Undeletable - Attn Paul - update

On Sun, 08 Jul 2018 09:33:51 -0400, slate_leeper
wrote:

Thought occurred to me... when I copied the Program Files directory to
the ExFAT formatted drive, I copied it back by replacing the original
files. The thought: perhaps I should have deleted the entire directory
before copying the files back.

So I started over, using the Gandalf PE disk again. Copied entire PF
directory to ExFat drive. Deleted entire PF directory on boot drive.
Then copied it back from the ExFat drive. Using the PE file explorer,,
right clicked on the PF folder name. Under attributes, in addition to
the normal Read Only was one labeled SYSTEM. I turned off both R/O and
SYSTEM and applied. Then rebooted.

Same problem....

-dan z-


--
Someone who thinks logically provides
a nice contrast to the real world.
(Anonymous)

slate_leeper wrote:
On Sun, 8 Jul 2018 18:21:46 +0100, ? Good Guy ?
wrote:

There is nothing in Windows that can't be deleted by an Administrator of
the machine provided there aren't any APPs still running and using some
files in a particular folder.

Except on mine. The Program Files directory on mine is completely
locked against deleting or modifying any files within. If you had been
following this thread you would know that we have tried doing it as
"true administrator" and also as SYSTEM. Neither of those were able to
do anything with the files. It just keeps saying "access denied." This
despite the properties of the directory and of the files shows both
SYSTEM and Administrators as having full access.

-dan z-

Time to go nuclear.

You will need three tools.

pstools (psexec.exe and psexec64.exe)
process explorer (to verify the properties of the Command Prompt created).
RunFromToken.exe (a program to copy trustedinstaller token, and run Command Prompt)

1) Start an Administrator Command Prompt.

Unpack pstools. From www.sysinternals.com .

Grab pxexec64.exe if on a 64 bit system.

psexec64 -hsi cmd

Another Command Prompt window opens.

2a) Do "whoami" in the new Command Prompt window.

ntauthority\system

Download RunFromToken

http://reboot.pro/files/download/237...-runfromtoken/

http://reboot.pro/files/getdownload/...-runfromtoken/

Unpack the three files.

You'll need two of them.

RunFromToken.au3 (an autohotkey program)
RunFromToken64.exe (the tool for a 64-bit OS)

2b) The next part is a minor issue, a bit of timing is involved.

Open services.msc from the run box.

Do "Properties" on the "Windows Modules Installer" service.

It will be in the stopped state. It has a "Start" button.

In the SYSTEM cmd window from 2a, prepare your command to
launch yet another cmd window.

cd /d C:\users\slate\Downloads # Location of RunFromToken64

RunFromToken64.exe trustedinstaller.exe 1 cmd # *Do not* hit return yet.

Now, go back to the "Windows Modules Installer" Properties
and click Start. Wait for the timer to disappear and the
thing to seem to be running.

Now, hit carriage return.

OK, first minor snag. The RunFromToken64.exe program
needs to fiddle with one of the Administrator privileges.
The dialog will tell you that a reboot is required.

Repeat the steps to here, and the second time, it should work.

3) Download Process Explorer and unpack it. From www.sysinternals.com .

Right click "procexp.exe" and select Run As Administrator.
This is needed to get a lot of process properties.

In the 2b window, it tells you the PID of the special
cmd window. Sort the processes in procexp.exe by the PID
column, then scroll down until you find the PID in question.

