The Realm of the Verbal Processor

Jarvis's Ramblings

Running a CMD prompt as System (XP/Vista/Win7/Win8)

From time to time I have had a need to run a program in the context of the Local System account instead of my user account. Typically this is in troubleshooting a program…a program that runs as Local System. It doesn’t do me much good to troubleshoot that program if the program is running under my user account’s security context. I need it to run as System…which has more rights…most of the time. I have had to use this a few times while working with SMS 2003 and SCCM 2007. Both of them run as the local system account.

So…how do we do that? In XP, 2000, Server 2003…you can do this very simply. You will need to be logged in with an account that has administrator privileges. Open a command prompt (Start, Run, CMD). At the command prompt type the following line. Replace 01:23 with the current time in 24 hour format + one minute. i.e. if it is 3:42 in the afternoon, enter it as 15:43.

at 01:23 /interactive cmd.exe

This schedules a task to run cmd.exe at the time you specify. When the CMD prompt pops up, it will be running as Local System. Be very careful. Note: you will only see this if you are at the console of the computer…so if you are connected to a server via Remote Desktop, you will not see the prompt come up unless you are connected to the console. I’ve been bit by that more than once…today as a matter of fact.

Now…what about Vista? I was bummed to see that this did not work in Vista. Good for security…bummer for me. So tonight I set out to find a way to do this. Cool thing is that the answer was actually pretty easy…and can be found on Microsoft’s site. Download PSTools from SysInternals. Microsoft bought SysInternals in 2006. Extract the files. You will use the file named PSexec.exe.

You still need a CMD prompt, but there’s an extra step… You will need to find the shortcut to the CMD prompt (Start, type CMD in the search box and wait for it to locate it…should be pretty fast). Once it locates it, right click it and choose to “Run as administrator”. (Do this even if your user account is an admin.) Once this opens, change directory til you get to the folder that contains PSexec (unless psexec is in a folder in your PATH already). This is where the magic happens…type the following line. (-i is for interactive, -s is to run as system)

psexec -i -s cmd.exe

The command prompt will look like:

Once you hit enter, another command prompt will open that will be running as the system account (NT Authority\System).

NOTE: you can use these instructions to run any program as System. If you had a dire need to run Calculator or Solitaire as Local System…you could do that…just replace cmd.exe with the executable file for the program you want to run. I will also say again…be careful. Don’t do this unless you really need to…and unless you are prepared to take responsibility for anything you might mess up by doing so!

Have fun! Actually…who am I kidding? This isn’t meant to be fun…it’s meant to be useful. Now…go get some work done. ;-)

About these ads

December 5, 2007 - Posted by | ConfigMgr, tech

47 Comments »

  1. Hi Jarvis, good post and thanks for publishing the howto. I used this interactive cmd.exe before and know how it works but forgot the syntex. Still it does not work, maybe something with the sms server. Thanks for the psexec also ;-)

    I like your site and will put it on my blogroles/links. Cheers Ivan

    Comment by Ivan Versluis | March 13, 2008

  2. Very useful article – a must try for school :)

    Comment by Callum | March 30, 2008

  3. Callum –
    I saw that you are 14 years old. If you try it at school…I strongly encourage you not to do anything that would get you in trouble!

    Comment by Jarvis | March 30, 2008

  4. jarvis, stfu, ok?

    Comment by hapbt | May 21, 2008

  5. Well…that was a mature and helpful comment [sarcasm].

    Comment by Jarvis | May 21, 2008

  6. THANK YOU!!!
    I’ve found an article about using service to gain SYSTEM rights, but it was too difficult to prepare and run.

    “psexec -i -s exe” is really better and noble way how to do it. ;)

    Comment by Dr.SeReB | June 24, 2008

  7. Glad it was helpful to you. I had seen the way to do it by installing a service and had the same impression you did…way to difficult for a simple process. Took me more time to get the service installed and to later uninstall it than it did for me to actually do the small thing I needed to do as SYSTEM.

    Comment by Jarvis | June 24, 2008

  8. Jarvis,

    Thank you for this information as well as your other posts I’ve used on SCCM. I tried to run PSEXEC but it doesn’t run it interactively.

    I run psexec -i -s iexplore.exe and I watch the process start in Task Manager, but nothing appears before my eyes. I’m sitting at the console on my new Server 2008 box.

    Comment by Bobby | October 6, 2008

  9. it is very useful but if u log on with normal user privilege. u can’t run both of them (at or psexec). u will get access denied. :S . any work around?

