not really programming and probably butchered the execution on that cmd but this felt like the only place it would be funny to post it
So this is what it looks like when I Windows people read our shell commands.
Why is it all uppercase? It looks so wrong, eventhoughI don’tknowwhat the runes mean.
(I know windows supposedly doesn’t care, it should matter for command options though)
I was thinking the same thing. I feel kind of bad now.
Also: this is what it would look like if Linus wrote a CPM kernel instead.
Your username rules
Thanks!
As a security professional… yeah, nope. Nope, nope, nope.
Win11 has many usability issues, and Windows seems to accumulate more with every design decision, but reaming your arse open for someone else to bugger you via an exploit run under your own account is not one of them.
Oh wow, a security disaster. You know, you can temporarily escalate your privileges if you need to modify Program Files, right? It’s just one UAC prompt away.
oh god not the UAC 🤮 so I use a lot of software that needs to be able to handle files too and some that gets temperamental with things that mess with full screen. I get what UAC is for but for my daily use it’s basically a rake for me to step on
UAC is the only thing between you and a certain security desaster.
If you can’t remember times before UAC, call yourself happy.
UAC- the design is very human
What does this even do ?
takes ownership of the C disk in windows and gives administrators full priveledges for program files. by default they belong to “trustedinstaller” which bars you from using a lot of your own computer, even if you make an admin account.
I feel like that would break a lot of stuff
they say it does. the consequences have yet to reveal themselves to me
Windows permissions are more flexible than basic Unix ones. A file doesn’t just have an owner and a group, it can have individual permissions for arbitrarily many entities, so taking ownership doesn’t remove any of the permissions from anything that already had access, it just adds more. The command shown here is closest in effect to deciding you’re always going to log in as root from now on, although Windows has a way to effectively do that without modifying the ACL of every file. Either way, it’s silly, and usually people who suggest it are under the impression that XP did permissions right by not meaningfully enforcing them and not having an equivalent of a root account you can temporarily switch to, and Vista only changed things specifically to annoy people, and not to be more like Unix.
Good on you if you think you can handle the responsibility of being able to completely wreck your OS. The option exists for a reason.
But Windows was made with the average user in mind. And they can’t be trusted with that kind of power.
Though I do question the security issues that arise from doing this. If your account can break everything, so can every software/malware you install.
honestly if I install a malware at this point I kind of deserve what happens.
“Trusted installer” has such “Trust me bro” energy and I hate it. I don’t trust you one goddamned bit gimmie those files!
FR, like I know why Microsoft started wrestling away control from end users but dammit I NEED those priveledges for myself
I’d guess it allows administrators to read write all files in c
But I’m it positive
Cool way to break your computer wide open to security exploits.
Also, an awesome image of text, so people can’t just copy & paste it, but that’s more of a hidden blessing.
Something something delete system32
I find it more funny that people including yourself don’t know if it’s correct or not.
It’s about 6 clicks in the gui.
It’s about 6 clicks in the GUI 💀
I’ve used that method too. switched to using cmd because the GUI has crashed before while making changes to large amounts of data. with more recent versions of windows the more unstable it seems to get.
I recently changed the acls on 20tb of documents. On 2cpu and 8gb mem serving a few hundred users.
Seems stable enough for my needs.
sheesh, all in one go? I can’t get through 1 tb with it even before I start doing hairbrained shit like in my post. on a private machine, with 16gb. I assume that system is on 11?
Server 2022, but was previously server 2016 and doing the same things.
Only time there are issues is when someone has used an app to extract files with extremely long folder names and even that hasn’t happened in years.
Ntfs hasn’t changed a whole lot recently so I doubt there’s much difference between server 2022 and win11.
you know I got some torrent files that start to exceed the limit on filenames. I wonder if those are doing something similar. I just assumed newer versions of windows are just running shittier script shells on top of old Windows 7 architecture, but maybe that’s worth looking into
but I would guess there are some wide differences between Server 2022 and a consumer Windows build. A lot of effort seemed to get put into transparency visual effects and window transitions. Maybe this is just my bias but I think industry applications are little better stress tested and optimized for things like file management
Pairs nicely with
rd /s /q "C:\"the perfect space saver
at this point just login as system or trustedinstaller lol for elevated stuff i usually use 7zip as admin or system(nircmd)
You can log in as trustedinstaller???
do you mean like accessing your files in the 7zip interface? I hadn’t thought of using that for anything besides zipping. that’s clever
idk if its system or trustedinstaller that i literally logged into and launched a “user session”, its been a while since i played around windows. but yeah it kinda works although it breaks explorer heavily (lol)
just use a normal admin user and use nircmd to run 7zip totalcmd etc as SYSTEM
Edit: I was scrolling back up and realized I responded to the wrong person about the psexec thing. I apologize for any misunderstanding (I’m gonna leave it because its still kind of good info in there and I suck at typing on mobile).
I’m not a fan of psexec anymore, in a lot of environments is blocked or gets picked up by overzealous AV. Might I suggest using using something like NTObjectManager to just spawn a child process of TrustedInstaller?
It works really well, I’ve never seen it flagged by AV, and it’s nice being able to remove shit that system can’t. One thing I had a hard time getting away from PSExec for was remote sessions when remote management was turned off. Thankfully you can just invoke-command to call cmd and enable WinRM remotely… Goddamn I hate Windows but love the simplicity to utilized it’s “under documented” features.
PS C:/Users/you> .\psexec.exe /s /i cmd.exeThat looks like it would only grant a system level cmd prompt. TrustedInstaller has a bit more access.
trustedinstaller is a placeholder
system can R/W to everywhere trustedinstaller can
Welcome to today’s 10,000 (totally not trying to be offensive, learning is great).
TrustedInstaller is actually a service that was introduced with Windows Vista with the intention of preventing modification of system files. It typically is the “owner” of damn near everything in default Windows directories.
A fun way I typically show off the limitations of the system account is by telling people to try to delete a protected resource, like Windows Defender’s directories. Then try it again when running with TrustedInstaller’s rights and you’ll possibly find yourself just staring at your screen thinking about how useful that could be.
