PowerRun: run programs as TrustedInstaller
PowerRun is a free program for the Microsoft Windows operating system that lets you run programs with TrustedInstaller/System rights on Windows.
TrustedInstaller is the process of the Windows Modules Installer service. This service is used primarily for the installation, modification or removal of Windows updates and components.
Files and Registry keys owned by TrustedInstaller cannot be manipulated in any way by regular users or even system administrators.
When you try to rename a file owned by TrustedInstaller, you get a "you need permission to perform this action" prompt.The same is true for Registry keys or folders.
PowerRun: run programs as TrustedInstaller
The prompt itself does not provide you with the means to get those permissions. Up until now, you had to go through a lengthy process to get the rights to manipulate the file or Registry key.
This changes with PowerRun, a free program for Windows that starts programs as TrustedInstaller.
Update: The latest version of PowerRun ships with a graphical user interface and other improvements. Other new features of interest include creating vbs or bat files, running with parameters, and jumping straight to a Registry key.
You can use the application to run the Registry with TrustedInstaller rights. This in turn enables you to edit keys that are blocked by default.
PowerRun is a portable program that you can run without installation. Simply download the program and extract the archive it is provided in to get started.
The program ships without graphical user interface. It starts the Registry Editor with System rights by default giving you full access to otherwise locked Registry keys.
You may change that to another program, for instance cmd.exe to run the Command Prompt with the same rights.
Simply modify the "TargetApp" parameter in the ini file -- it is the only parameter there -- to make the change.
You may run commands from the command line with these privileges then, for instance to delete files that you cannot delete.
The easiest way to verify that PowerRun is working correctly is to check the Windows Task Manager, or another process manager, and look at the user name associated with the process you just started.
If you see System listed as the user name, the operation worked and you have the rights needed to make changes to the system.
PowerRun is a handy program that runs select programs as TrustedInstaller / System. It offers two main advantages over manually changing access rights: first, the access it grants is just temporary which means that everything is back to normal once you close the program window. Second, it speeds things up significantly. Manipulating access rights manually, and reverting them later on, takes quite a bit of time.
Since the latest version ships with a graphical user interface, it is easier to manage items in the program.
I’m Tom Hawack and I approve this application :)
This is going to come in really handy. Nice find, Martin.
The same company develops ‘DNSJumper’, another well crafted application.
When i needed to delete CorTana completely from my system, i just used ‘Take Ownership’ reg hack to context menu, & was able to achieve the deletion. in other words what would be the difference b/w PowerRun & ‘Take Ownership’?
I’m pretty sure there’s a more automated way to remove Cortana. I might’ve seen it here on Ghacks.
By taking ownership of a file, you change its properties so your is the creator of it. You can then freely modify it. I used to enable themes on Window$. By running a file as SYSTEM you go well higher in the hierarchy on Win Users. That’s a powerful and risky business, as running – let’s say – a malicious script as SYSTEM will totally open the system to the malware.
Due to following facts:
* admins can take ownership of any object (it’s defined in default security policy, but can be changed)
* owner can change ACL (ACL = list of permissions) even when they don’t have access to the object, even it’s explicitly denied for them to mess with object in any way, and even when he can’t actually read ACL
* owner can change ownership
An admin can take ownership of any object, change ACL to allow himself access, and then change ownership back (though GUI for changing owner to any user isn’t available in Windowses up to 8 IIRC). For ones not afraid of command line, using icacls for files or SetACL for anything including files and registry, whole process is fairly easily automated (using 3-4 lines batch).
This is more straightforward way for dealing with “permission denied” situations, than installing 3rd party software which installs an driver or service (even if it’s removed immediately after each run).
It doesn’t run program as TrustedInstaller, it runs them as System.
A better software for this is http://www.uwe-sieber.de/misc_tools_e.html#runassystem
psexec \\127.0.0.1 -i -s MY_HAIRY_COMMAND
from the SysinternalsSuite.
You don’t need to specify \\target to run something locally. Just
psexec -i -s MY_HAIRY_COMMAND
Exactly. PowerRun let you run commands as SYSTEM only.
TrustedInstaller with Windows 10 has even higher privileges than System….
This one does it instead and you’ll be able for example to finally fix DCOM Services errors directly without taking ownership of registry keys first:
You need to ‘net start TrustedInstaller’ and then run as SYSTEM + clone the token from TrustedInstaller.exe as in the small script explained at the bottom of the page.
Thank you martin “PowerRun” works as advertised but “runassystem” doesn’t work on my Windows 7 x64 system always the same error “runassytem stooped working” but let me say something why such softwares have no GUI it is hard to understand , thanks again
Good work, but I’d like to make it that it runs with TI privileges by default instead of always right clicking on it.
This looks very interesting. Thank you Martin.
Is there a similar program that simply runs a single app with sufficient privileges to avoid UAC prompts for that app?
Slightly OT question:
One of my programs has a little problem:
its “certificate was explicitly revoked by its issuer” as stated in Properties-Digital signatures.
I had to install it as admin from command line and now it is all red in Process Monitor.
No, it is not a virus but a specific version of utorrent.
Now, my question is: is there a way to somehow replace its digital signature with a valid one?
I guess for your case, you could just strip certificate off: http://www.fluxbytes.com/software-releases/fileunsigner-v1-0/
Otherwise, you can sign, but there’s own caveats: http://stackoverflow.com/questions/252226/signing-a-windows-exe-file
And at least, I second what @Bad Peer sad: don’t use uTorrent if you can. Try qBittorrent as almost straightforward clone.
I switched to qbit a year ago and then one of my private trackers announce url.
With qbit I had to manually update announce url for 400 torrents I was seeding, that would take 1200 seconds.
With utorrent I just selected ALL torrents and changed announce url for ALL of them, took me 3 seconds to do it.
utorrent had bad problems with spyware in the past. Can’t you use another client?
since we are talking about torrent clients now, I really like Tixati and they have a portable version.
Hi Martin thanks for your nice Review here is the new version
Changelog: ( September 08, 2016)
1. [ Fixed ] – PowerRun Can’t delete some registry files which belong to TrustedInstaller
2. [Added] – GUI
3. [Added] – Drag and drop support
4. [Added] – Run with Parameter , Startup Windows state features
5. [Added] – Jump the registry key feature
6. [Added] – Create a vbs or Bat file feature
7. [Added] – Cmd support Updated
8. [Added] – Language support
Thanks I have published an update to the article to reflect that. Great work.
Another very powerful tool of this kind to perform actions with the highest privileges is
What is new on version 1.3 (Tuesday, 13. February 2018)
1. [Fixed] â€“ PowerRun creates an infinite run in Non english systems (rarely) â€“ Critical
2. [Added] â€“ To seperate Trustedinstaller user â€œ/SYSâ€ parameter suport for command prompt
3. [Added] â€“ To seperate Trustedinstaller user â€œTrustedInstaller=1/0â€ parameter suport for GUI
TrustedInstaller=0 ; mean PowerRun runs Only in SYSTEM privileges to change it Please edit PowerRun.ini file.
Link to new version added to first post (a critical BUG fixed please update your old version)
A download link or at least a link to the developers official webpage would have been nice. Trying to search google for the program brings up all kinds of crap name “powerrun”, stupidcrap games, malware, adware sites etc etc
The link is in the summary box below the article.