A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Windows 10 » Windows 10 Help Forum
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Undeletable - Attn Paul - update



 
 
Thread Tools Rate Thread Display Modes
  #1  
Old July 6th 18, 08:23 PM posted to alt.comp.os.windows-10
slate_leeper
external usenet poster
 
Posts: 245
Default Undeletable - Attn Paul - update

Hi Paul,

Things I have discovered and tried...


First, the real permissions problem does not seem to be the /usr/me
directory and files. I can delete, rename, etc in that directory just
fine.

What is not accessible for any sort of modification is C:/Program
Files. Nothing can be done there with my administrator log-in and
'take ownership' does not work. You may remember that I first thought
it was a Paragon problem because it showed up when I tried to update
that program. The Paragon install program bombed when it couldn't
change a file in the Program Files directory. Then when I used Win-10
to uninstall it, success was reported but nothing was deleted or
uninstalled (except the listing of that program in "apps & features.")
So apparently Windows itself can't really access the files in that
directory.

Interestingly there are no problems with the C:/Program Files (x86)
directory.

So I tried using the Windows-1803-update iso from a CD. It would only
allow a new install, not an update. It said the update must be run
from Win-10 itself, not from a CD. That has failed previously.

I tried two different programs that are supposed to repair permissions
in Win-10. Neither helped.

I tried copying the entire program files directory to an ExFat32
formatted drive. I then booted the new Gandalf PE DVD and used it to
copy it all back to the C: drive. Copying worked, but didn't fix
anything....

So that's where I am - ready to go back to Win-7 if Microsoft would be
willing to sell me another license (I have an OEM install CD I
purchased from Amazon for my original Win-7 install on my older
computer.)

I hope I would be allowed to load a Win-7 backup image from that
computer, and then license it on this one. No idea who to contact in
Microsoft for info on that scenario, however.

-dan z-


--
Someone who thinks logically provides
a nice contrast to the real world.
(Anonymous)
Ads
  #2  
Old July 6th 18, 09:04 PM posted to alt.comp.os.windows-10
slate_leeper
external usenet poster
 
Posts: 245
Default Undeletable - Attn Paul - update (more)

C:\WINDOWS\system32icacls c:/Progra~1
c:/Progra~1 NT AUTHORITY\SYSTEMOI)(CI)(F)
BUILTIN\AdministratorsOI)(CI)(F)
BUILTIN\UsersOI)(CI)(RX)
Mandatory Label\High Mandatory LevelOI)(CI)(NW)

Anything here that can/should be changed?

-dan z-


--
Someone who thinks logically provides
a nice contrast to the real world.
(Anonymous)
  #3  
Old July 7th 18, 12:37 AM posted to alt.comp.os.windows-10
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default Undeletable - Attn Paul - update (more)

slate_leeper wrote:
C:\WINDOWS\system32icacls c:/Progra~1
c:/Progra~1 NT AUTHORITY\SYSTEMOI)(CI)(F)
BUILTIN\AdministratorsOI)(CI)(F)
BUILTIN\UsersOI)(CI)(RX)
Mandatory Label\High Mandatory LevelOI)(CI)(NW)

Anything here that can/should be changed?

-dan z-


Here is mine.

https://s22.postimg.cc/sa59x2p5d/pro..._ownership.gif

You can see TrustedInstaller there.

Paul

  #4  
Old July 7th 18, 01:41 AM posted to alt.comp.os.windows-10
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default Undeletable - Attn Paul - update (more)

slate_leeper wrote:
C:\WINDOWS\system32icacls c:/Progra~1
c:/Progra~1 NT AUTHORITY\SYSTEMOI)(CI)(F)
BUILTIN\AdministratorsOI)(CI)(F)
BUILTIN\UsersOI)(CI)(RX)
Mandatory Label\High Mandatory LevelOI)(CI)(NW)

Anything here that can/should be changed?

-dan z-


While there's a command for changing integrity level, that
still doesn't explain how it got there. Does this have
something to do with joining a Domain ? I don't think
I've ever seen that on a home machine here.

http://www.jc-tech.info/2016/05/17/w...ndatory-level/

icacls c:\somefolder\somefile.ext /setintegritylevel medium

Paul
  #5  
Old July 7th 18, 04:50 AM posted to alt.comp.os.windows-10
Lucifer Morningstar[_3_]
external usenet poster
 
Posts: 33
Default Undeletable - Attn Paul - update

On Fri, 06 Jul 2018 15:23:39 -0400, slate_leeper
wrote:

Hi Paul,

Things I have discovered and tried...


First, the real permissions problem does not seem to be the /usr/me
directory and files. I can delete, rename, etc in that directory just
fine.

