1

The computer is running 64 bit Windows 10 Home - but this would probably apply to any fairly recent Windows OS (like from Win 7 on?).

A friend asked me for some help - isn't that always the way? They wanted install a piece of software (an Adobe PDF Reader - but it's not really important) and were getting a permission denied error. Some other software on the computer had stopped working too.

After a little bit of looking I determined they were logged on with an administrator account but still getting the permission denied messages. When I looked into the folder of the application that wasn't running properly I wasn't permitted to see the permissions. I also couldn't give ownership to the "NT SERVICE\TrustedInstaller" account. I obtained ownership for the current account and then saw that the permissions had essentially been wiped out. I looked up default permissions and went about applying them. Users, and Administrators were no problem - but when I got to the "NT SERVICE\TrustedInstaller" user Windows reports the account can't be found (which explains why I couldn't give ownership to it).

I have found many articles on SuperUser and other sites explaining how to assign permissions to the "NT SERVICE\TrustedInstaller" but my problem is that the account doesn't exist. (For example: Reset default ACLs for C:\Program Files\WindowsApps)

  1. Can I create the account (how to create a system account?)
  2. How serious is this issue - I can definitely get things running for this user for now but I suspect future problems
  3. Guesses about how it happened? - I'm suspecting a Windows Update, but of course malicious software could be a problem (virus checker reports no current problems)

Thanks

Jimbugs
  • 121
  • 5
  • In the end I got the computer running acceptably - it was an old computer and was slated for replacement so the expectations were low. – Jimbugs Oct 28 '22 at 14:00

2 Answers2

0

Such extensive damage cannot happen by accident.

Your friend's computer is most likely infected with a nasty virus that took care to become impossible to uninstall.

I don't suggest to "fix" the problem. If you wish to be safe, you should reinstall Windows and all applications from scratch, after taking backups. Do not install again the application that trafficked the permissions on its own folder. Install more protections and explain to your friend what precautions to take in order to surf safely on the internet.

To know more, see the post
How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC?

harrymc
  • 455,459
  • 31
  • 526
  • 924
0

NT SERVICE\TrustedInstaller (also known as TrustedInstaller) is an internal windows service that allows modification of protected system files during system updates, or a windows install for example. It also blocks you from deleting or modifying core files yourself.

If you really want to know where the account path is then it's here: C:\Windows\Servicing\TrustedInstaller.exe (It doesn't have a physical user account, like I said it's just a service)

You should leave this alone, as it is critical to your system. DO NOT delete this!

Also if you're wondering, TrustedInstaller runs in the NT AUTHORITY\SYSTEM account.

Donald Duck
  • 2,473
  • 10
  • 29
  • 45
Epic Gamer
  • 3
  • 2
  • the account was already gone - when I tried to assign permissions (as seen on another computer) Windows reported no such account. – Jimbugs Oct 28 '22 at 13:58
  • For assigning permissions to TrustedInstaller (lets say changing to owner to TrustedInstaller), then type this: NT SERVICE\TrustedInstaller. Hope that helped! – Epic Gamer Oct 29 '22 at 03:17
  • yes, tried that -- "account not found" it seems like there is no answer, and the real fix would be to reset or reinstall Windows – Jimbugs Oct 30 '22 at 16:52
  • Seems like at that point you can just give the ownership to SYSTEM and it should be fine – Epic Gamer Jan 08 '23 at 14:41