Jump to content

Why does SystemSettings.exe automatically start 5 minutes after logon?


NoelC

Recommended Posts

I'm not.  I'm taking ownership and setting permissions to allow me to access things.  However, there ARE some things it's fighting me over.

When I've needed to become SYSTEM I've run psexec -i -s CMD to get a privileged cmd window.

I'll check into Joakim's tools.  Thanks for the tip.

-Noel

Link to comment
Share on other sites


Yeah, but that one is not near as good as Joakim's.

Joakim's original tools are over on reboot.pro and, while he has a new one, called RunasTI, which unifies the two origenal tool, I still prefer the original ones.

In a nutshell one runs them as the TIcmd.cmd below:

rem joakim http://reboot.pro/files/file/237-runassystem-and-runfromtoken/
net.exe start trustedinstaller
runassystem64.exe "runfromtoken64.exe trustedinstaller.exe 1 cmd.exe"
exit

But one may substitute cmd.exe by any other valid command. Except for explorer.exe, which somehow regains a lower priviledge when one tries to get it running as TI. Then again, regedit will run all right and most, if not all, priviledge problems go away (although, then, the current user is "Local System"). There's also many other tools by Joakim on reboot.pro

Joakim is a member here on MSFN, too, but does not visit often. This page, by fdv, also makes an interesting read.
NB: While the tool's above let you become the TrustedInstaller, and the trick you posted above with psexec let you become SYSTEM, which has less rights, if one runs MS's own whoami it'll reply "SYSTEM" in both cases, because both use the LocalService Hive as its user hive.

And, also BTW, there's paexec, too, as an alternative (if I don't tell this, jaclaz'll, so here it is). :P

Link to comment
Share on other sites

22 hours ago, NoelC said:

That's been long gone for a while now, and I haven't noticed any attempts to communicate associated with.  But thanks very much for the idea.  I think it's as deconfigured as it can be, but if you can think of places I could look for remnants of Settings Sync, I'll certainly double-check.

-Noel

Im using server 2016 with task scheduler running as ghost

dont have this exe running in the background

task scheduler is running but cant run task in the background

Edited by aviv00
Link to comment
Share on other sites

Yes

how to make Task scheduler sterilized:

with process hacker change it to own process

in other tab remove all the req privilege just leave or add SeChangenotifyprivlage

Disable SystemEventsBroker service[need trustedinstaller] after remove it first, from the dependency of Task scheduler [ using regedit, restart needed]

Task scheduler should be sterilized

Edited by aviv00
Link to comment
Share on other sites

19 hours ago, aviv00 said:

I found way to make it still work but without actually able to run tasks in the background

Doesn't the same thing happen if you just disable all the specific scheduled jobs that do things you don't want?

There ARE actually things I want to run in the background from Task Scheduler.  I use it myself for some things.

-Noel

Link to comment
Share on other sites

2 hours ago, NoelC said:

Doesn't the same thing happen if you just disable all the specific scheduled jobs that do things you don't want?

There ARE actually things I want to run in the background from Task Scheduler.  I use it myself for some things.

-Noel

haven't tried this, duno if there really different between them

but there few tasks that will be re-add after a while, that should avoid running them

Link to comment
Share on other sites

2 hours ago, Tripredacus said:

I went to check a Win10 system I have here, it does not have either of those processes running.

Your not having those processes auto-start may say that something I've configured (or DEconfigured) has caused Windows to enter some kind of restorative process.  It could, for example, have something to do with the Security Center, which if you don't tell it to avoid doing so does pop things up some minutes after login.

I have to leave the system completely alone for 5 minutes at least.  If I even move the mouse a little the processes don't start.

-Noel

Link to comment
Share on other sites

I see it on 14393 (all patch levels so far) and I'm pretty sure it was happening in 10586 as well, though it wasn't as obvious since I didn't have an Aero Glass ModernFrame debug console window start whenever ApplicationFrameHost ran.

-Noel

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...