If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
Undeletable - Attn Paul - update
Hi Paul,
Things I have discovered and tried... First, the real permissions problem does not seem to be the /usr/me directory and files. I can delete, rename, etc in that directory just fine. What is not accessible for any sort of modification is C:/Program Files. Nothing can be done there with my administrator log-in and 'take ownership' does not work. You may remember that I first thought it was a Paragon problem because it showed up when I tried to update that program. The Paragon install program bombed when it couldn't change a file in the Program Files directory. Then when I used Win-10 to uninstall it, success was reported but nothing was deleted or uninstalled (except the listing of that program in "apps & features.") So apparently Windows itself can't really access the files in that directory. Interestingly there are no problems with the C:/Program Files (x86) directory. So I tried using the Windows-1803-update iso from a CD. It would only allow a new install, not an update. It said the update must be run from Win-10 itself, not from a CD. That has failed previously. I tried two different programs that are supposed to repair permissions in Win-10. Neither helped. I tried copying the entire program files directory to an ExFat32 formatted drive. I then booted the new Gandalf PE DVD and used it to copy it all back to the C: drive. Copying worked, but didn't fix anything.... So that's where I am - ready to go back to Win-7 if Microsoft would be willing to sell me another license (I have an OEM install CD I purchased from Amazon for my original Win-7 install on my older computer.) I hope I would be allowed to load a Win-7 backup image from that computer, and then license it on this one. No idea who to contact in Microsoft for info on that scenario, however. -dan z- -- Someone who thinks logically provides a nice contrast to the real world. (Anonymous) |
Ads |
#2
|
|||
|
|||
Undeletable - Attn Paul - update (more)
C:\WINDOWS\system32icacls c:/Progra~1
c:/Progra~1 NT AUTHORITY\SYSTEMOI)(CI)(F) BUILTIN\AdministratorsOI)(CI)(F) BUILTIN\UsersOI)(CI)(RX) Mandatory Label\High Mandatory LevelOI)(CI)(NW) Anything here that can/should be changed? -dan z- -- Someone who thinks logically provides a nice contrast to the real world. (Anonymous) |
#3
|
|||
|
|||
Undeletable - Attn Paul - update (more)
slate_leeper wrote:
C:\WINDOWS\system32icacls c:/Progra~1 c:/Progra~1 NT AUTHORITY\SYSTEMOI)(CI)(F) BUILTIN\AdministratorsOI)(CI)(F) BUILTIN\UsersOI)(CI)(RX) Mandatory Label\High Mandatory LevelOI)(CI)(NW) Anything here that can/should be changed? -dan z- Here is mine. https://s22.postimg.cc/sa59x2p5d/pro..._ownership.gif You can see TrustedInstaller there. Paul |
#4
|
|||
|
|||
Undeletable - Attn Paul - update (more)
slate_leeper wrote:
C:\WINDOWS\system32icacls c:/Progra~1 c:/Progra~1 NT AUTHORITY\SYSTEMOI)(CI)(F) BUILTIN\AdministratorsOI)(CI)(F) BUILTIN\UsersOI)(CI)(RX) Mandatory Label\High Mandatory LevelOI)(CI)(NW) Anything here that can/should be changed? -dan z- While there's a command for changing integrity level, that still doesn't explain how it got there. Does this have something to do with joining a Domain ? I don't think I've ever seen that on a home machine here. http://www.jc-tech.info/2016/05/17/w...ndatory-level/ icacls c:\somefolder\somefile.ext /setintegritylevel medium Paul |
#5
|
|||
|
|||
Undeletable - Attn Paul - update
On Fri, 06 Jul 2018 15:23:39 -0400, slate_leeper
wrote: Hi Paul, Things I have discovered and tried... First, the real permissions problem does not seem to be the /usr/me directory and files. I can delete, rename, etc in that directory just fine. What is not accessible for any sort of modification is C:/Program Files. Nothing can be done there with my administrator log-in and 'take ownership' does not work. You may remember that I first thought it was a Paragon problem because it showed up when I tried to update that program. The Paragon install program bombed when it couldn't change a file in the Program Files directory. Then when I used Win-10 to uninstall it, success was reported but nothing was deleted or uninstalled (except the listing of that program in "apps & features.") So apparently Windows itself can't really access the files in that directory. Interestingly there are no problems with the C:/Program