    Comment by forrest | October 12, 2008

  10. Its nice trick yar…. it works in vista too

    Comment by Siva | December 14, 2008

  11. […] I came across this article which demonstrates the use of PSTools from SysInternals which was acquired by Microsoft in July, […]

    Pingback by Run CMD.exe as Local System Account | JohnnyCoder | January 9, 2009

  12. Hi Jarvis

    This article really helped. Hopefully I can get my cruisecontrol service to access my visual svn server now.

    I have struggeled to find a description on how to do this in Vista. Maybe only few people care about Vista these days :]

    —-

    Hapbt. One year has passed since you wrote your amazingly stupid entry – have you gotten wiser?!

    /Andreas

    Comment by Andreas | May 31, 2009

  13. I don’t understand how this would work under Vista/W7. All system processes run in session 0, which cannot display info to the user. This is why interactive services are not allowed on Vista/W7.
    I wonder how PSTools pulls this off…
    More info:

    http://www.kwakkelflap.com/blog/2007/04/howto-interactive-service-in-windows.html

    Comment by Nathan | June 23, 2009

  14. Check out the bio on the guy who wrote the pstools. He probably knows a few things the rest of us do not :)

    Comment by Ian Schwamberger | July 29, 2009

  15. I saw your comments about how it’s easier than installing a service. I guess from your perspective it is, but really you’re doing that. That’s how psexec works.

    Comment by fillipa Vtaputin | July 31, 2009

  16. hi jarvis
    i am in a whole lot of mess sa i was careless with the permissions so using ur psexec -s -icmd.exe i ran explorer .exe and and wnt to cmputer and couldnt get into my computer as system pls help me edit permissions and all other accounts on my system don have rights as well
    so is thera cmd program to help me out pls tell i am using vist ultimate X84

    Comment by gokul | November 7, 2009

  17. If I understand your problem correctly, you did something to remove all permissions from some folders on your computer…including system. If that is the case, you are limited in what you can do. What account does have permission on the folder? Logged in as an account that does have permission, you can take ownership of the folder, and then add other accounts (such as system) back in.

    One possible option would be to use the System Restore functionality to restore back to a previous state. I’m honestly not sure if that will restore permissions or not, but it’s worth a shot.

    If you somehow completely removed all permissions from a folder, then as far as I know you have one option…a new install. Sorry.

    Let me know if I misunderstood or if any of the above was helpful.

    Comment by Jarvis | November 8, 2009

  18. thank you .
    it was very helpful to me , finally i was able to delete some undeletable files

    Comment by shyam | December 1, 2009

  19. As long as you have an account with administrative priviliges, you should be able to take ownership of anything. To apply the correct security, you may be able to run the Security Configuration Wizard and import the low-security template, C:\Windows\Security\templates\compatws.inf. That should reset most of the security settings back to their defaults.

    Comment by Aaron Guilmette | February 1, 2010

  20. […] the same “Local System User” that runs the Windows Services, 2 of them are documented here. I chose to use the the psexec tool from […]

    Pingback by JVM Monitoring with Oracle Application Server 10g R2 « Nicolas Vahlas's Blog | March 2, 2010

  21. Many Thanks. I’d like to drop a plug for some of the poor souls searching for
    “Error Accessing OLE Registry” and “VB6″. Maybe even Crystal Reports (8.x) as the CR8 install sometimes boogers up the registry and windows 7/Vista users NEED this to run scr8_webregfix.exe (available somewhere else….)

    Thanks again.
    Jim.

    Comment by Jim Lang | March 10, 2010

  22. i just discovered how to run CMD window as system in Vista, without the need for third party software. just simply cover the same proceedure as above for XP, bu this time using the following command in vista:

    schtasks /create /SC ONCE /TN CMD /TR “CMD” /ST HH:MM

    where HH:MM is the time you want cmd to launch.

    Comment by andy | March 22, 2010

  23. Andy,
    I have been aware of that method. Sherry links to the same method above. However I just confirmed that this method does not work in Windows 7. It opens up a command prompt, but if you run the command “whoami” it will show that the command prompt is running as the currently logged on user account.

