After changing the ownership of executables in the Windows directory (explorer.exe
, regedit.exe
, etc.), I can't seem to change it back to TrustedInstaller
using icacls.exe
. Using the GUI method (Properties → Security → Advanced → Owner) works fine though.
Doing the same thing to any other file under Windows, that is not an executable, works fine. Tried the same under safe-mode, no luck.
These are the 2 basic commands I'm using:
takeown /F C:\Windows\explorer.exe /A
icacls C:\Windows\explorer.exe /setowner "NT SERVICE\TrustedInstaller"
Edit: Forgot to mention the error I'm receiving is 'Access denied'.
C:\Windows\System32>takeown /F c:\Windows\explorer.exe /A
SUCCESS: The file (or folder): "c:\Windows\explorer.exe" now owned by the administrators group.
C:\Windows\System32>icacls c:\Windows\explorer.exe /setowner "NT SERVICE\TrustedInstaller"
c:\Windows\explorer.exe: Access is denied.
Successfully processed 0 files; Failed processing 1 files
Best Answer
So the title says restoring TrustedInstaller.
Seems there is a missing part; removing the added Administrators group permissions.
Reference: https://ss64.com/nt/icacls.html