Note that, the window that opens at the end of 2b is still
owned by SYSTEM.

whoami

ntauthority\system

But, when you click that cmd (identified by PID) in
Process Explorer and do properties, there's an added item.

https://s22.postimg.cc/jde034snl/tru...ller_maybe.gif

4) Now from that third window, the one you vetted in Process Explorer,

cd /d C:\Program Files\7zip

del 7zip.exe

There is a picture here as a summary.

https://s22.postimg.cc/ktpilht29/ele..._installer.gif

*******

Note: I tried to modify the ACE (Mandatory) thing with a
tool. I modified all of C: to be medium, but that did not
achieve any change that I could see. "Program Files" would
normally be "High", but I used icacls to make the entire C:
drive medium. And I did that, because I got permission
denied trying other stuff.

https://s22.postimg.cc/9ve92xmcx/mic...o_read_ACE.gif

The tool is suitable for viewing the ACE values if you want.
It doesn't explain what is going on with your system though.

https://www.elevenpaths.com/download...m.exe?agree=on

And the ACE doesn't seem to be stored in the icacls
output either. You cannot replay the ACLs and fix
ACE at the same time. If you mess around as I did with
C: and change the integrity level of the entire C: , you'd
be screwed.

Paul

On Sun, 08 Jul 2018 20:01:24 -0400, Paul
wrote:

You will need three tools.


Hi Paul,

It will be two or three days before I can try this.


As I told you in the last message, Gandalf PE allowed me to unset the
Read Only and System attributes on the program files folder and files
before I copied them back down. (What is the SYSTEM attribute?
Couldn't find that with Google.)

There has been an improvement:

Each file now shows four items in the Security Properties. In addition
to SYSTEM and Administrators, there is now also "Authenticated Users"
and "Users". And, lo and behold, it allowed me to change
Authenticated Users to full access. But only for files, not for
folders. So now I can delete, replace, etc individual files, but since
there are 48,940 files in that directory the improvement is not that
much of an improvement.

Using the PE boot, I think I may try copying ALL files to the ExFat
drive, unsetting those two attributes, and copying them back.

What the heck, it's just another 6 hours of backup, verify, restore
(if necessary)....

-dan z-


--
Someone who thinks logically provides
a nice contrast to the real world.
(Anonymous)

On Sun, 8 Jul 2018 18:13:14 +0100, ? Good Guy ?
wrote:

On 08/07/2018 14:11, slate_leeper wrote:
I think I didn't make the depth of the problem clear. The problem is
not with one specific file, it is with the entire Program Files
directory. Nothing can be changed. No program can be uninstalled or
updated. No program can be installed. No file can be modified or
deleted.


If this is the case then why don't you boot-up the system using some 3rd
party operating System and then you should be able to delete anything
from the NTFS file system.

That is a good idea. A self booting linux CD should do the job.

Did you try deleting from the safe mode? It's worth a try rather than
struggling for months trying to find solutions to simp0le problems. You
could have made a trip to the moon by now considering you have spent
nearly two weeks on this.

It might be better to just reinstall windows.

Why don't you take your machine to a geek
shop? They can do it for you. Alternatively, ask Arlen Holden to come
to your house to sort it out. He likes young boys and he is prepared to
travel for the right boys. He is even thinking of going to Thailand to
rescue those young boys who are trapped for a month in a cave.

Dolf already has that job.

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

On Sun, 08 Jul 2018 20:01:24 -0400, Paul
wrote:


Time to go nuclear.

You will need three tools.

pstools (psexec.exe and psexec64.exe)
process explorer (to verify the properties of the Command Prompt created).
RunFromToken.exe (a program to copy trustedinstaller token, and run Command Prompt)

1) Start an Administrator Command Prompt.

Unpack pstools. From www.sysinternals.com .

Grab pxexec64.exe if on a 64 bit system.

psexec64 -hsi cmd

Another Command Prompt window opens.

2a) Do "whoami" in the new Command Prompt window.

ntauthority\system

Download RunFromToken

http://reboot.pro/files/download/237...-runfromtoken/

http://reboot.pro/files/getdownload/...-runfromtoken/

Unpack the three files.

You'll need two of them.

RunFromToken.au3 (an autohotkey program)
RunFromToken64.exe (the tool for a 64-bit OS)

2b) The next part is a minor issue, a bit of timing is involved.

Open services.msc from the run box.

Do "Properties" on the "Windows Modules Installer" service.

It will be in the stopped state. It has a "Start" button.

