to see you're back.
"Complete and unrestricted access to the computer" is not the same as "complete and unrestricted control over the computer."
This is sooo Microsoft. They have a long history in practically every product where admin isn't admin, removal doesn't remove, hidden and then there's extra hidden, etc.
"Now i become TrustedInstaller the destroyer of windows"
~J. Robert Oppenheimer
You should be able to launch UI apps from a service (eg TrustedInstaller) when you configure the option 'allow interaction with the desktop' on the service. Windows will then ask you to open a separate user interface which in turn will show the service app on screen.
Thanks, awesome video
And thank you for inventing Jurassic Park.
I have a legal question:
(Note: using analogy here, no demand for accuracy is required to make the point.)
If "Trusted Installer" is the Windsows OS owned by Microsoft, akin to an OS installed on an electric app-capable vehicle owned by the same vehicle company, the subscription service to make the car's computer work is what makes the vehicle function, the lease or owner has a no-right-to-repair clause because both the vehicle and the OS are proprietary, the same we would expect of a Microsoft computer running Windows, just like Google runs Chromebook.
Ok, so just like we'll never see a truck OS on a jeep vehicle, we won't see Windows on a Chromebook, not without extensive modification and agreement between companies for such, so an agreement-to-modify exists. So....why is Windows operating a Trusted Installer limitation on non-Microsoft computers where it doesn't have authority to compel an owner to operate their computer to OS standards not designed explicitly for it? The OS must match the device for it to function, be it a vehicle or computer, in order for tangible operations to match digital limitations, whereby the digital is limiting the tangible, like how Windows wouldn't be compatible to a Chromebook inherently, the agreement to modify must prevail, with or without license? I say this because purchasing Windows OS is not requiring a Microsoft computer explicitly.
You are, and i mean this as close to literal as possible, comparing apples to oranges here... first off trustedinstaller is not the OS, it is just a brick wall within the windows os designed to keep idiots from bricking their system and has been used to also protect their bloatware. And second do you remember the part of your windows installation where it said something to the effect of "terms and conditions" you are literally agreeing to everything they do, and a chromebook is infact designed to run on the windows os idk what tf you think it runs on, so that part of your "point" literally meant nothing. And to rain on your parade some more, if you own a computer of any kind, odds are microsoft owns some part or all of it bc they own like 90% of all computer technology atp bc they just buy out any competition. Go ahead and look up who owns all those different companies that make the parts in your computer and youll notice, unsuprisingly, that microsoft either owns them or owns a major part of their company and thus more or less owns them anyway. And imma just absolurely rip on you now for that last part "the os must match the device in order for it to function" factually incorrect as the os and the hardware are 2 VASTLY different and incomparable things, the hardware provides the body and the os provides the brain (see THATS how you make an analogy that makes sense in this context btw) the reason vehicles work differently is bc each vehicle company functions ENTIRELY inpdepandant of one another where as consumer use computers are made by many different companies all working together (and still ofc microsoft owning an uncomfortable majority of them bc they are a monopoly) so to attempt to actually answer your question is pointless bc you have a general misunderstanding of even the base concept of software versus hardware and have failed to make a question that makes any form of sense, itd be like if i asked you what your favorite color of the alphebet is, it doesnt make any sense bc thats not even remotely how either of those things work, does that kinda help guide you towards the general idea of what im trying to tell you?
The way I get rid of ANYTHING I want on windows is to boot from the usb recovery disk offered by windows and then drop to a cmd prompt. I can then dir/delete/move etc anything and that includes hidden and system files as well. A great utility for browsing the windows hard drive from DOS is called Q-Dir and that would be the portable version. Another trick to have complete control of all windows files is to boot up a live Linux system from usb and browse that way with the sudo. In some instances when trying to access the windows hard drive from a Linux boot disk the windows disk will be locked and you cannot work with it. The fix , trick, is to do a restart from windows and when the screen goes blank showing windows is shut down press and hold the computer off button until the computer completely shuts down. Now boot up into your Live Linux and mount the windows hard drive . Using the root option then browse windows and do what you like! I like using a gui interface like Linux when doing operations on windows files because of all the file utilities available. :O)
The more I lean about how Windows wants to control you the more I wish to move to Linux. I think I might do that soon.
At 14:00 or so - you need to presumably have to start something that will either act as a service or will do something before the service controller kills it. I thought services had a different entry point than ordinary applications, so I was surprised this approach worked.
I subbed because I liked your beard. Second, your IT knowledge is somewhat refreshing.
To think this is basically the Windows equivalent of logging in as sudo, yet Reddit gets so agrressive about it because you can damage shit like. Yea that's the type of file access we're looking for-
Ownership and control is Power Trip for tech companies. "We own you."
The reason your Notepad didn't show up on your desktop is because you were running it from the "session 0" which does not have a desktop. So it was running, but couldn't display it's GUI.
I listened to you talk in another tab for 21 minutes before realizing you're not ActionRetro. Y'all sound so alike.
John, is there resources that you would recommend to learn all of these in depth and technical windows aspects that most people don’t know? How do you go about learning all of this like win32, LSASS, etc
@John Hammond how do you do that scrolling-thingie @1:48?
Fun story: I once had to install a sketchy "run executable as" app to run an antivirus installer as TrustedInstaller because a malware was preventing me from running the antivirus installer normally.
The malware of course didn't have much of a chance after that.
Just reminds me how much efforts put when researching such windows stuff...
The reason the service timeout errors occur is that you are running applications and not services, where service executables handle events and ate stateful based on them e.g. start, stop, pause, resume, etc
HAMMOND!
DON'T DO IT HAMMOND
Oh I believe there are way more, even higher than what Windows is capable of exposing e.g. Ring 0. I think there are ways to go even higher than that as well.