UAC: Taking Ownership from Trusted Installer

[Ron]

I'm new to Windows 7 and UAC. I am an administrator. I think I understand
how to take ownership of a folder tree and grant permissions to it. I
sometimes like to leave notes (small text files) to myself in a program
installation tree. Now I find the UAC prevents that. Presumably because
the owner is Trusted Installer, and so I can't grant myself any rights
without first taking ownership. Which I'm reluctant to do without fully
understanding how things work.

Question: If I take ownership away from Trusted Installer for a given
program tree - in order to grant myself file writing privileges - does that
mean the files within the tree can't subsequently be modified by software: a
program update installer, for example? If so, is it easy to restore
ownership of the tree to Trusted Installer after I have written to it? (I
understand I can do what I want by temporarily disabling UAC. Would rather
not go that route, if there's a straightforward, safer alternative.)

This seems to me to be a fundamental issue, but I find little info relating
to it explicitly. Thx in advance for any insight or helpful link, -Ron

 

[LouB]

I'm new to Windows 7 and UAC. I am an administrator. I think I
understand how to take ownership of a folder tree and grant permissions
to it. I sometimes like to leave notes (small text files) to myself in
a program installation tree. Now I find the UAC prevents that.
Presumably because the owner is Trusted Installer, and so I can't grant
myself any rights without first taking ownership. Which I'm reluctant
to do without fully understanding how things work.

Question: If I take ownership away from Trusted Installer for a given
program tree - in order to grant myself file writing privileges - does
that mean the files within the tree can't subsequently be modified by
software: a program update installer, for example? If so, is it easy to
restore ownership of the tree to Trusted Installer after I have written
to it? (I understand I can do what I want by temporarily disabling
UAC. Would rather not go that route, if there's a straightforward,
safer alternative.)

This seems to me to be a fundamental issue, but I find little info
relating to it explicitly. Thx in advance for any insight or helpful
link, -Ron

There are Win 7 forums where you should be able to get help

 

[Dave-UK]

I'm new to Windows 7 and UAC. I am an administrator. I think I understand
how to take ownership of a folder tree and grant permissions to it. I
sometimes like to leave notes (small text files) to myself in a program
installation tree. Now I find the UAC prevents that. Presumably because
the owner is Trusted Installer, and so I can't grant myself any rights
without first taking ownership. Which I'm reluctant to do without fully
understanding how things work.

Question: If I take ownership away from Trusted Installer for a given
program tree - in order to grant myself file writing privileges - does that
mean the files within the tree can't subsequently be modified by software: a
program update installer, for example? If so, is it easy to restore
ownership of the tree to Trusted Installer after I have written to it? (I
understand I can do what I want by temporarily disabling UAC. Would rather
not go that route, if there's a straightforward, safer alternative.)

This seems to me to be a fundamental issue, but I find little info relating
to it explicitly. Thx in advance for any insight or helpful link, -Ron

If you, as an administrator, installed these programs then they belong
to you, not TrustedInstaller, and you should have full control.
If Microsoft, i.e. Windows 7, installed something then that belongs to
TrustedInstaller and TrustedInstaller will grant administrators certain
privileges, Users fewer privileges and Guests least privileges.

Changing ownership does not by default change any privileges that may have
existed before the change. The current owner of an object can alter privileges
but that is a separate process from changing ownership.
For example have a look at a Microsoft installed file, Wordpad:
C:\Program Files\Windows NT\Accessories\Wordpad.exe
Right-click Wordpad.exe > Properties > Security.
System = Read&Execute
Administrators = Read&Execute
Users = Read&Execute
TrustedInstaller = Full Control
Click on 'Advanced' and then 'Owner'.
Current owner is TrustedInstaller, click on 'Edit'.
Select 'Administrators', 'Apply' , Ok your way back out to the Security tab.
The permissions haven't changed although the owner has.
To grant administrators full control you now have to edit using the top dialog box.
You shouldn't have to mess about with ownership just to add a text file.
When you say a program installation tree I assume you mean a folder
(and any sub-folders) under the Program Files or Program Files (x86) folders.
If you are right-clicking in your chosen folder and not seeing the New > Text
option then create your text file on your Desktop and move it into the folder.

 

[Seth]

I'm new to Windows 7 and UAC. I am an administrator. I think I
understand how to take ownership of a folder tree and grant permissions
to it. I sometimes like to leave notes (small text files) to myself in a
program installation tree. Now I find the UAC prevents that. Presumably
because the owner is Trusted Installer, and so I can't grant myself any
rights without first taking ownership. Which I'm reluctant to do without
fully understanding how things work.

Launch Notepad.exe as administrator (right-click the icon) and you should be
able to save the .TXT file where you want.

 

[Ron]

Launch Notepad.exe as administrator (right-click the icon) and you should

be able to save the .TXT file where you want.

Aha. So simple. Notepad is now on my task bar. Thank you!!

Dave-UK - Thanks for the detailed response.

I got hung up because I was trying to edit a text file that had been
transferred over from my XP machine and I couldn't save it. For whatever
reason, the current owner of my C:\Program Files(86) folder is Trusted
Installer. That confused me into thinking that ownership was inherited by
all the subfolders, and that I would need to change them in order to grant
myself the necessary privileges. I see now, on spot checking, seems like
either administrators (which includes me) or SYSTEM own the subfolders. I
was attributing my problem to an ownership issue, when in fact I simply
hadn't granted myself the necessary privileges. When I do so, the issue
disappears, and also, I see that the right click menu "New" option expands
from the single choice of "Folder" to many choices, including the choice of
creating a new text file.

I understand in principle that ownership and privileges are independent
aspects of UAC, just not sure of all implications. For example, still not
clear on whether changes to UAC parameters associated with, say, a program
folder that was created by an installation of a commercial program, could
cause future (downloaded) patch updates to malfunction. I'm sensing that it
won't matter as long as I honor any request to escalate the patch installer
to administrator privileges. But I'll keep reading.

Hope this thread helps others. Thanks to all. -Ron