In the SYSTEM cmd window from 2a, prepare your command to
launch yet another cmd window.

cd /d C:\users\slate\Downloads # Location of RunFromToken64

RunFromToken64.exe trustedinstaller.exe 1 cmd # *Do not* hit return yet.

Now, go back to the "Windows Modules Installer" Properties
and click Start. Wait for the timer to disappear and the
thing to seem to be running.

Now, hit carriage return.

OK, first minor snag. The RunFromToken64.exe program
needs to fiddle with one of the Administrator privileges.
The dialog will tell you that a reboot is required.

Repeat the steps to here, and the second time, it should work.

3) Download Process Explorer and unpack it. From www.sysinternals.com .

Right click "procexp.exe" and select Run As Administrator.
This is needed to get a lot of process properties.

In the 2b window, it tells you the PID of the special
cmd window. Sort the processes in procexp.exe by the PID
column, then scroll down until you find the PID in question.

Note that, the window that opens at the end of 2b is still
owned by SYSTEM.

whoami

ntauthority\system

But, when you click that cmd (identified by PID) in
Process Explorer and do properties, there's an added item.

https://s22.postimg.cc/jde034snl/tru...ller_maybe.gif

4) Now from that third window, the one you vetted in Process Explorer,

cd /d C:\Program Files\7zip

del 7zip.exe

There is a picture here as a summary.

https://s22.postimg.cc/ktpilht29/ele..._installer.gif


Success at all steps to:

D:\PaulSpecialFilesrunfromtoken64.exe trustedinstaller.exe 1 cmd
Now setting privilege: SeDebugPrivilege
Now setting privilege: SeAssignPrimaryTokenPrivilege
Now setting privilege: SeIncreaseQuotaPrivilege
Host PID: 8056
New process created successfully: 2496

D:\PaulSpecialFileswhoami
nt authority\system

Step 4 - del a file in program files.... (actually I tried rename a
folder) ...
'access denied'

But, when you click that cmd (identified by PID) in
Process Explorer and do properties, there's an added item.

My properties do not look like yours:
https://imgur.com/a/q4d64jW

-dan z-


--
Someone who thinks logically provides
a nice contrast to the real world.
(Anonymous)

slate_leeper wrote:
On Sun, 08 Jul 2018 20:01:24 -0400, Paul
wrote:


Time to go nuclear.

You will need three tools.

pstools (psexec.exe and psexec64.exe)
process explorer (to verify the properties of the Command Prompt created).
RunFromToken.exe (a program to copy trustedinstaller token, and run Command Prompt)

1) Start an Administrator Command Prompt.

Unpack pstools. From www.sysinternals.com .

Grab pxexec64.exe if on a 64 bit system.

psexec64 -hsi cmd

Another Command Prompt window opens.

2a) Do "whoami" in the new Command Prompt window.

ntauthority\system

Download RunFromToken

http://reboot.pro/files/download/237...-runfromtoken/

http://reboot.pro/files/getdownload/...-runfromtoken/

Unpack the three files.

You'll need two of them.

RunFromToken.au3 (an autohotkey program)
RunFromToken64.exe (the tool for a 64-bit OS)

2b) The next part is a minor issue, a bit of timing is involved.

Open services.msc from the run box.

Do "Properties" on the "Windows Modules Installer" service.

It will be in the stopped state. It has a "Start" button.

In the SYSTEM cmd window from 2a, prepare your command to
launch yet another cmd window.

cd /d C:\users\slate\Downloads # Location of RunFromToken64

RunFromToken64.exe trustedinstaller.exe 1 cmd # *Do not* hit return yet.

Now, go back to the "Windows Modules Installer" Properties
and click Start. Wait for the timer to disappear and the
thing to seem to be running.

Now, hit carriage return.

OK, first minor snag. The RunFromToken64.exe program
needs to fiddle with one of the Administrator privileges.
The dialog will tell you that a reboot is required.

Repeat the steps to here, and the second time, it should work.

3) Download Process Explorer and unpack it. From www.sysinternals.com .

