- 12th January 2009 at 15:13 #43580
EDIT: DO NOT DOWNLOAD OR USE. AT ALL. IT DOES NOT WORK FOR SOME REASON, AND WHEN I USED IT ON AUTHUI.DLL, IT CAUSED MY LOGON SCREEN TO BREAK AND I HAD TO CLEAR PERMISSIONS IN A RECOVERY ENVIRONMENT. I AM FIXING THIS NOW.
EDIT2: I honestly have no idea why this doesn’t work. Sorry for such a useless waste of a topic, I am completely stumped as permissions are IDENTICAL to the original minus the auditing which i’m pretty sure isn’t needed. The system refuses to read the authui.dll and the logon screen breaks… WHY!
With that said, I will leave this here just incase a very smart and kind person wants to look at the batch file, test it, and find a solution, and have me kiss their feet shortly after 😛 Original post below.
What Is This?
Well guys, I made a script to restore your modified/modded system files to proper ACL/security settings, it will restore them back to the default of TrustedInstaller the way it was before you ever touched it – 100% correctly.
Part of the reason why Windows Vista/2008 is so secure, both locally and remotely, is the addition of the ‘fake’ user known as TrustedInstaller. It is technically part of SFP [System File Protection] and is a simple yet effective way for protection from unauthorized modification/editing/deleting of critical system files, not to mention stopping virus’s and trojans and other malware from “injecting” or “piggy-backing” onto your OS’ system data. One of the bad things about the cool modding of our system data to make it more fancy and personalized, not to mention the Server 2008 Workstation project here, is that we loose this security on files we modify.
Now we can easily restore the permissions back to the 100% defaults for critical system files after modifying/replacing them!
Any limitations, flaws or bugs?
Yes there is one sadly – I do not know how to set auditing for a system file via the commandline, so this is blank instead of the “Everyone=Special” auditing that usually applies to most system files [such as system32authui.dll for example]. I have no idea if this even matters though – all of my personal files have blank auditing on them, and I myself don’t exactly know what auditing is…. i’m not an IT Pro, just a Windows enthusiast :geek:
Also, entire directories are not supported for safety reasons – please select individual files only!
Thirdly, please only use it on system files that reside in the Windows folder you are CERTAIN are supposed to be TrustedInstaller! Because it will remove all “administrators” and “
” permissions from the file! It is an opposite to the popular “Take Ownership” shell extension.
Download and Instructions
First decide which version you want. The default one will tell you the file you selected, asking for keystroke before starting, and list success/failure of the steps taken, then say done and ask for keystroke to close. This is useful for testing purposes, or if you like to make sure that it actually worked properly.
The second version, “Quiet”, will just do it straight away. This is good if you just want it to be faster and trust that it will always work on your files [as you won’t see success or failure] 😉
[attachment=0:3b0gg8pe]TrustedInstaller Restore [Quiet].exe.rar[/attachment:3b0gg8pe]
Either extract the RAR file to your Send To folder, found at “%APPDATA%MicrosoftWindowsSendTo” (copy that line, between the double quotes, into Start > Run to get threre) or you can simply remove the .RAR extension as they are also self extracting EXE’s, which will default to the correct folder for your convenience =)
I shouldn’t have to say this, but I will… they are not virus infected. If you are worried about virus, just extract with WinRAR and don’t rename to .exe 😉
Well, that’s pretty much it – it will appear in your Right Click > “Send To” menu! Now you can protect your system files back to the way they were 😀
P.S. It is a batch file, nothing more. Public domain/freeware/open source/whatever, do what you want with it, give me credit or not it’s up to you I don’t care 🙂 Hope you enjoy! Peace!
- You must be logged in to reply to this topic.