New
#151
Well we've come full circle and all I can take away from it is ... KB3213986 broke it, Get Office app exposed it and until M$ fixes it, we're left with the current fix of removing Get Office ... roflmao
Well we've come full circle and all I can take away from it is ... KB3213986 broke it, Get Office app exposed it and until M$ fixes it, we're left with the current fix of removing Get Office ... roflmao
Yeh, I was led to the Born's Tech site from the microsoft community forum. After I read all that, I decided to come here. . Ultimately the conclusion was that using the Process Hacker utility was the best/most likely way to be successful. I couldn't figure out how to do it, and I get a little nervous messing with permissions, locked folders, etc.
I think we came up with good alternatives here.
I fixed my system with the steps that Eagle51 outlined and it works just fine.. System restore works. That said I'm just not comfortable changing the permission for the WindowsApps folder so I restored my system to the original broken state. I think that using this fix has two liabilities: one, the altered permissions could cause other problems that could surface later; two, when MS developes a patch to fix System Restore our fix may conflict it and then we're really up the creek. And besides I never use System Restore anyway, I make images with Macrium. All in all this has been very interesting and educational.
BTW, does anyone know how to put back that 'special' permission for the Domain\User with the EXISTS WIN://SYSAPPID on the 'WindowsApps' folder ?
I've been looking, but haven't found a lot of info on it. From what I understand (which is very little) ... It's like running the Apps in a sandbox (for the lack of better term).
SoFine409, since you have a clean system, maybe you can run this command for me, so I can compare to mine. All it does is save the the permissions to a file on your desktop.
Open Command Prompt as Admin
icacls "C:\Program Files\WindowsApps" /save "C:\users\%USERNAME%\Desktop\winappacl.txt"
Take a look at this utility:Resetting NTFS files permission in Windows – Graphical Utility | lallous' lab
I used it to backup the permissions in the WindowsApps folder but I lost the backup (text file) when I restored my laptop yesterday. I'll use to to generate a backup/text file tomorrow morning. I spent the day putting IKEA furniture together so I'm heading to bed in a few minutes.
BTW if you download the utility, set an exclusion to keep your AV from scanning the download folder and before you unzip it exclude the file as well. I think it's ResetPermissions.exe. Otherwise it will get deleted.
winappacl.txtHere it is. Decided not to wait until morning.
winappacl.txt
SoFine409 ... Thank You :)
I was able to use it to figure that Domain\User Exists WIN://SYSAPPID and add it back to my WindowsApps folder and if you've removed the Domain\User WIN://SYSAPPID on a particular app (like i did on a few), just re-installing the app will fix that, thank goodness.
I think you may want to save ACL for everything (using /T) before you start and then restore after as described here
I copied this method (to compress C:\ProgramFiles\WindowsApps, C:\Windows\Fonts and some other places with odd authority) but it is the same issue as with WinSxS which he describes.
Something like this (sorry I wrote it in PowerShell but you get the idea)...
Define your functions (just copy paste this into admin PS window)then for example (in this case for WindowsApps specifically)Code:#------------------------------------------------------------------------------------------------------------------------------------------------------ function takeOwn-folder ($folder) { $toplevel = Split-Path $folder -leaf # Delete the old .acl file (in case it exists) if (Test-Path "$PSScriptRoot\$toplevel.acl") {Remove-Item "$PSScriptRoot\$toplevel.acl" -Force -ErrorAction 0} # backup ACLs for folder icacls "$folder" /save "$PSScriptRoot\$toplevel.acl" /t # take ownership takeown /f "$folder" /r # Grant full rights to current user icacls "$folder" --% /grant "%USERDOMAIN%\%USERNAME%":(F) /t } #------------------------------------------------------------------------------------------------------------------------------------------------------ function restoreOwn-folder ($folder, $owner) { $toplevel = Split-Path $folder -leaf $parentPath = Split-Path -parent $folder # reset owner - e.g. "NT SERVICE\TrustedInstaller" icacls "$folder" /setowner "$owner" /t # Restore ACLs icacls "$parentPath" /restore "$PSScriptRoot\$toplevel.acl" # Tidy up Remove-Item "$PSScriptRoot\$toplevel.acl" -Force -ErrorAction 0 } #------------------------------------------------------------------------------------------------------------------------------------------------------
Do whatever you want at this point and then reset everything withCode:$folder = "$env:programFiles\WindowsApps" $owner = "NT SERVICE\TrustedInstaller" takeOwn-folder -folder $folderCode:restoreOwn-folder -folder $folder -owner $owner