Right click "procexp.exe" and select Run As Administrator.
This is needed to get a lot of process properties.

In the 2b window, it tells you the PID of the special
cmd window. Sort the processes in procexp.exe by the PID
column, then scroll down until you find the PID in question.

Note that, the window that opens at the end of 2b is still
owned by SYSTEM.

whoami

ntauthority\system

But, when you click that cmd (identified by PID) in
Process Explorer and do properties, there's an added item.

https://s22.postimg.cc/jde034snl/tru...ller_maybe.gif

4) Now from that third window, the one you vetted in Process Explorer,

cd /d C:\Program Files\7zip

del 7zip.exe

There is a picture here as a summary.

https://s22.postimg.cc/ktpilht29/ele..._installer.gif


Success at all steps to:

D:\PaulSpecialFilesrunfromtoken64.exe trustedinstaller.exe 1 cmd
Now setting privilege: SeDebugPrivilege
Now setting privilege: SeAssignPrimaryTokenPrivilege
Now setting privilege: SeIncreaseQuotaPrivilege
Host PID: 8056
New process created successfully: 2496

D:\PaulSpecialFileswhoami
nt authority\system

Step 4 - del a file in program files.... (actually I tried rename a
folder) ...
'access denied'

But, when you click that cmd (identified by PID) in
Process Explorer and do properties, there's an added item.

My properties do not look like yours:
https://imgur.com/a/q4d64jW

-dan z-

In your picture "q4d64jW", you'd want the Security tab.

Paul

slate_leeper wrote:
On Sun, 08 Jul 2018 20:01:24 -0400, Paul
wrote:


Time to go nuclear.

You will need three tools.

pstools (psexec.exe and psexec64.exe)
process explorer (to verify the properties of the Command Prompt created).
RunFromToken.exe (a program to copy trustedinstaller token, and run Command Prompt)

1) Start an Administrator Command Prompt.

Unpack pstools. From www.sysinternals.com .

Grab pxexec64.exe if on a 64 bit system.

psexec64 -hsi cmd

Another Command Prompt window opens.

2a) Do "whoami" in the new Command Prompt window.

ntauthority\system

Download RunFromToken

http://reboot.pro/files/download/237...-runfromtoken/

http://reboot.pro/files/getdownload/...-runfromtoken/

Unpack the three files.

You'll need two of them.

RunFromToken.au3 (an autohotkey program)
RunFromToken64.exe (the tool for a 64-bit OS)

2b) The next part is a minor issue, a bit of timing is involved.

Open services.msc from the run box.

Do "Properties" on the "Windows Modules Installer" service.

It will be in the stopped state. It has a "Start" button.

In the SYSTEM cmd window from 2a, prepare your command to
launch yet another cmd window.

cd /d C:\users\slate\Downloads # Location of RunFromToken64

RunFromToken64.exe trustedinstaller.exe 1 cmd # *Do not* hit return yet.

Now, go back to the "Windows Modules Installer" Properties
and click Start. Wait for the timer to disappear and the
thing to seem to be running.

Now, hit carriage return.

OK, first minor snag. The RunFromToken64.exe program
needs to fiddle with one of the Administrator privileges.
The dialog will tell you that a reboot is required.

Repeat the steps to here, and the second time, it should work.

3) Download Process Explorer and unpack it. From www.sysinternals.com .

Right click "procexp.exe" and select Run As Administrator.
This is needed to get a lot of process properties.

In the 2b window, it tells you the PID of the special
cmd window. Sort the processes in procexp.exe by the PID
column, then scroll down until you find the PID in question.

