How can I start a process or program as the local system account?

A. In the FAQs, "How do I schedule commands?" (http://www.windowsitpro.com/Article/ArticleID/15153/15153.html ) and " I am unable to stop a process from Task Manager even though I'm an Administrator, what can I do?" ( http://www.windowsitpro.com/Article/ArticleID/14613/14613.html ), I explain how to submit a command by using the scheduler service with the /interactive switch to start a program. Because the scheduler service runs as the local system, the program would also run with local system credentials. With Winternals' Psexec utility (which you can download at http://www.sysinternals.com/Utilities/PsExec.html), you can use the -s switch to run a program as the system account. The following example shows how to start a cmd.exe session under the system account:

whoami
SAVILLTECH\john

psexec -s cmd.exe

PsExec v1.60 - Execute processes remotely
Copyright (C) 2001-2005 Mark Russinovich
Sysinternals - www.sysinternals.com


Microsoft Windows XP \[Version 5.1.2600\]
(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system32>whoami
NT AUTHORITY\SYSTEM

C:\WINDOWS\system32>exit
cmd.exe exited on WKSSAVD800 with error code 0.

When you use the -s switch, Psexec temporarily installs on the computer a service named "psexec running psexesvc.exe" which is removed after the application running as system is closed. Thus to run under the system context, you'll need permissions to install services.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish