Solved How to return a local drive C:\ to "TrustedInstaller" as Owner


Ricard301

Member
Local time
1:18 PM
Posts
14
Location
Europe
OS
Windows 11 Home 22621.1778
Hello, I need advice

I have been attacked by a ransomware and being desperate I have changed the owner by default of the local disk C: to my local user,

selecting right click properties on local drive C: with file explorer,
Properties > Security > Advanced > Change

before I had TrustedInstaller in C: and now once the folder and file renaming problem has been solved,
I don't know how to switch back to TrustedInstaller,

I ask for advice to know if it is possible to leave it like this with my local user account or change to TrustedInstaller again,

tell me how I should act to change to TrustedInstaller or it is not necessary,

whether TrustedInstaller is important for system security or is indifferent,

Windows 11 Home 22H2 22621.1413 x64

Thank you very much in advance
Ricard
 
Windows Build/Version
Windows 11 Home 22H2 22621.1413 x64

My Computer

System One

  • OS
    Windows 11 Home 22621.1778
Have you taken a backup of your system lately? Any chance you can save any updated files, revert to your backup and put your new files back??
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Beelink SEI8
    CPU
    Intel Core i5-8279u
    Motherboard
    AZW SEI
    Memory
    32GB DDR4 2666Mhz
    Graphics Card(s)
    Intel Iris Plus 655
    Sound Card
    Intel SST
    Monitor(s) Displays
    Asus ProArt PA278QV
    Screen Resolution
    2560x1440
    Hard Drives
    512GB NVMe
    PSU
    NA
    Case
    NA
    Cooling
    NA
    Keyboard
    NA
    Mouse
    NA
    Internet Speed
    500/50
    Browser
    Edge
    Antivirus
    Defender
    Other Info
    Mini PC used for testing Windows 11.
  • Operating System
    Windows 10 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom
    CPU
    Ryzen 9 5900x
    Motherboard
    Asus Rog Strix X570-E Gaming
    Memory
    64GB DDR4-3600
    Graphics card(s)
    EVGA GeForce 3080 FT3 Ultra
    Sound Card
    Onboard
    Monitor(s) Displays
    ASUS TUF Gaming VG27AQ. ASUS ProArt Display PA278QV 27” WQHD
    Screen Resolution
    2560x1440
    Hard Drives
    2TB WD SN850 PCI-E Gen 4 NVMe
    2TB Sandisk Ultra 2.5" SATA SSD
    PSU
    Seasonic Focus 850
    Case
    Fractal Meshify S2 in White
    Cooling
    Dark Rock Pro CPU cooler, 3 x 140mm case fans
    Mouse
    Logitech G9 Laser Mouse
    Keyboard
    Corsiar K65 RGB Lux
    Internet Speed
    500/50
    Browser
    Chrome
    Antivirus
    Defender.
Have you taken a backup of your system lately? Any chance you can save any updated files, revert to your backup and put your new files back??
Yes, I had a restore point created before I changed Owner to the local drive C:\
and that saved my life, the system worked fine again,

but the Owner is still Local User,
no longer TrustedInstaller on local drive C:\ as it was originally

I don't know if this is important, return it to TrustedInstaller,
I await your advice and procedure,
in case of security vulnerability or system instability
 

My Computer

System One

  • OS
    Windows 11 Home 22621.1778
I don't know if this is important, return it to TrustedInstaller


I would return it to TrustedInstaller, mainly for stability reasons.





Scroll down to this paragraph... Restore TrustedInstaller as the Owner of a File, Folder, or Registry Key
...and just follow the directions.




This is the same method, but may be simpler...

 
Last edited:

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦22631.3374 ♦♦♦♦♦♦♦23H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 4702)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 13 years?
I would return it to TrustedInstaller, mainly for stability reasons.





Scroll down to this paragraph... Restore TrustedInstaller as the Owner of a File, Folder, or Registry Key
...and just follow the directions.




This is the same method, but may be simpler...

I'm going to explore the thread to follow the procedure of returning C:\ drive to TrustedInstaller, I hope I'm lucky, I'll leave my results in a comment
 

My Computer

System One

  • OS
    Windows 11 Home 22621.1778
Reading this brings up a question for me. IMO, If he returns the entire C drive back to trusted installer, he will not have access to any of his own files afterward because trusted installer will have ownership thereby preventing this user from accessing them.

He's going to run into permission problems big time.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 22631.3296
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    1tb Solidigm m.2 +256gb ssd+512 gb usb m.2 sata
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 22H2 19045.3930
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell factory
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Internet Speed
    still not telling
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
Reading this brings up a question for me. IMO, If he returns the entire C drive back to trusted installer, he will not have access to any of his own files afterward because trusted installer will have ownership thereby preventing this user from accessing them.

He's going to run into permission problems big time.


By default, TurstedInstaller already has ownership of the C:\ drive.
Ownership and permissions are not the same things.


Right click your C:\ drive and select Properties > Security... and in the top window select Users (XXXX\Users), and then Administrators (XXXX\Administrators), and you'll see they have their own permissions aside from the ones TrustedInstaller has. And that's while SYSTEM already has full control.