Note that, the window that opens at the end of 2b is still
owned by SYSTEM.

whoami

ntauthority\system

But, when you click that cmd (identified by PID) in
Process Explorer and do properties, there's an added item.

https://s22.postimg.cc/jde034snl/tru...ller_maybe.gif

4) Now from that third window, the one you vetted in Process Explorer,

cd /d C:\Program Files\7zip

del 7zip.exe

There is a picture here as a summary.

https://s22.postimg.cc/ktpilht29/ele..._installer.gif


Success at all steps to:

D:\PaulSpecialFilesrunfromtoken64.exe trustedinstaller.exe 1 cmd
Now setting privilege: SeDebugPrivilege
Now setting privilege: SeAssignPrimaryTokenPrivilege
Now setting privilege: SeIncreaseQuotaPrivilege
Host PID: 8056
New process created successfully: 2496

D:\PaulSpecialFileswhoami
nt authority\system

Step 4 - del a file in program files.... (actually I tried rename a
folder) ...
'access denied'

But, when you click that cmd (identified by PID) in
Process Explorer and do properties, there's an added item.

My properties do not look like yours:
https://imgur.com/a/q4d64jW

-dan z-

And here is a sample file in my Program Files.

https://s33.postimg.cc/mumc2tc33/my_test_install.gif

What's weird there, is I could have sworn that TrustedInstaller
used to be in the Properties : Security tab window, but now
it isn't any more. And the properties and the icacls info
are a subset of one another.

And icacls won't mention the ACE Manditory level unless
it deviates from the "expected" value. Since you moved
Program Files to a non-NTFS volume and back again,
perhaps the Manditory levels are used when the regular
ownership and permissions are not present. I
wasn't able to apply icacls /setintegritylevel unless
I did it to the entire C: (as an experiment). I got lots
of permission denied elsewhere.

Paul

On Wed, 11 Jul 2018 11:14:23 -0400, slate_leeper
wrote:

On Sun, 08 Jul 2018 20:01:24 -0400, Paul
wrote:


Time to go nuclear.

You will need three tools.

pstools (psexec.exe and psexec64.exe)
process explorer (to verify the properties of the Command Prompt created).
RunFromToken.exe (a program to copy trustedinstaller token, and run Command Prompt)

1) Start an Administrator Command Prompt.

Unpack pstools. From www.sysinternals.com .

Grab pxexec64.exe if on a 64 bit system.

psexec64 -hsi cmd

Another Command Prompt window opens.

2a) Do "whoami" in the new Command Prompt window.

ntauthority\system

Download RunFromToken

http://reboot.pro/files/download/237...-runfromtoken/

http://reboot.pro/files/getdownload/...-runfromtoken/

Unpack the three files.

You'll need two of them.

RunFromToken.au3 (an autohotkey program)
RunFromToken64.exe (the tool for a 64-bit OS)

2b) The next part is a minor issue, a bit of timing is involved.

Open services.msc from the run box.

Do "Properties" on the "Windows Modules Installer" service.

It will be in the stopped state. It has a "Start" button.

In the SYSTEM cmd window from 2a, prepare your command to
launch yet another cmd window.

cd /d C:\users\slate\Downloads # Location of RunFromToken64

RunFromToken64.exe trustedinstaller.exe 1 cmd # *Do not* hit return yet.

Now, go back to the "Windows Modules Installer" Properties
and click Start. Wait for the timer to disappear and the
thing to seem to be running.

Now, hit carriage return.

OK, first minor snag. The RunFromToken64.exe program
needs to fiddle with one of the Administrator privileges.
The dialog will tell you that a reboot is required.

Repeat the steps to here, and the second time, it should work.

3) Download Process Explorer and unpack it. From www.sysinternals.com .

Right click "procexp.exe" and select Run As Administrator.
This is needed to get a lot of process properties.

In the 2b window, it tells you the PID of the special
cmd window. Sort the processes in procexp.exe by the PID
column, then scroll down until you find the PID in question.

