0
I'm having trouble deleting a file/folder. The operating system claims its in use even though its old and subject to deletion. The same problem occurs on occasion under both Windows 8 and Windows 10.
I was able to place a Deny ACE on the object for SYSTEM, but I am having trouble putting one on the object for TrustedInstaller (or Trusted Installer). It appears there is no security principal named TrustedInstaller in the SAM database, or the operating system is filtering results so I can't use the name:
How do I add a Deny ACE to an object for the TrustedInstaller security principal?
jww
Posted 2015-12-01T15:42:36.383
Reputation: 1
How is "I'm having trouble deleting a file/folder" related to that? – user1686 – 2015-12-01T15:52:35.467
@grawity - I believe the component that has the file open runs under SYSTEM or TrustedInstaller; or it has the privileges associated with SYSTEM or TrustedInstaller. – jww – 2015-12-01T17:51:53.983
Changing the ACLs wouldn't help with that at all though. Existing file handles remain open. File access is checked at open time. – user1686 – 2015-12-01T17:59:48.853
try NT Service\TrustedInstaller and look what happens – magicandre1981 – 2015-12-01T18:48:42.040
@grawity - once I added the Deny ACE, I planned on a reboot. However, I looked at the file using Sysinternal's handle program and nothing has it open. I also used Sysinternal's Move File to force a deletion at reboot, but the deletion failed. I'm guessing its an ASUS driver using the old file and bypassing the Object Manager. I returned the laptop because I got tired of trying to fix stuff with a new laptop.
– jww – 2015-12-27T07:04:49.780