Windows 10: How to add "SELF" as a group or user when assigning permissions Solved

Page 1 of 2 12 LastLast
  1.    09 Dec 2017 #1

    How to add "SELF" as a group or user when assigning permissions


    I'm trying to add "SELF" to the group of "users & groups" that need Launch and Activation Permission for the DCOM app named RuntimeBroker.
    If I click on the "Add" button, "SELF" is not listed as either a Group or user.
    So, I'm thinking maybe I need to enter it with a certain syntax.

    Would anyone know what that syntax might be ?

    To see an example of the dialog I'm using ....
    Right click on a folder.
    Choose properties.
    Click on the Security tab.
    Click on the Edit button.
    Now, click on Add.


    IE:
    TrustedInstaller needs to be entered as "NT SERVICE\TrustedInstaller".
    Cuz if you search for just plain "TrustedInstaller" among the available users or groups, it's not listed.

    Thanks
      My ComputerSystem Spec

  2.    09 Dec 2017 #2

    Is SELF the actual name of a user account on the computer? For example, when you log in to Windows, and it asks for a user name and password, do you enter SELF for the user name? You can only add permissions for actual user accounts on the computer. If you need to assign permissions for SELF, then you need to create a new user account with the account name of SELF.

    Keep in mind, if you do create the user SELF on the computer - when you are logged into your existing account now, you won't have the same permissions because you will be logged in as Bob, John, Joe, whatever....and not SELF.
      My ComputerSystem Spec

  3.    10 Dec 2017 #3

    Hi @JustRay, try this: "NT AUTHORITY\SELF".
      My ComputerSystem Spec


  4. Posts : 6,946
    10 Home x64 (1803) (10 Pro on 2nd pc)
       10 Dec 2017 #4

    SELF or Principle Self is....

    TechNet said:
    ....a placeholder in an ACE on a user, group, or computer object in Active Directory. When you grant permissions to Principal Self, you grant them to the security principal that is represented by the object. During an access check, the operating system replaces the SID for Principal Self with the SID for the security principal that is represented by the object.

    Well-Known SID/RID
    S-1-5-10
    https://technet.microsoft.com/en-us/..._PrincipalSelf

    Are you on a Domain? As far as I know, SELF is only seen in Active Directory, it's not a local user or group. It was first seen in Windows 2000, which introduced Active Directory Domain Services.

    Microsoft said:
    Users, groups, and computers are created and stored as objects in Active Directory Domain Services. There are also well-known security principals that represent special identities defined by the Windows 2000 security system, such as Everyone, Local System, Principal Self, Authenticated User, Creator Owner, and so on....
    https://msdn.microsoft.com/en-us/lib...(v=vs.85).aspx
      My ComputersSystem Spec

  5.    10 Dec 2017 #5

    Bree said: View Post
    As far as I know, SELF is only seen in Active Directory
    Not necessarily.

    Click image for larger version. 

Name:	self.png 
Views:	3 
Size:	91.8 KB 
ID:	167658
      My ComputerSystem Spec

  6.    10 Dec 2017 #6

    Hey muchomurka (and everyone else.)
    Thanks for the replies.

    I tried "NT AUTHORITY\SELF", and that didn't work.
    Although, I have the feeling (can't prove it though), it is something very close to that.

    AND
    The attachment (167658) shows EXACTLY what I am trying to add.

    The RuntimeBroker Access Permissions has "SELF" as one of the users and groups assigned to it.

    The Launch and Activate Permissions "used" to have "SELF" associated with it, until, as a result of some troubleshooting I was doing, I clicked on the "Use Default" followed by the "Apply" buttons.

    Now after clicking on the Launch and Activation Permissions "Customize" button, it doesn't appear any longer by default and I can't figure out how to add "SELF" back.


