The Realm of the Verbal Processor

Jarvis's Ramblings

Running a CMD prompt as System (XP and Vista)

Posted by Jarvis on December 5, 2007

From time to time I have had a need to run a program in the context of the Local System account instead of my user account. Typically this is in troubleshooting a program…a program that runs as Local System. It doesn’t do me much good to troubleshoot that program if the program is running under my user account’s security context. I need it to run as System…which has more rights…most of the time. I have had to use this a few times while working with SMS 2003 and SCCM 2007. Both of them run as the local system account.

So…how do we do that? In XP, 2000, Server 2003…you can do this very simply. You will need to be logged in with an account that has administrator privileges. Open a command prompt (Start, Run, CMD). At the command prompt type the following line. Replace 01:23 with the current time in 24 hour format + one minute. i.e. if it is 3:42 in the afternoon, enter it as 15:43.

at 01:23 /interactive cmd.exe

This schedules a task to run cmd.exe at the time you specify. When the CMD prompt pops up, it will be running as Local System. Be very careful. Note: you will only see this if you are at the console of the computer…so if you are connected to a server via Remote Desktop, you will not see the prompt come up unless you are connected to the console. I’ve been bit by that more than once…today as a matter of fact.

Now…what about Vista? I was bummed to see that this did not work in Vista. Good for security…bummer for me. So tonight I set out to find a way to do this. Cool thing is that the answer was actually pretty easy…and can be found on Microsoft’s site. Download PSTools from SysInternals. Microsoft bought SysInternals in 2006. Extract the files. You will use the file named PSexec.exe. 

You still need a CMD prompt, but there’s an extra step… You will need to find the shortcut to the CMD prompt (Start, type CMD in the search box and wait for it to locate it…should be pretty fast). Once it locates it, right click it and choose to “Run as administrator”. (Do this even if your user account is an admin.) Once this opens, change directory til you get to the folder that contains PSexec (unless psexec is in a folder in your PATH already). This is where the magic happens…type the following line. (-i is for interactive, -s is to run as system)

psexec -i -s cmd.exe

The command prompt will look like:

Once you hit enter, another command prompt will open that will be running as the system account (NT Authority\System).

NOTE: you can use these instructions to run any program as System. If you had a dire need to run Calculator or Solitaire as Local System…you could do that…just replace cmd.exe with the executable file for the program you want to run. I will also say again…be careful. Don’t do this unless you really need to…and unless you are prepared to take responsibility for anything you might mess up by doing so!

Have fun! Actually…who am I kidding? This isn’t meant to be fun…it’s meant to be useful. Now…go get some work done. ;-)

20 Responses to “Running a CMD prompt as System (XP and Vista)”

  1. Hi Jarvis, good post and thanks for publishing the howto. I used this interactive cmd.exe before and know how it works but forgot the syntex. Still it does not work, maybe something with the sms server. Thanks for the psexec also ;-)

    I like your site and will put it on my blogroles/links. Cheers Ivan

  2. Callum said

    Very useful article – a must try for school :)

  3. Jarvis said

    Callum –
    I saw that you are 14 years old. If you try it at school…I strongly encourage you not to do anything that would get you in trouble!

  4. hapbt said

    jarvis, stfu, ok?

  5. Jarvis said

    Well…that was a mature and helpful comment [sarcasm].

  6. Dr.SeReB said

    THANK YOU!!!
    I’ve found an article about using service to gain SYSTEM rights, but it was too difficult to prepare and run.

    “psexec -i -s exe” is really better and noble way how to do it. ;)

  7. Jarvis said

    Glad it was helpful to you. I had seen the way to do it by installing a service and had the same impression you did…way to difficult for a simple process. Took me more time to get the service installed and to later uninstall it than it did for me to actually do the small thing I needed to do as SYSTEM.

  8. Bobby said

    Jarvis,

    Thank you for this information as well as your other posts I’ve used on SCCM. I tried to run PSEXEC but it doesn’t run it interactively.

    I run psexec -i -s iexplore.exe and I watch the process start in Task Manager, but nothing appears before my eyes. I’m sitting at the console on my new Server 2008 box.

  9. forrest said

    it is very useful but if u log on with normal user privilege. u can’t run both of them (at or psexec). u will get access denied. :S . any work around?

  10. Siva said

    Its nice trick yar…. it works in vista too

  11. [...] I came across this article which demonstrates the use of PSTools from SysInternals which was acquired by Microsoft in July, [...]

  12. Sherry said

    Another way (probably similar to the way Dr.SeReb mentions): http://myitforum.com/cs2/blogs/cnackers/archive/2009/05/06/nt-authority-context-command-prompt.aspx?CommentPosted=true#commentmessage

  13. Andreas said

    Hi Jarvis

    This article really helped. Hopefully I can get my cruisecontrol service to access my visual svn server now.

    I have struggeled to find a description on how to do this in Vista. Maybe only few people care about Vista these days :]

    —-

    Hapbt. One year has passed since you wrote your amazingly stupid entry – have you gotten wiser?!

    /Andreas

  14. Nathan said

    I don’t understand how this would work under Vista/W7. All system processes run in session 0, which cannot display info to the user. This is why interactive services are not allowed on Vista/W7.
    I wonder how PSTools pulls this off…
    More info:
    http://www.kwakkelflap.com/blog/2007/04/howto-interactive-service-in-windows.html

  15. Ian Schwamberger said

    Check out the bio on the guy who wrote the pstools. He probably knows a few things the rest of us do not :)

  16. fillipa Vtaputin said

    I saw your comments about how it’s easier than installing a service. I guess from your perspective it is, but really you’re doing that. That’s how psexec works.

  17. gokul said

    hi jarvis
    i am in a whole lot of mess sa i was careless with the permissions so using ur psexec -s -icmd.exe i ran explorer .exe and and wnt to cmputer and couldnt get into my computer as system pls help me edit permissions and all other accounts on my system don have rights as well
    so is thera cmd program to help me out pls tell i am using vist ultimate X84

  18. shyam said

    thank you .
    it was very helpful to me , finally i was able to delete some undeletable files

  19. Aaron Guilmette said

    As long as you have an account with administrative priviliges, you should be able to take ownership of anything. To apply the correct security, you may be able to run the Security Configuration Wizard and import the low-security template, C:\Windows\Security\templates\compatws.inf. That should reset most of the security settings back to their defaults.

  20. Jarvis said

    If I understand your problem correctly, you did something to remove all permissions from some folders on your computer…including system. If that is the case, you are limited in what you can do. What account does have permission on the folder? Logged in as an account that does have permission, you can take ownership of the folder, and then add other accounts (such as system) back in.

    One possible option would be to use the System Restore functionality to restore back to a previous state. I’m honestly not sure if that will restore permissions or not, but it’s worth a shot.

    If you somehow completely removed all permissions from a folder, then as far as I know you have one option…a new install. Sorry.

    Let me know if I misunderstood or if any of the above was helpful.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>