    Comment by Jarvis | March 23, 2010

  24. […] SDDL Description SDDL: Allow users to restart a service. Running a command prompt as local system user. Reset Windows 2003 Domain Admin Password This entry was posted in General, Windows, Windows 2003, […]

    Pingback by How to reset Windows Service SDDL ACL | A Simple Man, A Complex Mind | December 14, 2010

  25. […] SDDL Description SDDL: Allow users to restart a service. Running a command prompt as local system user. Reset Windows 2003 Domain Admin Password This entry was posted in Windows, Windows 2003, Windows […]

    Pingback by How to reset Windows Service SDDL ACL | A Simple Man, A Complex Mind | December 19, 2010

  26. Thank you! Despite using “Run as admin”, my cmd kept just running as the local user… so this fixed the problem. Cheers

    Comment by Karen | January 2, 2012

  27. Nice… KISS

    Comment by Slade | February 29, 2012

  28. on the command prompt it told me access denied. help?

    Comment by Jake | March 1, 2012

  29. The initial command prompt needs to be run with admin rights…that is most likely the problem.

    Comment by Jarvis | April 9, 2012

  30. […] I came across this article which demonstrates the use of PSTools from SysInternals (which was acquired by Microsoft in July, […]

    Pingback by How can I access the System Account in Windows 7? | April 13, 2012

  31. […] Recovering files from CSC (Windows “Offline Files”) Print PDF Run an interactive SYSTEM cmd following the instructions here […]

    Pingback by Recovering files from CSC (Windows “Offline Files”) | He is. | June 7, 2012

  32. […] Just thought of something else you could try… verbalprocessor.com/2007/12/05/running-a-cmd-prompt-as-local-system/ Once you have the Command Prompt running under the System account you can then use the Del command […]

    Pingback by Delete files have no permission over? | August 26, 2012

  33. I LOVE everything that you post!!!! I am new to my job and Im really trying hard to get the SCCM/WSUS project up and running. Everything you’ve posted about it helps me get a step closer!!!! Thanks for taking the time to share your findings! AND, thanks for the “Local System” run as info!

    Comment by Latanna | September 14, 2012

  34. […] SDDL Description SDDL: Allow users to restart a service. Running a command prompt as local system user. Reset Windows 2003 Domain Admin […]

    Pingback by How to reset Windows 2003/2008 Service SDDL ACL | A Simple Man, A Complex Mind | November 23, 2012

  35. Jarvis, the download links for PSTools need to be refreshed. The new location is here: http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx

    Comment by Nathan Strong | April 19, 2013

  36. Nathan…Thank you! Bummer is that the link has probably been broken for quite a while. Thank you for pointing it out to me. It is not fixed in the post.

    Comment by Jarvis | April 19, 2013

  37. If there’s need to use RunAsSystem in safe mode, just add to registry:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RunAsSystem]
    @=”Service”

    Comment by Gregor | October 11, 2013

  38. […] article  which demonstrates the use of PSTools from SysInternals which was acquired by Microsoft  […]

    Pingback by Run program as Local System Account - Microsoft APGC Hardware Developer Support Team - Site Home - MSDN Blogs | November 9, 2013

  39. Thanks so much, exactly what I was looking for.

    Comment by Alex | November 29, 2013

  40. i download the pstools and after i extract the files i open it but it goes away and i have no command prompt to work with please help.

    Comment by Lorenzo | January 4, 2014

  41. It sounds like you are double-clicking psexec…which would do what you are talking about. You need to first open an admin command prompt in order to run psexec first. Or…if you simply can’t find where it extracted PStools.zip…look in your internet cache or %temp%. Hopefully one of those suggestions will get you going again.

    Comment by Jarvis | January 7, 2014

  42. Thanks to this article i finally figured a way to make a shortcut for this. Other than using Process Hacker portable or installed and running cmd.exe or anything as NT AUTHORITY\SYSTEM, put a copy of psexec in System32. Then make a batch file with C:\Windows\System32\psexec -i -s cmd.exe, save in a convenient location. Make a shortcut to said batch file anywhere (quick launch). (Startpage how to retrieve quick launch on Windows 7, 8 with Classic Shell – Google is not our friend – find out why). Right click shortcut > properties > Shortcut tab > Advanced > check ‘Run as administrator’ > ok > select Apply in System Properties. Select ‘Change Icon…’ navigate to C:\Windows\System32\cmd.exe and select it if you like, apply, exit. Right click shortcut again and select rename and choose your name like ‘System’. Done. When single clicking quick launch shortcut 2 command prompts will appear with the System user in front, type whoami, hit enter, go get some work done as Jarvis says. ;-)

    Comment by Malware Removal | March 30, 2014

  43. Reblogged this on Sevens IT and commented:
    Good Guide!

    Comment by dakseven | September 4, 2014


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 39 other followers