1

The computer is running 64 bit Windows 10 Home - but this would probably apply to any fairly recent Windows OS (like from Win 7 on?).

A friend asked me for some help - isn't that always the way? They wanted install a piece of software (an Adobe PDF Reader - but it's not really important) and were getting a permission denied error. Some other software on the computer had stopped working too.

After a little bit of looking I determined they were logged on with an administrator account but still getting the permission denied messages. When I looked into the folder of the application that wasn't running properly I wasn't permitted to see the permissions. I also couldn't give ownership to the "NT SERVICE\TrustedInstaller" account. I obtained ownership for the current account and then saw that the permissions had essentially been wiped out. I looked up default permissions and went about applying them. Users, and Administrators were no problem - but when I got to the "NT SERVICE\TrustedInstaller" user Windows reports the account can't be found (which explains why I couldn't give ownership to it).

I have found many articles on SuperUser and other sites explaining how to assign permissions to the "NT SERVICE\TrustedInstaller" but my problem is that the account doesn't exist. (For example: Reset default ACLs for C:\Program Files\WindowsApps)

  1. Can I create the account (how to create a system account?)
  2. How serious is this issue - I can definitely get things running for this user for now but I suspect future problems
  3. Guesses about how it happened? - I'm suspecting a Windows Update, but of course malicious software could be a problem (virus checker reports no current problems)

Thanks

Jimbugs
  • 121

2 Answers2

0

Such extensive damage cannot happen by accident.

Your friend's computer is most likely infected with a nasty virus that took care to become impossible to uninstall.

I don't suggest to "fix" the problem. If you wish to be safe, you should reinstall Windows and all applications from scratch, after taking backups. Do not install again the application that trafficked the permissions on its own folder. Install more protections and explain to your friend what precautions to take in order to surf safely on the internet.

To know more, see the post
How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC?

harrymc
  • 498,455
0

NT SERVICE\TrustedInstaller (also known as TrustedInstaller) is an internal windows service that allows modification of protected system files during system updates, or a windows install for example. It also blocks you from deleting or modifying core files yourself.

If you really want to know where the account path is then it's here: C:\Windows\Servicing\TrustedInstaller.exe (It doesn't have a physical user account, like I said it's just a service)

You should leave this alone, as it is critical to your system. DO NOT delete this!

Also if you're wondering, TrustedInstaller runs in the NT AUTHORITY\SYSTEM account.

Donald Duck is with Ukraine
  • 2,629
Epic Gamer
  • 3