VIDEO WindowsApps folder security settings messed up

M

MrJunky

Active Member
Joined
Feb 8, 2016
Messages
15
I was trying to access my C:\Program Files\WindowsApps folder and I did by changing the security features in this video but I tried to restore it and now none of my WindowsApp will launch. When I launch a App like my calculator or weather it opens the window and after second it closes the app. Does anyone know the settings to restore the security on this folder?

 
Solution
Yes but besides the funky SID's it appears to have the system access it needs, have you checked the event viewer for any corresponding errors when you launch an app?
Sort by date Sort by votes
Here's what values I have from PowerShell and Command Prompt (ran as Administrator of course)

Code: 
PS C:\Program Files> Get-Acl WindowsApps | fl

Path   : Microsoft.PowerShell.Core\FileSystem::C:\Program Files\WindowsApps
Owner  : NT SERVICE\TrustedInstaller
Group  : NT SERVICE\TrustedInstaller
Access : NT AUTHORITY\SYSTEM Allow  Write, ReadAndExecute, Synchronize
         NT AUTHORITY\SYSTEM Allow  268435456
         NT AUTHORITY\LOCAL SERVICE Allow  ExecuteFile, ReadAttributes, ReadPermissions, Synchronize
         NT AUTHORITY\LOCAL SERVICE Allow  ReadAndExecute, Synchronize
         NT AUTHORITY\NETWORK SERVICE Allow  ExecuteFile, ReadAttributes, ReadPermissions, Synchronize
         NT AUTHORITY\NETWORK SERVICE Allow  ReadAndExecute, Synchronize
         BUILTIN\Administrators Allow  ReadAndExecute, Synchronize
         NT SERVICE\TrustedInstaller Allow  268435456
         NT SERVICE\TrustedInstaller Allow  FullControl
         S-1-15-3-1024-3635283841-2530182609-996808640-1887759898-3848208603-3313616867-983405619-2501854204 Allow
         -1610612736
         S-1-15-3-1024-3635283841-2530182609-996808640-1887759898-3848208603-3313616867-983405619-2501854204 Allow
         ReadAndExecute, Synchronize
Audit  :
Sddl   : O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464G:S-1-5-80-956008885-3418522649-1831038044-185
         3292631-2271478464D:PAI(A;;0x1201bf;;;SY)(A;OICIIO;GA;;;SY)(A;;FX;;;LS)(A;OICIIO;0x1200a9;;;LS)(A;;FX;;;NS)(A;
         OICIIO;0x1200a9;;;NS)(A;OICI;0x1200a9;;;BA)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-22
         71478464)(A;;FA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;OICIIO;GXGR;;;S-1-15-3-102
         4-3635283841-2530182609-996808640-1887759898-3848208603-3313616867-983405619-2501854204)(A;;0x1200a9;;;S-1-15-
         3-1024-3635283841-2530182609-996808640-1887759898-3848208603-3313616867-983405619-2501854204)


Code: 
C:\Program Files>icacls WindowsApps
WindowsApps NT SERVICE\TrustedInstaller:(F)
            NT SERVICE\TrustedInstaller:(CI)(IO)(F)
            S-1-15-3-1024-3635283841-2530182609-996808640-1887759898-3848208603-3313616867-983405619-2501854204:(RX)
            S-1-15-3-1024-3635283841-2530182609-996808640-1887759898-3848208603-3313616867-983405619-2501854204:(OI)(CI)(IO)(GR,GE)
            NT AUTHORITY\SYSTEM:(RX,W)
            NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
            BUILTIN\Administrators:(RX)
            BUILTIN\Administrators:(OI)(CI)(IO)(RX)
            NT AUTHORITY\LOCAL SERVICE:(Rc,S,X,RA)
            NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(RX)
            NT AUTHORITY\NETWORK SERVICE:(Rc,S,X,RA)
            NT AUTHORITY\NETWORK SERVICE:(OI)(CI)(IO)(RX)
            Mandatory Label\Low Mandatory Level:(OI)(CI)(NW)

Successfully processed 1 files; Failed processing 0 files
 
Upvote 0 Downvote
I just ran your code through powershell and command prompt and as you can tell its different.