What is not accessible for any sort of modification is C:/Program
Files. Nothing can be done there with my administrator log-in and
'take ownership' does not work. You may remember that I first thought
it was a Paragon problem because it showed up when I tried to update
that program. The Paragon install program bombed when it couldn't
change a file in the Program Files directory. Then when I used Win-10
to uninstall it, success was reported but nothing was deleted or
uninstalled (except the listing of that program in "apps & features.")
So apparently Windows itself can't really access the files in that
directory.

Interestingly there are no problems with the C:/Program Files (x86)
directory.

So I tried using the Windows-1803-update iso from a CD. It would only
allow a new install, not an update. It said the update must be run
from Win-10 itself, not from a CD. That has failed previously.

I tried two different programs that are supposed to repair permissions
in Win-10. Neither helped.

I tried copying the entire program files directory to an ExFat32
formatted drive. I then booted the new Gandalf PE DVD and used it to
copy it all back to the C: drive. Copying worked, but didn't fix
anything....

So that's where I am - ready to go back to Win-7 if Microsoft would be
willing to sell me another license (I have an OEM install CD I
purchased from Amazon for my original Win-7 install on my older
computer.)

I hope I would be allowed to load a Win-7 backup image from that
computer, and then license it on this one. No idea who to contact in
Microsoft for info on that scenario, however.


Is there anything unusual about the directory or file names(s)?

-dan z-

  #6  
Old July 7th 18, 12:40 PM posted to alt.comp.os.windows-10
slate_leeper
external usenet poster
 
Posts: 245
Default Undeletable - Attn Paul - update

On Sat, 07 Jul 2018 13:50:47 +1000, Lucifer Morningstar
wrote:

On Fri, 06 Jul 2018 15:23:39 -0400, slate_leeper
wrote:

Hi Paul,

Things I have discovered and tried...


First, the real permissions problem does not seem to be the /usr/me
directory and files. I can delete, rename, etc in that directory just
fine.

What is not accessible for any sort of modification is C:/Program
Files. Nothing can be done there with my administrator log-in and
'take ownership' does not work. You may remember that I first thought
it was a Paragon problem because it showed up when I tried to update
that program. The Paragon install program bombed when it couldn't
change a file in the Program Files directory. Then when I used Win-10
to uninstall it, success was reported but nothing was deleted or
uninstalled (except the listing of that program in "apps & features.")
So apparently Windows itself can't really access the files in that
directory.

Interestingly there are no problems with the C:/Program Files (x86)
directory.

So I tried using the Windows-1803-update iso from a CD. It would only
allow a new install, not an update. It said the update must be run
from Win-10 itself, not from a CD. That has failed previously.

I tried two different programs that are supposed to repair permissions
in Win-10. Neither helped.

I tried copying the entire program files directory to an ExFat32
formatted drive. I then booted the new Gandalf PE DVD and used it to
copy it all back to the C: drive. Copying worked, but didn't fix
anything....

So that's where I am - ready to go back to Win-7 if Microsoft would be
willing to sell me another license (I have an OEM install CD I
purchased from Amazon for my original Win-7 install on my older
computer.)

I hope I would be allowed to load a Win-7 backup image from that
computer, and then license it on this one. No idea who to contact in
Microsoft for info on that scenario, however.


Is there anything unusual about the directory or file names(s)?

-dan z-



The directory is C:/Program Files. Created by Win-10 on initial
install, I presume. No problems with it until recently when Windows
apparently decided it is a locked directory. Even system-level
privileges can not change or delete anything in it.

-dan z-



--
Someone who thinks logically provides
a nice contrast to the real world.
(Anonymous)
  #7  
Old July 7th 18, 12:46 PM posted to alt.comp.os.windows-10
slate_leeper
external usenet poster
 
Posts: 245
Default Undeletable - Attn Paul - update (more)

On Fri, 06 Jul 2018 20:41:23 -0400, Paul
wrote:

http://www.jc-tech.info/2016/05/17/w...ndatory-level/



and the result is:

C:\WINDOWS\system32icacls c:\Progra~1 /setintegritylevel medium
c:\Progra~1: Access is denied.
Successfully processed 0 files; Failed processing 1 files


--
Someone who thinks logically provides
a nice contrast to the real world.
(Anonymous)
  #8  
Old July 7th 18, 03:42 PM posted to alt.comp.os.windows-10
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default Undeletable - Attn Paul - update (more)

slate_leeper wrote:
On Fri, 06 Jul 2018 20:41:23 -0400, Paul
wrote:

http://www.jc-tech.info/2016/05/17/w...ndatory-level/



and the result is:

C:\WINDOWS\system32icacls c:\Progra~1 /setintegritylevel medium
c:\Progra~1: Access is denied.
Successfully processed 0 files; Failed processing 1 files


So somehow, you need to figure out how that got there
and how to remove it.

