What is the Safest way to Delete "Trusted Installer" files and folders? Win7

Question

There are many tutorials on wasting the permissions, or taking over permissions, and even removing permission for the "trusted installer" most of the tutorials can have serious ramifications.

If a person wants to remove a single file or folder item, that is presently owned by the "trusted installer". At the same time the person does not wish to make changes beyond removal of that item.

If a person would want to do that in 1 click, instead of 10. That is is done within the GUI of the OS not the command prompt, If the person was Admin. Booting into a Unix/linux operating system is not 1 click :-) No Linux operating system exists in the scenario.

What have you found to be the quickest way to remove a "trusted installer" permissioned item , without making changes beyond that , that have ramifications beyond the removal of the item?

It is understood that the removal of the item itself is not deemed to be "safe" or that its removal does not have ramifications. That is not the question.

Example item for reference and testing: This folder C:\Windows\System32\zh-CN

score 3 · Accepted Answer · answered Sep 29 '11 at 00:25

I found a custom "Take Ownership" you can install. This is for XP but should work for W7 also. You might set a manual restore point before applying this change.

The Context Menu entry "Take Ownership" is actually three separate commands. It first opens a Command Prompt window using cmd.exe, then runs takeown.exe to take ownership of the item you click on, and if it's a folder, takes ownership of the files and subfolders as well. If that is successful (and only if it is successful), it then runs icacls.exe to grant the Administrators Group Full Control permission, also done recursively if it's a folder. If takeown.exe fails you don't want to run icacls.exe as it will likely fail as well, but in some rare cases takeown.exe may return an error even if it succeeded, so icacls.exe never runs, so the permissions never get applied. Plus, the way it is configured depends on the system PATH variable to be able to find cmd.exe, takeown.exe, and icacls.exe, if any of those can't be found, it will fail, but the user may have no indication that it didn't work. And the .exe extension is not specified on takeown or icacls, so malware could easily replace those commands with a batchscript file located in another folder found earlier on the path, and could trick a user into clicking OK on a UAC prompt that will run malware instead of the Take Ownership option they think they are running.

I found a better version 2 that specifies the complete path to the file using the Systemroot variable, and uses the full file name including the extension.

Open an empty text file and copy the text below into it, then save it, then change the file extension to .reg then right click on it and select merge.

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT*\shell\runas\command] @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 63,00,6d,00,64,00,2e,00,65,00,78,00,65,00,20,00,2f,00,63,00,25,00,53,00,79,\ 00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,\ 73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,20,00,74,00,61,00,6b,00,65,00,6f,\ 00,77,00,6e,00,2e,00,65,00,78,00,65,00,20,00,2f,00,66,00,20,00,22,00,25,00,\ 31,00,22,00,20,00,26,00,26,00,20,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,\ 00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,\ 33,00,32,00,5c,00,69,00,63,00,61,00,63,00,6c,00,73,00,2e,00,65,00,78,00,65,\ 00,20,00,22,00,25,00,31,00,22,00,20,00,2f,00,67,00,72,00,61,00,6e,00,74,00,\ 20,00,61,00,64,00,6d,00,69,00,6e,00,69,00,73,00,74,00,72,00,61,00,74,00,6f,\ 00,72,00,73,00,3a,00,46,00,00,00

"IsolatedCommand"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 63,00,6d,00,64,00,2e,00,65,00,78,00,65,00,20,00,2f,00,63,00,25,00,53,00,79,\ 00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,\ 73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,20,00,74,00,61,00,6b,00,65,00,6f,\ 00,77,00,6e,00,2e,00,65,00,78,00,65,00,20,00,2f,00,66,00,20,00,22,00,25,00,\ 31,00,22,00,20,00,26,00,26,00,20,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,\ 00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,\ 33,00,32,00,5c,00,69,00,63,00,61,00,63,00,6c,00,73,00,2e,00,65,00,78,00,65,\ 00,20,00,22,00,25,00,31,00,22,00,20,00,2f,00,67,00,72,00,61,00,6e,00,74,00,\ 20,00,61,00,64,00,6d,00,69,00,6e,00,69,00,73,00,74,00,72,00,61,00,74,00,6f,\ 00,72,00,73,00,3a,00,46,00,00,00

[HKEY_CLASSES_ROOT\Directory\shell\runas\command] @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 63,00,6d,00,64,00,2e,00,65,00,78,00,65,00,20,00,2f,00,63,00,20,00,25,00,53,\ 00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,\ 79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,74,00,61,00,6b,00,65,00,6f,\ 00,77,00,6e,00,2e,00,65,00,78,00,65,00,20,00,2f,00,66,00,20,00,22,00,25,00,\ 31,00,22,00,20,00,2f,00,72,00,20,00,2f,00,64,00,20,00,79,00,20,00,26,00,26,\ 00,20,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,00,63,\ 00,61,00,63,00,6c,00,73,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,00,31,00,\ 22,00,20,00,2f,00,67,00,72,00,61,00,6e,00,74,00,20,00,61,00,64,00,6d,00,69,\ 00,6e,00,69,00,73,00,74,00,72,00,61,00,74,00,6f,00,72,00,73,00,3a,00,46,00,\ 20,00,2f,00,74,00,00,00

"IsolatedCommand"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 63,00,6d,00,64,00,2e,00,65,00,78,00,65,00,20,00,2f,00,63,00,20,00,25,00,53,\ 00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,\ 79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,74,00,61,00,6b,00,65,00,6f,\ 00,77,00,6e,00,2e,00,65,00,78,00,65,00,20,00,2f,00,66,00,20,00,22,00,25,00,\ 31,00,22,00,20,00,2f,00,72,00,20,00,2f,00,64,00,20,00,79,00,20,00,26,00,26,\ 00,20,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\ 25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,00,63,\ 00,61,00,63,00,6c,00,73,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,00,31,00,\ 22,00,20,00,2f,00,67,00,72,00,61,00,6e,00,74,00,20,00,61,00,64,00,6d,00,69,\ 00,6e,00,69,00,73,00,74,00,72,00,61,00,74,00,6f,00,72,00,73,00,3a,00,46,00,\ 20,00,2f,00,74,00,00,00

Source of Information

score 2 · Answer 2 · answered Dec 13 '13 at 23:25

A few years too late, but here is a working example of the Take Ownership command, have included multi-lingual safe Well Known SID (S-1-5-32-544) of Administrators group to prevent failure of icacls command on non-english locales.

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\*\shell\runas]
@="Take Ownership"
"NoWorkingDirectory"=""

[HKEY_CLASSES_ROOT\*\shell\runas\command]
@="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant *S-1-5-32-544:F"
"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant *S-1-5-32-544:F"

[HKEY_CLASSES_ROOT\Directory\shell\runas]
@="Take Ownership"
"NoWorkingDirectory"=""

[HKEY_CLASSES_ROOT\Directory\shell\runas\command]
@="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant *S-1-5-32-544:F /t"
"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant *S-1-5-32-544:F /t"

What is the Safest way to Delete "Trusted Installer" files and folders? Win7

2 Answers2