Code: 
PS C:\Program Files>  Get-Acl WindowsApps | fl


Path   : Microsoft.PowerShell.Core\FileSystem::C:\Program Files\WindowsApps
Owner  : NT SERVICE\TrustedInstaller
Group  : NT SERVICE\TrustedInstaller
Access : NT AUTHORITY\SYSTEM Allow  FullControl
         NT AUTHORITY\SYSTEM Allow  Write, ReadAndExecute, Synchronize
         NT AUTHORITY\LOCAL SERVICE Allow  ExecuteFile, ReadAttributes, ReadPermissions, Synchronize
         NT AUTHORITY\LOCAL SERVICE Allow  ReadAndExecute, Synchronize
         NT AUTHORITY\NETWORK SERVICE Allow  ReadAndExecute, Synchronize
         NT AUTHORITY\NETWORK SERVICE Allow  ExecuteFile, ReadAttributes, ReadPermissions, Synchronize
         BUILTIN\Administrators Allow  ReadAndExecute, Synchronize
         NT SERVICE\TrustedInstaller Allow  FullControl
Audit  :
Sddl   : O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464G:S-1-5-80-956008885-3418522649-1831038044-185
         3292631-2271478464D:PAI(A;OICIIO;FA;;;SY)(A;;0x1201bf;;;SY)(A;;FX;;;LS)(A;OICIIO;0x1200a9;;;LS)(A;OICIIO;0x120
         0a9;;;NS)(A;;FX;;;NS)(A;OICI;0x1200a9;;;BA)(A;CI;FA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271
         478464)

Code: 
C:\Program Files>icacls WindowsApps
WindowsApps NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
            NT AUTHORITY\SYSTEM:(RX,W)
            NT AUTHORITY\LOCAL SERVICE:(Rc,S,X,RA)
            NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(IO)(RX)
            NT AUTHORITY\NETWORK SERVICE:(OI)(CI)(IO)(RX)
            NT AUTHORITY\NETWORK SERVICE:(Rc,S,X,RA)
            BUILTIN\Administrators:(OI)(CI)(RX)
            NT SERVICE\TrustedInstaller:(CI)(F)
            Mandatory Label\Low Mandatory Level:(OI)(CI)(NW)

Successfully processed 1 files; Failed processing 0 files
 
Last edited:
Upvote 0 Downvote
Yes but besides the funky SID's it appears to have the system access it needs, have you checked the event viewer for any corresponding errors when you launch an app?
 
Upvote 0 Downvote
Solution
Code: 
Log Name:      System
Source:        Microsoft-Windows-DistributedCOM
Date:          2016-02-09 6:09:28 PM
Event ID:      10010
Task Category: None
Level:         Error
Keywords:      Classic
User:          Cam\Cameron
Computer:      Cam
Description:
The server Microsoft.XboxApp did not register with DCOM within the required timeout.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
    <EventID Qualifiers="0">10010</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2016-02-10T00:09:28.443646700Z" />
    <EventRecordID>17703</EventRecordID>
    <Correlation />
    <Execution ProcessID="1004" ThreadID="9140" />
    <Channel>System</Channel>
    <Computer>Cam</Computer>
    <Security UserID="S-1-5-21-557688054-2976859209-346310397-1001" />
  </System>
  <EventData>
    <Data Name="param1">Microsoft.XboxApp</Data>
  </EventData>
</Event>

