TrustedInstaller

[erniehogan]

I'm have changed an icon in a file, C:\windows\system32\imageres.dll. I copied the file at another location and changed the icons I wanted to change. However, I have not found a way to replace the original with the one I modified. When I make the attempt I am informed, "You require permission from TrustedInstaller to make changes to this file".

I changed some icons in shell32.dll and was able to replace the original by logging on as Administrator and then moving the active file to the desktop and then copying the modified file to the original location.

Has anyone any idea how to go about getting permission from "TrustedInstaller"?

 

[bcastner]

TrustedInstaller is the OWNER of that resource, and the only one with full control over the resource.

You need to sign your update in order to satisfy the TrustedInstaller.


____________________________
Users Helping Users

 

[erniehogan]

Could you please elaborate on your answer by telling me what it means to "sign your update" and how to do so. Thank you.

 

[bcastner]

Windows Resource Protection (WRP)
Feature Impact
High (may block the application from installing or running)

Brief Description
As an initiative to increase system stability, predictability and reliability, Windows Resource Protection (WRP) protects Windows read-only resources: specifically OS files, folders, and registry keys that are non-configurable by design. See Protected Resource List.

WRP enforces this protection using Windows Security by specifying special security descriptors on the resource. Any process, including those running as administrator or system, do not have rights to make changes to WRP resources; they can read and execute. Full access to WRP resources is restricted to Windows Modules Installer service.

As a result, read-only system state is protected from the inadvertent impact of application installs and administrator modifications, which improves system stability.

Manifestation
Applications (typically this happens during application install and uninstall) will not succeed in replacing or modifying protected OS resources, with the following results:

Attempts to replace, modify, or delete OS files and/or registry keys that are protected by WRP may fail with an error message indicating that the resource could not be updated. This is because access to these resources is denied.

Because applications are prevented from making changes to WRP resources, and related errors are suppressed, runtime errors may result.

Remedies
Do not install or update system state (files and registry) on Windows Vista except when using Microsoft-provided redistributable packages designed for Windows Vista.

Do not decompose a Microsoft-provided redistributable designed for Windows Vista and install individual files or registry keys. The redistributable must be installed as provided by Microsoft.

Through code, use SfcIsFileProtected API.
Or use Explorer to check permissions on the file.
Open the folder that contains the file whose properties you want to see.
Right-click the file whose properties you want to see, and then click Properties.

Keys that are WRP will show Trusted Installer with Full Control. SYSTEM, Administrators, and Users will have Read permissions only.

The only way to modify a WRP registry value or WRP protected OS file is to:

. submit the changed file and installer to an Authenticode provider and receive an Authenticode certificate for appliation signing;

. or, submit the changed file and installer to Microsoft for WHQL certification.




____________________________
Users Helping Users