Files (x86) directory. So I tried using the Windows-1803-update iso from a CD. It would only allow a new install, not an update. It said the update must be run from Win-10 itself, not from a CD. That has failed previously. I tried two different programs that are supposed to repair permissions in Win-10. Neither helped. I tried copying the entire program files directory to an ExFat32 formatted drive. I then booted the new Gandalf PE DVD and used it to copy it all back to the C: drive. Copying worked, but didn't fix anything.... So that's where I am - ready to go back to Win-7 if Microsoft would be willing to sell me another license (I have an OEM install CD I purchased from Amazon for my original Win-7 install on my older computer.) I hope I would be allowed to load a Win-7 backup image from that computer, and then license it on this one. No idea who to contact in Microsoft for info on that scenario, however. Is there anything unusual about the directory or file names(s)? -dan z- |
#6
|
|||
|
|||
Undeletable - Attn Paul - update
On Sat, 07 Jul 2018 13:50:47 +1000, Lucifer Morningstar
wrote: On Fri, 06 Jul 2018 15:23:39 -0400, slate_leeper wrote: Hi Paul, Things I have discovered and tried... First, the real permissions problem does not seem to be the /usr/me directory and files. I can delete, rename, etc in that directory just fine. What is not accessible for any sort of modification is C:/Program Files. Nothing can be done there with my administrator log-in and 'take ownership' does not work. You may remember that I first thought it was a Paragon problem because it showed up when I tried to update that program. The Paragon install program bombed when it couldn't change a file in the Program Files directory. Then when I used Win-10 to uninstall it, success was reported but nothing was deleted or uninstalled (except the listing of that program in "apps & features.") So apparently Windows itself can't really access the files in that directory. Interestingly there are no problems with the C:/Program Files (x86) directory. So I tried using the Windows-1803-update iso from a CD. It would only allow a new install, not an update. It said the update must be run from Win-10 itself, not from a CD. That has failed previously. I tried two different programs that are supposed to repair permissions in Win-10. Neither helped. I tried copying the entire program files directory to an ExFat32 formatted drive. I then booted the new Gandalf PE DVD and used it to copy it all back to the C: drive. Copying worked, but didn't fix anything.... So that's where I am - ready to go back to Win-7 if Microsoft would be willing to sell me another license (I have an OEM install CD I purchased from Amazon for my original Win-7 install on my older computer.) I hope I would be allowed to load a Win-7 backup image from that computer, and then license it on this one. No idea who to contact in Microsoft for info on that scenario, however. Is there anything unusual about the directory or file names(s)? -dan z- The directory is C:/Program Files. Created by Win-10 on initial install, I presume. No problems with it until recently when Windows apparently decided it is a locked directory. Even system-level privileges can not change or delete anything in it. -dan z- -- Someone who thinks logically provides a nice contrast to the real world. (Anonymous) |
#7
|
|||
|
|||
Undeletable - Attn Paul - update (more)
On Fri, 06 Jul 2018 20:41:23 -0400, Paul
wrote: http://www.jc-tech.info/2016/05/17/w...ndatory-level/ and the result is: C:\WINDOWS\system32icacls c:\Progra~1 /setintegritylevel medium c:\Progra~1: Access is denied. Successfully processed 0 files; Failed processing 1 files -- Someone who thinks logically provides a nice contrast to the real world. (Anonymous) |
#8
|
|||
|
|||
Undeletable - Attn Paul - update (more)
slate_leeper wrote:
On Fri, 06 Jul 2018 20:41:23 -0400, Paul wrote: http://www.jc-tech.info/2016/05/17/w...ndatory-level/ and the result is: C:\WINDOWS\system32icacls c:\Progra~1 /setintegritylevel medium c:\Progra~1: Access is denied. Successfully processed 0 files; Failed processing 1 files So somehow, you need to figure out how that got there and how to remove it. I don't know if this is a Domain feature or what it is. Paul |
#9
|
|||
|
|||
Undeletable - Attn Paul - update
On Sat, 07 Jul 2018 07:40:53 -0400, slate_leeper