Note that, the window that opens at the end of 2b is still
owned by SYSTEM.

whoami

ntauthority\system

But, when you click that cmd (identified by PID) in
Process Explorer and do properties, there's an added item.

https://s22.postimg.cc/jde034snl/tru...ller_maybe.gif

4) Now from that third window, the one you vetted in Process Explorer,

cd /d C:\Program Files\7zip

del 7zip.exe

There is a picture here as a summary.

https://s22.postimg.cc/ktpilht29/ele..._installer.gif


Success at all steps to:

D:\PaulSpecialFilesrunfromtoken64.exe trustedinstaller.exe 1 cmd
Now setting privilege: SeDebugPrivilege
Now setting privilege: SeAssignPrimaryTokenPrivilege
Now setting privilege: SeIncreaseQuotaPrivilege
Host PID: 8056
New process created successfully: 2496

D:\PaulSpecialFileswhoami
nt authority\system

Step 4 - del a file in program files.... (actually I tried rename a
folder) ...
'access denied'

But, when you click that cmd (identified by PID) in
Process Explorer and do properties, there's an added item.

My properties do not look like yours:
https://imgur.com/a/q4d64jW

Would you consider booting from a linux CD?

-dan z-

Lucifer Morningstar wrote:
On Wed, 11 Jul 2018 11:14:23 -0400, slate_leeper
wrote:

On Sun, 08 Jul 2018 20:01:24 -0400, Paul
wrote:


Time to go nuclear.

You will need three tools.

pstools (psexec.exe and psexec64.exe)
process explorer (to verify the properties of the Command Prompt created).
RunFromToken.exe (a program to copy trustedinstaller token, and run Command Prompt)

1) Start an Administrator Command Prompt.

Unpack pstools. From www.sysinternals.com .

Grab pxexec64.exe if on a 64 bit system.

psexec64 -hsi cmd

Another Command Prompt window opens.

2a) Do "whoami" in the new Command Prompt window.

ntauthority\system

Download RunFromToken

http://reboot.pro/files/download/237...-runfromtoken/

http://reboot.pro/files/getdownload/...-runfromtoken/

Unpack the three files.

You'll need two of them.

RunFromToken.au3 (an autohotkey program)
RunFromToken64.exe (the tool for a 64-bit OS)

2b) The next part is a minor issue, a bit of timing is involved.

Open services.msc from the run box.

Do "Properties" on the "Windows Modules Installer" service.

It will be in the stopped state. It has a "Start" button.

In the SYSTEM cmd window from 2a, prepare your command to
launch yet another cmd window.

cd /d C:\users\slate\Downloads # Location of RunFromToken64

RunFromToken64.exe trustedinstaller.exe 1 cmd # *Do not* hit return yet.

Now, go back to the "Windows Modules Installer" Properties
and click Start. Wait for the timer to disappear and the
thing to seem to be running.

Now, hit carriage return.

OK, first minor snag. The RunFromToken64.exe program
needs to fiddle with one of the Administrator privileges.
The dialog will tell you that a reboot is required.

Repeat the steps to here, and the second time, it should work.

3) Download Process Explorer and unpack it. From www.sysinternals.com .

Right click "procexp.exe" and select Run As Administrator.
This is needed to get a lot of process properties.

In the 2b window, it tells you the PID of the special
cmd window. Sort the processes in procexp.exe by the PID
column, then scroll down until you find the PID in question.

Note that, the window that opens at the end of 2b is still
owned by SYSTEM.

whoami

ntauthority\system

But, when you click that cmd (identified by PID) in
Process Explorer and do properties, there's an added item.

https://s22.postimg.cc/jde034snl/tru...ller_maybe.gif

4) Now from that third window, the one you vetted in Process Explorer,

cd /d C:\Program Files\7zip

del 7zip.exe

There is a picture here as a summary.

https://s22.postimg.cc/ktpilht29/ele..._installer.gif

Success at all steps to:

D:\PaulSpecialFilesrunfromtoken64.exe trustedinstaller.exe 1 cmd
Now setting privilege: SeDebugPrivilege
Now setting privilege: SeAssignPrimaryTokenPrivilege
Now setting privilege: SeIncreaseQuotaPrivilege
Host PID: 8056
New process created successfully: 2496

D:\PaulSpecialFileswhoami
nt authority\system

Step 4 - del a file in program files.... (actually I tried rename a
folder) ...
'access denied'

But, when you click that cmd (identified by PID) in
Process Explorer and do properties, there's an added item.
My properties do not look like yours:
https://imgur.com/a/q4d64jW

Would you consider booting from a linux CD?