Like.... by default, SYSTEM "owns" the C:\Users folder, even though the Users can do "almost" anything they want.
But if SYSTEM wants to do A and the User wants to do not-A... SYSTEM will win the argument.
Then, if the User still wants to do not-A, despite what SYSTEM says, they have to take ownership of the folder in question.

That's about as far as I've "bothered" to understand it. :-)



It's like a parent with 4 kids, who's going to visit the neighbors.
They tell the oldest...
Ok you're in charge, let them do what they want... but don't let them kill each other or burn the house down.
Then they tell the others... OK you can do what you want, etc., but overall, you listen to your older brother.

With permissions, I think MS is trying to cover all bases, just like the fictitious parent in the example.
 
Last edited:

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦22631.3374 ♦♦♦♦♦♦♦23H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 4702)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 13 years?
hi
I have tried everything and the conclusion is to reinstall the OS from scratch,
now everything works like factory
It is very important not to forget to take note of the windows key before formatting the entire disk,
thanks for answering
problem solved!
 

My Computer

System One

  • OS
    Windows 11 Home 22621.1778
hi
I have tried everything and the conclusion is to reinstall the OS from scratch,
now everything works like factory
It is very important not to forget to take note of the windows key before formatting the entire disk,
thanks for answering
problem solved!
Good that you're sorted. Personally I would have tried a repair install first. You don't need the Windows key for a fresh install as it's embedded in the motherboard but making a note of it won't hurt if it's the correct one.
 

My Computers

System One System Two

  • OS
    Win 11 Pro & 🐥.
    Computer type
    Laptop
    Manufacturer/Model
    ASUS VivoBook
    CPU
    AMD Ryzen 7 3700U with Radeon Vega Mobile Gfx
    Motherboard
    ASUSTeK COMPUTER INC. X509DA (FP5)
    Memory
    12GB
    Graphics Card(s)
    RX Vega 10 Graphics
    Monitor(s) Displays
    Generic PnP Monitor (1920x1080@60Hz)
    Screen Resolution
    1920x1080@60Hz
    Hard Drives
    Samsung SSD 970 EVO Plus 2TB NVMe 1.3
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ACER NITRO
    CPU
    AMD Ryzen 7 5800H / 3.2 GHz
    Motherboard
    CZ Scala_CAS (FP6)
    Memory
    32 GB DDR4 SDRAM 3200 MHz
    Graphics card(s)
    NVIDIA GeForce RTX 3060 6 GB GDDR6 SDRAM
    Sound Card
    Realtek Audio. NVIDIA High Definition Audio
    Monitor(s) Displays
    15.6" LED backlight 1920 x 1080 (Full HD) 144 Hz
    Screen Resolution
    1920 x 1080 (Full HD)
    Hard Drives
    Samsung 970 Evo Plus 2TB NVMe M.2
    PSU
    180 Watt, 19.5 V
    Mouse
    Lenovo Bluetooth
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
Good that you're sorted. Personally I would have tried a repair install first. You don't need the Windows key for a fresh install as it's embedded in the motherboard but making a note of it won't hurt if it's the correct one.
I tried:
-. a previous restore point
-. a PC reset from configuration
-. some commands from CMD like: sfc /scannow
-. and others

and the only solution for me is to reinstall from scratch,
previously saving the most important data on local disk,

you are right, the windows key is activated automatically
It is not essential to take note, it is true,

ok, a happy ending for a structural problem
thanks for helping
 

My Computer

System One

  • OS
    Windows 11 Home 22621.1778
Good that you're sorted. Personally I would have tried a repair install first. You don't need the Windows key for a fresh install as it's embedded in the motherboard but making a note of it won't hurt if it's the correct one.
I once did similar (stupidly error), and a repair upgrade did not sort it. However, I agree it is worth trying before nuking things.

You often find people mess around with permissions to delete files or add file, the trusted installer will refuse to allow.

I just boot from Macrium Reflect into WinPE mode, and do these outside of windows.
 

My Computer

System One

  • OS
    Windows 10 Pro + others in VHDs
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Vivobook 14
    CPU
    I7
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    N/A
    Screen Resolution
    1920x1080
    Hard Drives
    1 TB Optane NVME SSD, 1 TB NVME SSD
    PSU
    Yep, got one
    Case
    Yep, got one
    Cooling
    Stella Artois
    Keyboard
    Built in
    Mouse
    Bluetooth , wired
    Internet Speed
    72 Mb/s :-(
    Browser
    Edge mostly
    Antivirus
    Defender
    Other Info
    TPM 2.0
You did the right thing. I would never have attempted to salvage it in the first place. My opinion is and has always been, if one is infected with true ransomware, cut your losses and wipe that sucker clean ASAP. I never attach such infected systems to my network either as the sophisticated ransomwares can get into every device on a network and lay in wait to attack those computers as well at some time in the future..
This is why we preach the importance of keeping recent images on hand (NOT RESTORE POINTS) and having these images separate from your computer.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 22631.3296
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    1tb Solidigm m.2 +256gb ssd+512 gb usb m.2 sata
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 22H2 19045.3930
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell factory
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Internet Speed
    still not telling
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium

Latest Support Threads

Back
Top Bottom