wrote: On Sat, 07 Jul 2018 13:50:47 +1000, Lucifer Morningstar wrote: On Fri, 06 Jul 2018 15:23:39 -0400, slate_leeper wrote: Hi Paul, Things I have discovered and tried... First, the real permissions problem does not seem to be the /usr/me directory and files. I can delete, rename, etc in that directory just fine. What is not accessible for any sort of modification is C:/Program Files. Nothing can be done there with my administrator log-in and 'take ownership' does not work. You may remember that I first thought it was a Paragon problem because it showed up when I tried to update that program. The Paragon install program bombed when it couldn't change a file in the Program Files directory. Then when I used Win-10 to uninstall it, success was reported but nothing was deleted or uninstalled (except the listing of that program in "apps & features.") So apparently Windows itself can't really access the files in that directory. Interestingly there are no problems with the C:/Program Files (x86) directory. So I tried using the Windows-1803-update iso from a CD. It would only allow a new install, not an update. It said the update must be run from Win-10 itself, not from a CD. That has failed previously. I tried two different programs that are supposed to repair permissions in Win-10. Neither helped. I tried copying the entire program files directory to an ExFat32 formatted drive. I then booted the new Gandalf PE DVD and used it to copy it all back to the C: drive. Copying worked, but didn't fix anything.... So that's where I am - ready to go back to Win-7 if Microsoft would be willing to sell me another license (I have an OEM install CD I purchased from Amazon for my original Win-7 install on my older computer.) I hope I would be allowed to load a Win-7 backup image from that computer, and then license it on this one. No idea who to contact in Microsoft for info on that scenario, however. Is there anything unusual about the directory or file names(s)? -dan z- The directory is C:/Program Files. Created by Win-10 on initial install, I presume. No problems with it until recently when Windows apparently decided it is a locked directory. Even system-level privileges can not change or delete anything in it. I asked because sometimes an odd character can get into a file name preventing it being read. Have you tried renaming the file then try again to delete it? As a last ditch move you might be able to hex edit the directory entry. -dan z- |
#10
|
|||
|
|||
Undeletable - Attn Paul - update (more)
slate_leeper wrote:
On Fri, 06 Jul 2018 20:41:23 -0400, Paul wrote: http://www.jc-tech.info/2016/05/17/w...ndatory-level/ and the result is: C:\WINDOWS\system32icacls c:\Progra~1 /setintegritylevel medium c:\Progra~1: Access is denied. Successfully processed 0 files; Failed processing 1 files Integrity level has been around since Vista. It's explained in English, here. It's an adjunct to owners and permissions. https://www.symantec.com/connect/art...egrity-control As far as I know, Program Files *is* supposed to be High. It's not an anomaly. You can see it displayed here. https://www.guidingtech.com/51113/co...el-windows-10/ Now, the question is, why isn't my icacls displaying the same thing yours is ? Paul |
#11
|
|||
|
|||
Undeletable - Attn Paul - update (more)
Paul wrote:
slate_leeper wrote: On Fri, 06 Jul 2018 20:41:23 -0400, Paul wrote: http://www.jc-tech.info/2016/05/17/w...ndatory-level/ and the result is: C:\WINDOWS\system32icacls c:\Progra~1 /setintegritylevel medium c:\Progra~1: Access is denied. Successfully processed 0 files; Failed processing 1 files Integrity level has been around since Vista. It's explained in English, here. It's an adjunct to owners and permissions. https://www.symantec.com/connect/art...egrity-control As far as I know, Program Files *is* supposed to be High. It's not an anomaly. You can see it displayed here. https://www.guidingtech.com/51113/co...el-windows-10/ Now, the question is, why isn't my icacls displaying the same thing yours is ? Paul According to the information here, icacls is only supposed to display a "Mandatory" line for the MIC, if the user has altered it from the expected value. https://msdn.microsoft.com/en-us/library/bb625965.aspx Now in your case, that doesn't make sense. The documentation suggests "Program Files" is set to High, and yet your icacls output displays "High". That means your system has somehow