WindowsApps folder security settings messed up

MrJunky

Active Member
#1
I was trying to access my C:\Program Files\WindowsApps folder and I did by changing the security features in this video but I tried to restore it and now none of my WindowsApp will launch. When I launch a App like my calculator or weather it opens the window and after second it closes the app. Does anyone know the settings to restore the security on this folder?

 


Josephur

Windows Forum Admin
Staff member
Premium Supporter
#2
Here's what values I have from PowerShell and Command Prompt (ran as Administrator of course)

Code:
PS C:\Program Files> Get-Acl WindowsApps | fl

Path   : Microsoft.PowerShell.Core\FileSystem::C:\Program Files\WindowsApps
Owner  : NT SERVICE\TrustedInstaller
Group  : NT SERVICE\TrustedInstaller
Access : NT AUTHORITY\SYSTEM Allow  Write, ReadAndExecute, Synchronize
         NT AUTHORITY\SYSTEM Allow  268435456
         NT AUTHORITY\LOCAL SERVICE Allow  ExecuteFile, ReadAttributes, ReadPermissions, Synchronize
         NT AUTHORITY\LOCAL SERVICE Allow  ReadAndExecute, Synchronize
         NT AUTHORITY\NETWORK SERVICE Allow  ExecuteFile, ReadAttributes, ReadPermissions, Synchronize
         NT AUTHORITY\NETWORK SERVICE Allow  ReadAndExecute, Synchronize
         BUILTIN\Administrators Allow  ReadAndExecute, Synchronize
         NT SERVICE\TrustedInstaller Allow  268435456
         NT SERVICE\TrustedInstaller Allow  FullControl
         S-1-15-3-1024-3635283841-2530182609-996808640-1887759898-3848208603-3313616867-983405619-2501854204 Allow
         -1610612736
         S-1-15-3-1024-3635283841-2530182609-996808640-1887759898-3848208603-3313616867-983405619-2501854204 Allow
         ReadAndExecute, Synchronize
Audit  :
Sddl   : O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464G:S-1-5-80-956008885-3418522649-1831038044-185
         3292631-2271478464D:PAI(A;;0x1201bf;;;SY)(A;OICIIO;GA;;;SY)(A;;FX;;;LS)(A;OICIIO;0x1200a9;;;LS)(A;;FX;;;NS)(A;
         OICIIO;0x1200a9;;;NS)(A;OICI;0x1200a9;;;BA)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-22
         71478464)(A;;FA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;OICIIO;GXGR;;;S-1-15-3-102
         4-3635283841-2530182609-996808640-1887759898-3848208603-3313616867-983405619-2501854204)(A;;0x1200a9;;;S-1-15-
         3-1024-3635283841-2530182609-996808640-1887759898-3848208603-3313616867-983405619-2501854204)

Code:
C:\Program Files>icacls WindowsApps
WindowsApps NT SERVICE\TrustedInstaller:(F)
            NT SERVICE\TrustedInstaller:(CI)(IO)(F)
            S-1-15-3-1024-3635283841-2530182609-996808640-1887759898-3848208603-3313616867-983405619-2501854204:(RX)
            S-1-15-3-1024-3635283841-2530182609-996808640-1887759898-3848208603-3313616867-983405619-2501854204:(OI)(CI)(IO)(GR,GE)
            NT AUTHORITY\SYSTEM:(RX,W)
            NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
            BUILTIN\Administrators:(RX)
            BUILTIN\Administrators:(OI)(CI)(IO)(RX)
            NT AUTHORITY\LOCAL SERVICE:(Rc,S,X,RA)
            NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(RX)
            NT AUTHORITY\NETWORK SERVICE:(Rc,S,X,RA)
            NT AUTHORITY\NETWORK SERVICE:(OI)(CI)(IO)(RX)
            Mandatory Label\Low Mandatory Level:(OI)(CI)(NW)

Successfully processed 1 files; Failed processing 0 files
 


MrJunky

Active Member
#3
I just ran your code through powershell and command prompt and as you can tell its different.

Code:
PS C:\Program Files>  Get-Acl WindowsApps | fl


Path   : Microsoft.PowerShell.Core\FileSystem::C:\Program Files\WindowsApps
Owner  : NT SERVICE\TrustedInstaller
Group  : NT SERVICE\TrustedInstaller
Access : NT AUTHORITY\SYSTEM Allow  FullControl
         NT AUTHORITY\SYSTEM Allow  Write, ReadAndExecute, Synchronize
         NT AUTHORITY\LOCAL SERVICE Allow  ExecuteFile, ReadAttributes, ReadPermissions, Synchronize
         NT AUTHORITY\LOCAL SERVICE Allow  ReadAndExecute, Synchronize
         NT AUTHORITY\NETWORK SERVICE Allow  ReadAndExecute, Synchronize
         NT AUTHORITY\NETWORK SERVICE Allow  ExecuteFile, ReadAttributes, ReadPermissions, Synchronize
         BUILTIN\Administrators Allow  ReadAndExecute, Synchronize
         NT SERVICE\TrustedInstaller Allow  FullControl
Audit  :
Sddl   : O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464G:S-1-5-80-956008885-3418522649-1831038044-185
         3292631-2271478464D:PAI(A;OICIIO;FA;;;SY)(A;;0x1201bf;;;SY)(A;;FX;;;LS)(A;OICIIO;0x1200a9;;;LS)(A;OICIIO;0x120
         0a9;;;NS)(A;;FX;;;NS)(A;OICI;0x1200a9;;;BA)(A;CI;FA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271
         478464)
Code:
C:\Program Files>icacls WindowsApps
WindowsApps NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
            NT AUTHORITY\SYSTEM:(RX,W)
            NT AUTHORITY\LOCAL SERVICE:(Rc,S,X,RA)
            NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(RX)
            NT AUTHORITY\NETWORK SERVICE:(OI)(CI)(IO)(RX)
            NT AUTHORITY\NETWORK SERVICE:(Rc,S,X,RA)
            BUILTIN\Administrators:(OI)(CI)(RX)
            NT SERVICE\TrustedInstaller:(CI)(F)
            Mandatory Label\Low Mandatory Level:(OI)(CI)(NW)