Code: 
Log Name:      Application
Source:        Microsoft-Windows-Immersive-Shell
Date:          2016-02-09 6:09:29 PM
Event ID:      5973
Task Category: (5973)
Level:         Error
Keywords:     
User:          Cam\Cameron
Computer:      Cam
Description:
Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: The app didn't start. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Immersive-Shell" Guid="{315A8872-923E-4EA2-9889-33CD4754BF64}" />
    <EventID>5973</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>5973</Task>
    <Opcode>0</Opcode>
    <Keywords>0x2000000000000000</Keywords>
    <TimeCreated SystemTime="2016-02-10T00:09:29.017674300Z" />
    <EventRecordID>12858</EventRecordID>
    <Correlation />
    <Execution ProcessID="2688" ThreadID="4544" />
    <Channel>Application</Channel>
    <Computer>Cam</Computer>
    <Security UserID="S-1-5-21-557688054-2976859209-346310397-1001" />
  </System>
  <EventData>
    <Data Name="AppId">Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp</Data>
    <Data Name="ErrorCode">-2144927141</Data>
  </EventData>
</Event>




This is what I get in the Event Viewer. And below is what I got from the Microsoft-Windows-TWinUI/Operational log




Code: 
Log Name:      Microsoft-Windows-TWinUI/Operational
Source:        Microsoft-Windows-Immersive-Shell
Date:          2016-02-09 6:09:29 PM
Event ID:      5961
Task Category: (5961)
Level:         Error
Keywords:      
User:          Cam\Cameron
Computer:      Cam
Description:
Activation of the app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp for the Windows.Launch contract failed with error: The app didn't start..
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Immersive-Shell" Guid="{315A8872-923E-4EA2-9889-33CD4754BF64}" />
    <EventID>5961</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>5961</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2016-02-10T00:09:29.017671500Z" />
    <EventRecordID>6020</EventRecordID>
    <Correlation />
    <Execution ProcessID="2688" ThreadID="4544" />
    <Channel>Microsoft-Windows-TWinUI/Operational</Channel>
    <Computer>Cam</Computer>
    <Security UserID="S-1-5-21-557688054-2976859209-346310397-1001" />
  </System>
  <EventData>
    <Data Name="AppId">Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp</Data>
    <Data Name="ContractId">Windows.Launch</Data>
    <Data Name="ErrorCode">-2144927141</Data>
  </EventData>
</Event>c

Code: 
Log Name:      Microsoft-Windows-TWinUI/Operational
Source:        Microsoft-Windows-Immersive-Shell
Date:          2016-02-09 6:10:55 PM
Event ID:      5950
Task Category: (5950)
Level:         Information
Keywords:      
User:          Cam\Cameron
Computer:      Cam
Description:
The app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI was activated for the Windows.Launch contract successfully.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Immersive-Shell" Guid="{315A8872-923E-4EA2-9889-33CD4754BF64}" />
    <EventID>5950</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>5950</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2016-02-10T00:10:55.558151500Z" />
    <EventRecordID>6021</EventRecordID>
    <Correlation />
    <Execution ProcessID="2688" ThreadID="4544" />
    <Channel>Microsoft-Windows-TWinUI/Operational</Channel>
    <Computer>Cam</Computer>
    <Security UserID="S-1-5-21-557688054-2976859209-346310397-1001" />
  </System>
  <EventData>
    <Data Name="AppId">Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI</Data>
    <Data Name="ContractId">Windows.Launch</Data>
  </EventData>
</Event>c
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

  • Featured
  • Article Article
Safely View WindowsApps Folders and Manage App Installations
Replies
0
Views
54
ChatGPT
  • Featured
  • Article Article
Windows 11's inetpub Folder: Security Benefits and Hidden Vulnerabilities Explored
Replies
0
Views
194
ChatGPT
  • Featured
  • Article Article
Windows 11 'inetpub' Folder Security Risks and Mitigations After April 2025 Update
Replies
0
Views
156
ChatGPT
  • Featured
  • Article Article
Windows 11 April 2025 Patch Creates Inetpub Folder—Security Risks & Fixes
Replies
5
Views
567
ChatGPT
  • Featured
  • Article Article
Windows 11's inetpub Folder: Security Fix or Hidden Vulnerability? A Complete Guide
Replies
4
Views
581
ChatGPT