concluded Program Files default value is something else. And finding "High" is different than its expectation. The example on that page, shows how changing the MIC leads to icacls showing a non-default value later. Whereas if you leave those alone, it displays nothing (that's why my system isn't displaying a Manditory line in the output). So while the permissions model says I could potentially change the ownership of TrustedInstaller to Slate, the system still has features that prevent Slate from making changes with an (unelevated) low integrity task. Something like that. This is mostly a red herring, a non-issue, except it does raise the question of why your system is behaving this way. If you elevated yourself to SYSTEM account, the idea is you could effect a change from there. The psexec64 command should be able to help in that case. If you use whoami /user /priv that should show you have "Impersonate", which allows psexec64 to make you the SYSTEM account, instead of being Administrators group. The (fuzzy) picture here, shows three examples of whoami /user /priv outputs. The "impersonate a Client" privilege allows elevation. That's how you jump from Administrator to SYSTEM. You can also become TrustedInstaller, but there's a separate program for that. https://s18.postimg.cc/wowci9o95/whoami_user_priv.png Paul |
#12
|
|||
|
|||
Undeletable - Attn Paul - update (more)
Paul wrote:
slate_leeper wrote: On Fri, 06 Jul 2018 20:41:23 -0400, Paul wrote: http://www.jc-tech.info/2016/05/17/w...ndatory-level/ and the result is: C:\WINDOWS\system32icacls c:\Progra~1 /setintegritylevel medium c:\Progra~1: Access is denied. Successfully processed 0 files; Failed processing 1 files Integrity level has been around since Vista. It's explained in English, here. It's an adjunct to owners and permissions. https://www.symantec.com/connect/art...egrity-control As far as I know, Program Files *is* supposed to be High. It's not an anomaly. You can see it displayed here. https://www.guidingtech.com/51113/co...el-windows-10/ Now, the question is, why isn't my icacls displaying the same thing yours is ? Paul Here is one more picture, of icacls at the top of my C: drive. Where it actually lists a mandatory level. This is probably the level that prevents Macrium from dumping a .mrimg right under the root of a drive letter. https://s22.postimg.cc/406blwpv5/root_of_C.gif Paul |
#13
|
|||
|
|||
Undeletable - Attn Paul - update
On Sun, 08 Jul 2018 12:18:07 +1000, Lucifer Morningstar
wrote: I asked because sometimes an odd character can get into a file name preventing it being read. Have you tried renaming the file then try again to delete it? As a last ditch move you might be able to hex edit the directory entry. I think I didn't make the depth of the problem clear. The problem is not with one specific file, it is with the entire Program Files directory. Nothing can be changed. No program can be uninstalled or updated. No program can be installed. No file can be modified or deleted. -dan z- -- Someone who thinks logically provides a nice contrast to the real world. (Anonymous) |
#14
|
|||
|
|||
Undeletable - Attn Paul - update (more)
On Sat, 07 Jul 2018 23:24:05 -0400, Paul
wrote: Now, the question is, why isn't my icacls displaying the same thing yours is ? The question is, what security level is required for me to access that directory, and how do I gain that level? -dan z- -- Someone who thinks logically provides a nice contrast to the real world. (Anonymous) |
#15
|
|||
|
|||
Undeletable - Attn Paul - update (more)
On Sun, 8 Jul 2018 18:21:46 +0100, ? Good Guy ?
wrote: There is nothing in Windows that can't be deleted by an Administrator of the machine provided there aren't any APPs still running and using some files in a particular folder. Except on mine. The Program Files directory on mine is completely locked against deleting or modifying any files within. If you had been following this thread you would know that we have tried doing it as "true administrator" and also as SYSTEM. Neither of those were able to do anything with the files. It just keeps saying "access denied." This despite the properties of the directory and of the files shows both SYSTEM and Administrators as having full access. -dan z- -- Someone who thinks logically provides a nice contrast to the real world. (Anonymous) |
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|