Successfully processed 1 files; Failed processing 0 files
 


Last edited:

Josephur

Windows Forum Admin
Staff member
Premium Supporter
#4
Yes but besides the funky SID's it appears to have the system access it needs, have you checked the event viewer for any corresponding errors when you launch an app?
 


MrJunky

Active Member
#5
Code:
Log Name:      System
Source:        Microsoft-Windows-DistributedCOM
Date:          2016-02-09 6:09:28 PM
Event ID:      10010
Task Category: None
Level:         Error
Keywords:      Classic
User:          Cam\Cameron
Computer:      Cam
Description:
The server Microsoft.XboxApp did not register with DCOM within the required timeout.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
    <EventID Qualifiers="0">10010</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2016-02-10T00:09:28.443646700Z" />
    <EventRecordID>17703</EventRecordID>
    <Correlation />
    <Execution ProcessID="1004" ThreadID="9140" />
    <Channel>System</Channel>
    <Computer>Cam</Computer>
    <Security UserID="S-1-5-21-557688054-2976859209-346310397-1001" />
  </System>
  <EventData>
    <Data Name="param1">Microsoft.XboxApp</Data>
  </EventData>
</Event>
Code:
Log Name:      Application
Source:        Microsoft-Windows-Immersive-Shell
Date:          2016-02-09 6:09:29 PM
Event ID:      5973
Task Category: (5973)
Level:         Error
Keywords:     
User:          Cam\Cameron
Computer:      Cam
Description:
Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: The app didn't start. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Immersive-Shell" Guid="{315A8872-923E-4EA2-9889-33CD4754BF64}" />
    <EventID>5973</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>5973</Task>
    <Opcode>0</Opcode>
    <Keywords>0x2000000000000000</Keywords>
    <TimeCreated SystemTime="2016-02-10T00:09:29.017674300Z" />
    <EventRecordID>12858</EventRecordID>
    <Correlation />
    <Execution ProcessID="2688" ThreadID="4544" />
    <Channel>Application</Channel>
    <Computer>Cam</Computer>
    <Security UserID="S-1-5-21-557688054-2976859209-346310397-1001" />
  </System>
  <EventData>
    <Data Name="AppId">Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp</Data>
    <Data Name="ErrorCode">-2144927141</Data>
  </EventData>
</Event>



This is what I get in the Event Viewer. And below is what I got from the Microsoft-Windows-TWinUI/Operational log




Code:
Log Name:      Microsoft-Windows-TWinUI/Operational
Source:        Microsoft-Windows-Immersive-Shell
Date:          2016-02-09 6:09:29 PM
Event ID:      5961
Task Category: (5961)
Level:         Error
Keywords:      
User:          Cam\Cameron
Computer:      Cam
Description:
Activation of the app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp for the Windows.Launch contract failed with error: The app didn't start..
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Immersive-Shell" Guid="{315A8872-923E-4EA2-9889-33CD4754BF64}" />
    <EventID>5961</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>5961</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2016-02-10T00:09:29.017671500Z" />
    <EventRecordID>6020</EventRecordID>
    <Correlation />
    <Execution ProcessID="2688" ThreadID="4544" />
    <Channel>Microsoft-Windows-TWinUI/Operational</Channel>
    <Computer>Cam</Computer>
    <Security UserID="S-1-5-21-557688054-2976859209-346310397-1001" />
  </System>
  <EventData>
    <Data Name="AppId">Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp</Data>
    <Data Name="ContractId">Windows.Launch</Data>
    <Data Name="ErrorCode">-2144927141</Data>
  </EventData>
</Event>c
Code:
Log Name:      Microsoft-Windows-TWinUI/Operational
Source:        Microsoft-Windows-Immersive-Shell
Date:          2016-02-09 6:10:55 PM
Event ID:      5950
Task Category: (5950)
Level:         Information
Keywords:      
User:          Cam\Cameron
Computer:      Cam
Description:
The app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI was activated for the Windows.Launch contract successfully.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Immersive-Shell" Guid="{315A8872-923E-4EA2-9889-33CD4754BF64}" />
    <EventID>5950</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>5950</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2016-02-10T00:10:55.558151500Z" />
    <EventRecordID>6021</EventRecordID>
    <Correlation />
    <Execution ProcessID="2688" ThreadID="4544" />
    <Channel>Microsoft-Windows-TWinUI/Operational</Channel>
    <Computer>Cam</Computer>
    <Security UserID="S-1-5-21-557688054-2976859209-346310397-1001" />
  </System>
  <EventData>
    <Data Name="AppId">Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI</Data>
    <Data Name="ContractId">Windows.Launch</Data>
  </EventData>
</Event>c
 


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.