Windows 7 – Restoring ‘TrustedInstaller’ as Owner for Executable

command linepermissionswindows 7

After changing the ownership of executables in the Windows directory (explorer.exe, regedit.exe, etc.), I can't seem to change it back to TrustedInstaller using icacls.exe. Using the GUI method (Properties → Security → Advanced → Owner) works fine though.

Doing the same thing to any other file under Windows, that is not an executable, works fine. Tried the same under safe-mode, no luck.

These are the 2 basic commands I'm using:

takeown /F C:\Windows\explorer.exe /A
icacls C:\Windows\explorer.exe /setowner "NT SERVICE\TrustedInstaller"

Edit: Forgot to mention the error I'm receiving is 'Access denied'.

C:\Windows\System32>takeown /F c:\Windows\explorer.exe /A  
SUCCESS: The file (or folder): "c:\Windows\explorer.exe" now owned by the administrators group.

C:\Windows\System32>icacls c:\Windows\explorer.exe /setowner "NT SERVICE\TrustedInstaller"  
c:\Windows\explorer.exe: Access is denied.  
Successfully processed 0 files; Failed processing 1 files

Best Answer

So the title says restoring TrustedInstaller.

Seems there is a missing part; removing the added Administrators group permissions.

takeown /F "C:\Windows\regedit.exe" /A
/F - file to become owner of
/A - means it will set the users group (ie. Administrators, not userxyz)

icacls "C:\Windows\regedit.exe" /grant Administrators:F
/grant - will add permissions
:F - Full Control

icacls "C:\Windows\regedit.exe" /setowner "NT SERVICE\TrustedInstaller"
/setowner - new owner

icacls "C:\Windows\regedit.exe" /grant:r Administrators:RX
/grant:r - will set permissions (removing higher ones)
:RX - Read and Execute

Reference: https://ss64.com/nt/icacls.html

Related Question