That used to work, but in 2018, there are two issues.

1) When Windows 10 makes an NTFS partition, the %MFTMIRR
is damaged. Linux won't mount a damaged partition of that
type.

2) NTFS has a new type of Reparse Point dealing with Compression.
There are two compression representations. The old one set an
Attribute on the file and didn't use Reparse points. Linux can
handle the compression attribute just fine.

There is a second kind of compression which might be marginally
more efficient. In order to avoid changing the file system
version number from 3.1 to something else, it's implemented as
a Reparse Point (custom code). Linux does not have this code.
If Linux "touches" a system file with that Reparse Point applied,
the Linux terminal shows "I/O Error".

Editing Windows C: from Linux, isn't as easy as it used to be.

Paul

On Sat, 07 Jul 2018 07:46:03 -0400, slate_leeper
wrote:

On Fri, 06 Jul 2018 20:41:23 -0400, Paul
wrote:

http://www.jc-tech.info/2016/05/17/w...ndatory-level/


and the result is:

C:\WINDOWS\system32icacls c:\Progra~1 /setintegritylevel medium

I've succeeded in adding my specific (administrator) name to the
security entries for the Program Files directory. I set it for full
access, which it accepted. However I still can not change, delete,
etc. most files.

Seems like the mandatory-level thing must be the problem, but I can't
figure out how to fix it.... I would like to set it to medium.

-dan z-


--
Someone who thinks logically provides
a nice contrast to the real world.
(Anonymous)

slate_leeper wrote:
On Sat, 07 Jul 2018 07:46:03 -0400, slate_leeper
wrote:

On Fri, 06 Jul 2018 20:41:23 -0400, Paul
wrote:

http://www.jc-tech.info/2016/05/17/w...ndatory-level/

and the result is:

C:\WINDOWS\system32icacls c:\Progra~1 /setintegritylevel medium

I've succeeded in adding my specific (administrator) name to the
security entries for the Program Files directory. I set it for full
access, which it accepted. However I still can not change, delete,
etc. most files.

Seems like the mandatory-level thing must be the problem, but I can't
figure out how to fix it.... I would like to set it to medium.

-dan z-



You can try "micenum" to show the Mandatory level.

https://www.elevenpaths.com/download...m.exe?agree=on

And roughly what it should look like.

https://s33.postimg.cc/mumc2tc33/my_test_install.gif

In the picture, the Properties dialog is missing the
TrustedInstaller entry, which can be seen instead in
the Command Prompt check.

Paul

On Fri, 20 Jul 2018 20:02:00 -0400, Paul
wrote:

slate_leeper wrote:
On Sat, 07 Jul 2018 07:46:03 -0400, slate_leeper
wrote:

On Fri, 06 Jul 2018 20:41:23 -0400, Paul
wrote:

http://www.jc-tech.info/2016/05/17/w...ndatory-level/

and the result is:

C:\WINDOWS\system32icacls c:\Progra~1 /setintegritylevel medium

I've succeeded in adding my specific (administrator) name to the
security entries for the Program Files directory. I set it for full
access, which it accepted. However I still can not change, delete,
etc. most files.

Seems like the mandatory-level thing must be the problem, but I can't
figure out how to fix it.... I would like to set it to medium.

-dan z-



You can try "micenum" to show the Mandatory level.

https://www.elevenpaths.com/download...m.exe?agree=on

And roughly what it should look like.

https://s33.postimg.cc/mumc2tc33/my_test_install.gif

In the picture, the Properties dialog is missing the
TrustedInstaller entry, which can be seen instead in
the Command Prompt check.

Paul


Well, believe it or not, that program shows the Program Files
directory and contents all at level "medium." So I guess that is not
the problem. I'm baffled.

-dan z-


--
Someone who thinks logically provides
a nice contrast to the real world.
(Anonymous)