I don't know if this is a Domain feature or what it is.

Paul
  #9  
Old July 8th 18, 03:18 AM posted to alt.comp.os.windows-10
Lucifer Morningstar[_3_]
external usenet poster
 
Posts: 33
Default Undeletable - Attn Paul - update

On Sat, 07 Jul 2018 07:40:53 -0400, slate_leeper
wrote:

On Sat, 07 Jul 2018 13:50:47 +1000, Lucifer Morningstar
wrote:

On Fri, 06 Jul 2018 15:23:39 -0400, slate_leeper
wrote:

Hi Paul,

Things I have discovered and tried...


First, the real permissions problem does not seem to be the /usr/me
directory and files. I can delete, rename, etc in that directory just
fine.

What is not accessible for any sort of modification is C:/Program
Files. Nothing can be done there with my administrator log-in and
'take ownership' does not work. You may remember that I first thought
it was a Paragon problem because it showed up when I tried to update
that program. The Paragon install program bombed when it couldn't
change a file in the Program Files directory. Then when I used Win-10
to uninstall it, success was reported but nothing was deleted or
uninstalled (except the listing of that program in "apps & features.")
So apparently Windows itself can't really access the files in that
directory.

Interestingly there are no problems with the C:/Program Files (x86)
directory.

So I tried using the Windows-1803-update iso from a CD. It would only
allow a new install, not an update. It said the update must be run
from Win-10 itself, not from a CD. That has failed previously.

I tried two different programs that are supposed to repair permissions
in Win-10. Neither helped.

I tried copying the entire program files directory to an ExFat32
formatted drive. I then booted the new Gandalf PE DVD and used it to
copy it all back to the C: drive. Copying worked, but didn't fix
anything....

So that's where I am - ready to go back to Win-7 if Microsoft would be
willing to sell me another license (I have an OEM install CD I
purchased from Amazon for my original Win-7 install on my older
computer.)

I hope I would be allowed to load a Win-7 backup image from that
computer, and then license it on this one. No idea who to contact in
Microsoft for info on that scenario, however.


Is there anything unusual about the directory or file names(s)?

-dan z-



The directory is C:/Program Files. Created by Win-10 on initial
install, I presume. No problems with it until recently when Windows
apparently decided it is a locked directory. Even system-level
privileges can not change or delete anything in it.


I asked because sometimes an odd character can get into
a file name preventing it being read. Have you tried renaming
the file then try again to delete it?
As a last ditch move you might be able to hex edit the
directory entry.

-dan z-

  #10  
Old July 8th 18, 03:22 AM posted to alt.comp.os.windows-10
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default Undeletable - Attn Paul - update (more)

slate_leeper wrote:
On Fri, 06 Jul 2018 20:41:23 -0400, Paul
wrote:

http://www.jc-tech.info/2016/05/17/w...ndatory-level/



and the result is:

C:\WINDOWS\system32icacls c:\Progra~1 /setintegritylevel medium
c:\Progra~1: Access is denied.
Successfully processed 0 files; Failed processing 1 files


Integrity level has been around since Vista.

It's explained in English, here. It's an adjunct
to owners and permissions.

https://www.symantec.com/connect/art...egrity-control

As far as I know, Program Files *is* supposed to be High.
It's not an anomaly. You can see it displayed here.

https://www.guidingtech.com/51113/co...el-windows-10/

Now, the question is, why isn't my icacls displaying the
same thing yours is ?

Paul
  #11  
Old July 8th 18, 03:54 AM posted to alt.comp.os.windows-10
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default Undeletable - Attn Paul - update (more)

Paul wrote:
slate_leeper wrote:
On Fri, 06 Jul 2018 20:41:23 -0400, Paul
wrote:

http://www.jc-tech.info/2016/05/17/w...ndatory-level/



and the result is:

C:\WINDOWS\system32icacls c:\Progra~1 /setintegritylevel medium
c:\Progra~1: Access is denied.
Successfully processed 0 files; Failed processing 1 files


Integrity level has been around since Vista.

It's explained in English, here. It's an adjunct
to owners and permissions.

https://www.symantec.com/connect/art...egrity-control


As far as I know, Program Files *is* supposed to be High.
It's not an anomaly. You can see it displayed here.

https://www.guidingtech.com/51113/co...el-windows-10/

Now, the question is, why isn't my icacls displaying the
same thing yours is ?

Paul


According to the information here, icacls is only supposed
to display a "Mandatory" line for the MIC, if the user
has altered it from the expected value.

https://msdn.microsoft.com/en-us/library/bb625965.aspx

Now in your case, that doesn't make sense. The documentation
suggests "Program Files" is set to High, and yet your
icacls output displays "High". That means your system has
somehow concluded Program Files default value is something
else. And finding "High" is different than its expectation.

