- Automate offline servicing of Windows images with the PowerShell module OSDBuilder - Wed, Sep 15 2021
- Enroll Windows 10 machines in Microsoft Intune and manage them using the MDM interface - Thu, Sep 2 2021
- Securden's new Unified Privileged Access Management - Mon, Aug 30 2021
You might think that if you are an administrator on a Windows system, you have all the rights and permissions needed to install software, modify registry keys, and update, delete, or overwrite files. However, there are a couple of unique accounts in Windows that own various files and registry keys. These include the SYSTEM and Trusted Installer accounts.
There may be times you need to run programs as the SYSTEM or Trusted Installer account. Why would you need to do this? How can you easily run programs using these accounts?
SYSTEM and Trusted Installer accounts ^
The SYSTEM account, also known as the Local System account, is a special account that Windows uses to allow the operating system to sign in for internal tasks and processes, such as during the Windows install. Windows itself manages the SYSTEM account rights.
You won't see this account listed in the User Manager, and it isn't an account you can add or remove from groups. However, you will have visibility into the SYSTEM account in NTFS permissions. You can add, remove, or modify the permissions assigned to SYSTEM for permissions it has on files and folders.
Trusted Installer is another special account used by the Windows Modules Installer service. The Trusted Installer service, running under the context of the Trusted Installer user, has exclusive permissions for all things related to Windows Updates (installing, modifying, and removing) and optional Windows components.
It is the owner of many files located in the Windows directory, the Windows System directory, and the Program Files directory. You will note that it also owns the Windows.old folder, a special folder containing a backup of your Windows installation before upgrading to a newer version of Windows. This folder makes it possible to roll back to the previous installation.
Run programs as SYSTEM or Trusted Installer ^
Windows or system administrators may need to run programs using the SYSTEM or Trusted Installer accounts if these accounts are the owners of files or registry entries that need to be modified. While administrators can take ownership of files and folders that the SYSTEM or Trusted Installer accounts own, this can potentially break system services and processes if not reverted correctly. Therefore, it is often better to run programs such as regedit and other programs as the accounts themselves if it involves making changes to files or registry entries these special users own.
Below is an example of the advanced permissions on a registry key in Windows 10 that the SYSTEM account owns.
For obvious reasons, Microsoft does not make the process of running special programs as the SYSTEM or Trusted Installer user easy or intuitive. However, if you have a valid reason to run programs under the context of these special users, several free programs can make the process much more straightforward than if left to other manual means. We will take a quick look at the following tools for this purpose:
- Nirsoft AdvancedRun
Nirsoft AdvancedRun makes running programs as special users in Windows 10 extremely easy and provides many options for doing so. For example, with AdvancedRun, we can launch regedit.exe as the SYSTEM user. AdvancedRun has many options, including:
- Launch programs with command line arguments
- Set the priority of the program to run
- Run as a specific named DOMAIN user
- Use the search path to find the program location if the full path is not specified
- Set the process affinity
- Set the compatibility mode
The AdvancedRun utility has many great features that lead to interesting use cases, including but not limited to running as the SYSTEM or Trusted Installer account. These include:
- Run regedit as a normal Windows user without the elevated permissions needed on Windows 10/8/7/Vista; results in read-only access to several keys
- Run regedit as SYSTEM or Trusted Installer user
- Run another program with a user of another running process
- Run a program as another logged-in user without typing the password of the logged-in user
- Run programs using high-priority mode
- Windows XP Compatibility Mode
- Use different PATH environment strings without modifying the PATH environment
- Run a program with a different set of variables you choose
Download AdvancedRun here.
Another free utility that provides a way to run programs as SYSTEM or Trusted Installer is NSudo from the M2Team GitHub page. NSudo is based on another project called SuperCMD. It offers several features, including:
- Launch programs with Trusted Installer
- Launch programs as SYSTEM user
- Launch programs as an elevated user
- Supports launching programs with a specific set of privileges or a mandatory level of permissions
- Includes a Devil mode that allows developers to bypass file and registry access checks for Administrator privileges
The NSudo download contains both a GUI and a command-line version of the tool. You get basic options with the GUI. However, this is a quick, easy way to launch a program as the SYSTEM or Trusted Installer user.
The NSudo command line options provide more control and capabilities, comparable to the AdvancedRun GUI.
You can download NSudo from the official GitHub repository of the M2Team here.
Subscribe to 4sysops newsletter!
Sometimes administrators need to run programs as SYSTEM or Trusted Installer when these accounts own files or registry keys that need to be modified. Administrators can take ownership of these special files and registry keys. However, making permissions changes can potentially lead to issues. Both Nirsoft's AdvancedRun and M2Team's NSudo are freely available utilities that allow easily running programs as these special user accounts.