How to add "SELF" as a group or user when assigning permissions

Page 1 of 2 12 LastLast

  1. Posts : 37
    Windows 10 Home
       #1

    How to add "SELF" as a group or user when assigning permissions


    I'm trying to add "SELF" to the group of "users & groups" that need Launch and Activation Permission for the DCOM app named RuntimeBroker.
    If I click on the "Add" button, "SELF" is not listed as either a Group or user.
    So, I'm thinking maybe I need to enter it with a certain syntax.

    Would anyone know what that syntax might be ?

    To see an example of the dialog I'm using ....
    Right click on a folder.
    Choose properties.
    Click on the Security tab.
    Click on the Edit button.
    Now, click on Add.


    IE:
    TrustedInstaller needs to be entered as "NT SERVICE\TrustedInstaller".
    Cuz if you search for just plain "TrustedInstaller" among the available users or groups, it's not listed.

    Thanks
      My Computer


  2. Posts : 18,424
    Windows 11 Pro
       #2

    Is SELF the actual name of a user account on the computer? For example, when you log in to Windows, and it asks for a user name and password, do you enter SELF for the user name? You can only add permissions for actual user accounts on the computer. If you need to assign permissions for SELF, then you need to create a new user account with the account name of SELF.

    Keep in mind, if you do create the user SELF on the computer - when you are logged into your existing account now, you won't have the same permissions because you will be logged in as Bob, John, Joe, whatever....and not SELF.
      My Computer


  3. Posts : 913
    CP/M
       #3

    Hi @JustRay, try this: "NT AUTHORITY\SELF".
      My Computer


  4. Posts : 31,480
    10 Home x64 (22H2) (10 Pro on 2nd pc)
       #4

    SELF or Principle Self is....

    TechNet said:
    ....a placeholder in an ACE on a user, group, or computer object in Active Directory. When you grant permissions to Principal Self, you grant them to the security principal that is represented by the object. During an access check, the operating system replaces the SID for Principal Self with the SID for the security principal that is represented by the object.

    Well-Known SID/RID
    S-1-5-10
    https://technet.microsoft.com/en-us/..._PrincipalSelf

    Are you on a Domain? As far as I know, SELF is only seen in Active Directory, it's not a local user or group. It was first seen in Windows 2000, which introduced Active Directory Domain Services.

    Microsoft said:
    Users, groups, and computers are created and stored as objects in Active Directory Domain Services. There are also well-known security principals that represent special identities defined by the Windows 2000 security system, such as Everyone, Local System, Principal Self, Authenticated User, Creator Owner, and so on....
    https://msdn.microsoft.com/en-us/lib...(v=vs.85).aspx
      My Computers


  5. Posts : 913
    CP/M
       #5

    Bree said:
    As far as I know, SELF is only seen in Active Directory
    Not necessarily.

    How to add "SELF" as a group or user when assigning permissions-self.png
      My Computer


  6. Posts : 37
    Windows 10 Home
    Thread Starter
       #6

    Hey muchomurka (and everyone else.)
    Thanks for the replies.

    I tried "NT AUTHORITY\SELF", and that didn't work.
    Although, I have the feeling (can't prove it though), it is something very close to that.

    AND
    The attachment (167658) shows EXACTLY what I am trying to add.

    The RuntimeBroker Access Permissions has "SELF" as one of the users and groups assigned to it.

    The Launch and Activate Permissions "used" to have "SELF" associated with it, until, as a result of some troubleshooting I was doing, I clicked on the "Use Default" followed by the "Apply" buttons.

    Now after clicking on the Launch and Activation Permissions "Customize" button, it doesn't appear any longer by default and I can't figure out how to add "SELF" back.


    BTW, my laptop is Windows 10 X64 home edition 1709 16299.98 with all available updates applied.
    Neither SFC nor DISM expose any issues.
    I run both Malwarebytes professional and Windows defender and neither identify malware or viruses.
    So, methinks my laptop is reasonably healthy.

    Any other suggestions would be most welcome. :)
      My Computer


  7. Posts : 37
    Windows 10 Home
    Thread Starter
       #7

    Oops.
    I forgot to rely that I'm not in a Domain.
    I'm in a work group with one other pc.
      My Computer


  8. Posts : 31,480
    10 Home x64 (22H2) (10 Pro on 2nd pc)
       #8

    Does this help? Seems to be using powershell commands....

    https://social.technet.microsoft.com...svradminlegacy
      My Computers


  9. Posts : 913
    CP/M
       #9

    Hi JustRay, try this method, it works on my testing virtual system.

    - find these two registry keys (not values):
    {9CA88EE3-ACB7-47c8-AFC4-AB702511C276}
    {15c20b67-12e7-4bb6-92bb-7aff07997402}


    - for each one of them, change owner from TrustedInstaller to Administrators

    - for each one of them, set Full Control permissions to Administrators

    - download and extract contents of file DCOMFIX-revised.zip from page http://www.sharepointblogs.be/blogs/...y-revised.aspx

    - in the same folder as extracted files create CMD file dcom.cmd

    - insert the following lines into that file:
    @echo off
    set appid={9CA88EE3-ACB7-47c8-AFC4-AB702511C276}
    set appuser="NT AUTHORITY\SELF"
    set workdir=%~dp0
    openfiles > nul
    if %errorlevel% equ 0 (
    echo [ Set DCOM permissions ]
    %workdir%\dcomperm -al %appid% set %appuser% permit level:l
    )
    echo [ Paused ]
    pause
    set appid={15c20b67-12e7-4bb6-92bb-7aff07997402}
    openfiles > nul
    if %errorlevel% equ 0 (
    echo [ Set DCOM permissions ]
    %workdir%\dcomperm -al %appid% set %appuser% permit level:l
    )
    echo [ Finished ]
    pause


    - run it as admin

    - verify results in dcomcnfg.

    Or you may edit and use CMD file included in that downloaded zip file, it can temporarily set needed registry permissions.
      My Computer


  10. Posts : 37
    Windows 10 Home
    Thread Starter
       #10

    You muchomurka ,are a genius !

    I followed your instructions exactly as written and it worked perfectly.
    I now have "SELF" listed (Once again) among the users and groups in the "Launch and Activation Permissions" for both the 32 and 64 bit versions of RuntimeBroker.

    I'm keeping this script (if it's okay with you) in my tool kit for the next time I manage to "shoot myself in the foot".

    You'er the greatest.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 19:26.
Find Us




Windows 10 Forums