The example on that page, shows how changing the MIC leads
to icacls showing a non-default value later. Whereas if you
leave those alone, it displays nothing (that's why my system
isn't displaying a Manditory line in the output).

So while the permissions model says I could potentially
change the ownership of TrustedInstaller to Slate, the system
still has features that prevent Slate from making changes with
an (unelevated) low integrity task. Something like that.

This is mostly a red herring, a non-issue, except it does
raise the question of why your system is behaving this way.
If you elevated yourself to SYSTEM account, the idea is
you could effect a change from there. The psexec64 command
should be able to help in that case.

If you use

whoami /user /priv

that should show you have "Impersonate", which allows psexec64 to
make you the SYSTEM account, instead of being Administrators group.

The (fuzzy) picture here, shows three examples of
whoami /user /priv outputs. The "impersonate a Client"
privilege allows elevation. That's how you jump from Administrator
to SYSTEM. You can also become TrustedInstaller, but there's
a separate program for that.

https://s18.postimg.cc/wowci9o95/whoami_user_priv.png

Paul
  #12  
Old July 8th 18, 04:24 AM posted to alt.comp.os.windows-10
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default Undeletable - Attn Paul - update (more)

Paul wrote:
slate_leeper wrote:
On Fri, 06 Jul 2018 20:41:23 -0400, Paul
wrote:

http://www.jc-tech.info/2016/05/17/w...ndatory-level/



and the result is:

C:\WINDOWS\system32icacls c:\Progra~1 /setintegritylevel medium
c:\Progra~1: Access is denied.
Successfully processed 0 files; Failed processing 1 files


Integrity level has been around since Vista.

It's explained in English, here. It's an adjunct
to owners and permissions.

https://www.symantec.com/connect/art...egrity-control


As far as I know, Program Files *is* supposed to be High.
It's not an anomaly. You can see it displayed here.

https://www.guidingtech.com/51113/co...el-windows-10/

Now, the question is, why isn't my icacls displaying the
same thing yours is ?

Paul


Here is one more picture, of icacls at the
top of my C: drive. Where it actually lists a mandatory level.
This is probably the level that prevents Macrium from
dumping a .mrimg right under the root of a drive letter.

https://s22.postimg.cc/406blwpv5/root_of_C.gif

Paul

  #13  
Old July 8th 18, 02:11 PM posted to alt.comp.os.windows-10
slate_leeper
external usenet poster
 
Posts: 245
Default Undeletable - Attn Paul - update

On Sun, 08 Jul 2018 12:18:07 +1000, Lucifer Morningstar
wrote:

I asked because sometimes an odd character can get into
a file name preventing it being read. Have you tried renaming
the file then try again to delete it?
As a last ditch move you might be able to hex edit the
directory entry.


I think I didn't make the depth of the problem clear. The problem is
not with one specific file, it is with the entire Program Files
directory. Nothing can be changed. No program can be uninstalled or
updated. No program can be installed. No file can be modified or
deleted.

-dan z-


--
Someone who thinks logically provides
a nice contrast to the real world.
(Anonymous)
  #14  
Old July 8th 18, 02:33 PM posted to alt.comp.os.windows-10
slate_leeper
external usenet poster
 
Posts: 245
Default Undeletable - Attn Paul - update (more)

On Sat, 07 Jul 2018 23:24:05 -0400, Paul
wrote:

Now, the question is, why isn't my icacls displaying the
same thing yours is ?


The question is, what security level is required for me to access that
directory, and how do I gain that level?

-dan z-


--
Someone who thinks logically provides
a nice contrast to the real world.
(Anonymous)
  #15  
Old July 8th 18, 07:53 PM posted to alt.comp.os.windows-10
slate_leeper
external usenet poster
 
Posts: 245
Default Undeletable - Attn Paul - update (more)

On Sun, 8 Jul 2018 18:21:46 +0100, ? Good Guy ?
wrote:

There is nothing in Windows that can't be deleted by an Administrator of
the machine provided there aren't any APPs still running and using some
files in a particular folder.


Except on mine. The Program Files directory on mine is completely
locked against deleting or modifying any files within. If you had been
following this thread you would know that we have tried doing it as
"true administrator" and also as SYSTEM. Neither of those were able to
do anything with the files. It just keeps saying "access denied." This
despite the properties of the directory and of the files shows both
SYSTEM and Administrators as having full access.

-dan z-


--
Someone who thinks logically provides
a nice contrast to the real world.
(Anonymous)
 




Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off






All times are GMT +1. The time now is 06:34 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.