I'm sure it's protected... he'll have to run takeown and icacls with the proper parameters to do what he wants.
Anyone familiar with protection maybe can tell me why that "trick" doesn't work with winlogon.exe ?? That file must have extra protection... i hope it does.. it's a very critical file that all viruses want to infect because they will load before a av program or firewall can load. ...but what could the extra protection be?
It is, as with most of the built in Microsoft programs, in the category of trusted installer, in this case Microsoft.
"Trusted Installer The Trusted Installer is actually a service, not a user,
even though you see permissions granted to it all over the file system.
Service hardening allows each service to be treated as a full-fledged
security principal that can be assigned permissions just like any other
user. For an overview of this feature, see the January 2007 issue of
TechNet Magazine. The book Windows Vista Security (Grimes and Johansson,
Wiley Press, 2007) explores service hardening in detail, including how it
is leveraged by other features, such as the firewall and IPsec.
Trusted Installer In Windows Vista, most of the OS files are owned by the
TrustedInstaller SID, and only that SID has full control over them. This is
part of the system integrity work that went into Windows Vista, and is
meant specifically to prevent a process that is running as an administrator
or Local System from automatically replacing the files. In order to delete
an operating system file, you thus need to take ownership of the file and
then add an ACE on it that lets you delete it. This provides a thin layer
of protection against a process that is running as LocalSystem and has a
System integrity label; a process that has lower integrity is not supposed
to be able to elevate itself to change ownership. Some services, for
instance, can run with medium integrity, even though they are running as
Local System. Such services cannot replace system files so an exploit that
takes over one of them canÃ¢â‚¬â„¢t replace operating system files, making it a
bit harder to install a rootkit or other malware on the system. It also
becomes more difficult for system administrators who are offended by the
mere presence of some system binary to remove that binary."
hello and welcome the windows7forums.
it could be because it's a protected operating system file. or oyou don't have the proper permissions.
What error message do your receive?
May I ask why you would want to do such a thing?
Hi Reghakr. Thanks for the welcome.
I am trying to replace notepad with notepad++. Hence trying to rename notepad.exe to something else.
The error message I get is that the access was denied. I tried renaming the file while running explorer/cmd/ps as 'run as administrator'. I couldn't even change permissions on the file.
When you installed Notepad++ didn't it change the association?
There should be a place in the options of Notepad ++ to make it the default program to open text files.
If the above suggestions don't work, there us a way in the registry to change it, but a much easier solution is to download this freeware app call File Types Manager. Read the instructions carefully, but it is pretty straight forward.
It's a program that I always keep around to manage or change file types.