    BTW, my laptop is Windows 10 X64 home edition 1709 16299.98 with all available updates applied.
    Neither SFC nor DISM expose any issues.
    I run both Malwarebytes professional and Windows defender and neither identify malware or viruses.
    So, methinks my laptop is reasonably healthy.

    Any other suggestions would be most welcome.
      My ComputerSystem Spec

  7.    10 Dec 2017 #7

    Oops.
    I forgot to rely that I'm not in a Domain.
    I'm in a work group with one other pc.
      My ComputerSystem Spec


  • Posts : 6,946
    10 Home x64 (1803) (10 Pro on 2nd pc)
       10 Dec 2017 #8

    Does this help? Seems to be using powershell commands....

    https://social.technet.microsoft.com...svradminlegacy
      My ComputersSystem Spec

  •    10 Dec 2017 #9

    Hi JustRay, try this method, it works on my testing virtual system.

    - find these two registry keys (not values):
    {9CA88EE3-ACB7-47c8-AFC4-AB702511C276}
    {15c20b67-12e7-4bb6-92bb-7aff07997402}


    - for each one of them, change owner from TrustedInstaller to Administrators

    - for each one of them, set Full Control permissions to Administrators

    - download and extract contents of file DCOMFIX-revised.zip from page http://www.sharepointblogs.be/blogs/...y-revised.aspx

    - in the same folder as extracted files create CMD file dcom.cmd

    - insert the following lines into that file:
    @echo off
    set appid={9CA88EE3-ACB7-47c8-AFC4-AB702511C276}
    set appuser="NT AUTHORITY\SELF"
    set workdir=%~dp0
    openfiles > nul
    if %errorlevel% equ 0 (
    echo [ Set DCOM permissions ]
    %workdir%\dcomperm -al %appid% set %appuser% permit level:l
    )
    echo [ Paused ]
    pause
    set appid={15c20b67-12e7-4bb6-92bb-7aff07997402}
    openfiles > nul
    if %errorlevel% equ 0 (
    echo [ Set DCOM permissions ]
    %workdir%\dcomperm -al %appid% set %appuser% permit level:l
    )
    echo [ Finished ]
    pause


    - run it as admin

    - verify results in dcomcnfg.

    Or you may edit and use CMD file included in that downloaded zip file, it can temporarily set needed registry permissions.
      My ComputerSystem Spec

  •    11 Dec 2017 #10

    You muchomurka ,are a genius !

    I followed your instructions exactly as written and it worked perfectly.
    I now have "SELF" listed (Once again) among the users and groups in the "Launch and Activation Permissions" for both the 32 and 64 bit versions of RuntimeBroker.

    I'm keeping this script (if it's okay with you) in my tool kit for the next time I manage to "shoot myself in the foot".

    You'er the greatest.
      My ComputerSystem Spec


  •  
    Page 1 of 2 12 LastLast

    Related Threads
    Recently, one of my service host processes in the task manager showed about 13% CPU usage on my i7. I manually restarted each service in its list and found my problems: Application Information refused to stop on its own, but User Profile Service,...
    Hello, Once I have turned on a "group by" sort that changes the view of the folder into groups, I cannot return the folder to a groupless mode, even if I remake it because when I name it the same thing, it reverts to the sort the former...
    I've got a LAN in my home/office with 5 machines now running Win 10 and I've not been able to transfer files between them due to "permission problems". These were all running Win 7 and sharing files with no problems but now I'm blocked. I've made...
    I have Windows 10 Pro. I have Norton Internet Security Suite installed, so I don't need Windows Defender. But I keep getting a pop up saying "Windows Defender - This app is turned off by group policy." How can I stop this pop up from, you...
    Seems like this should be simple enough. Click the browse key, locate this mystery file, and assign it. Evidently this a national security issue as I can't find a clue. I could just use the F5 key but I'm a touch typist, it's rather dark where I...
    Our Sites
    Site Links
    About Us
    Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

    Designer Media Ltd
    All times are GMT -5. The time now is 22:29.
    Find Us