Security not fully restored after restore Windows 7 x64

Use this forum for help with AISBackup
Post Reply
BartK
Posts: 65
Joined: Tue May 17, 2005 11:17 am

Security not fully restored after restore Windows 7 x64

Post by BartK »

After restore a fully boot partition with Windows 7 x64 there is a change in the behaviour of Windows 7 which is caused by changed security settings.

Many times a UAC confirmation screen is displayed which was not the case before the restore. The special user "TrustedInstaller" (used as owner) is replaced in a Administrator account. A manual action recovers a lot the default behaviour but not all. A complete analyse before and after a restore is needed to see all changes, the "TrustedInstalled" change is just one item.

When the UAC window appears the Publisher is allways "unknown". My feeling is that there is also a relation with the different behaviour.
Barry
Site Admin
Posts: 1529
Joined: Tue Aug 20, 2002 3:16 pm

Catroot2?

Post by Barry »

The folder C:\Windows\System32\catroot2 may be missing from your backup. This folder is in the list of folders not to backup in Windows XP but not in Windows 7 or Vista or 8 etc (should be backed up). An old version of AISBackup may have excluded this folder.

After a Windows automatic / manual update Catroot2 will be automatically repaired and the 'Microsoft publisher' will come back, so all is not lost.

For more information try Google: unknown publisher catroot2

Barry
BartK
Posts: 65
Joined: Tue May 17, 2005 11:17 am

catroot was restored.

Post by BartK »

Thanks for your response. The catroot2 folder exists and is also part of the backup. I use the latest version (build 400).

But what I saw was corruption in SyncAllDBs and used the Microsoft Fix It procedure. After restart the catroot2 folder was renamed and will be automatically rebuild. The publish problem is still there.

But one of the visual changes was the absence of the TrustedInstaller ownership. I changed this manually back to TrustedInstaller. This also recovered the icon (drive+Windows logo) behind the system drive.
Barry
Site Admin
Posts: 1529
Joined: Tue Aug 20, 2002 3:16 pm

TrustedInstaller and CatRoot2

Post by Barry »

I just did a disaster recovery restore of Windows 7 pro (SP1) and prior to booting renamed system32\catroot2 to systsem32\catroot32-old which is equivalent to removing the folder.

On re-boot Windows seemed to rebuild catroot32 immediately so right clicking Computer and choosing Manage launched Computer Management without asking for UAC permission, also right click Command Prompt / run as administrator correctly identified the owner as Microsoft.

I was kind of hoping I got the problem you had as I was going to see if system file checker would fix the problem.

Right click Command Prompt / Run as administrator / sfc /scannow

I checked the owner of the folder System32 and it was TrustedInstaller as expected.

I then went on to see if I could make one of my folders owned by TrustedInstaller (never done that before).

Right click folder / properties / security tab/ Advanced / Owner tab / Edit / Other users or groups /

This does not work: typing TrustedInstaller and clicking Check

This does work: typing NT Service\TrustedInstaller and clicking Check - changes the name to TrustedInstaller

OK / OK / OK

Right click folder and drill down to check owner; current owner is TrustedInstaller.

These tests were run on a version of Windows 7 that had just been restored using AISBackup.

Barry
nikkil
Posts: 53
Joined: Mon Feb 27, 2012 2:08 pm

Post by nikkil »

Hi BartK, got any luck on this so far?
You're never a loser until you quit trying. Image
Post Reply