Running a CMD prompt as System (XP and Vista)
Posted by Jarvis on December 5, 2007
From time to time I have had a need to run a program in the context of the Local System account instead of my user account. Typically this is in troubleshooting a program…a program that runs as Local System. It doesn’t do me much good to troubleshoot that program if the program is running under my user account’s security context. I need it to run as System…which has more rights…most of the time. I have had to use this a few times while working with SMS 2003 and SCCM 2007. Both of them run as the local system account.
So…how do we do that? In XP, 2000, Server 2003…you can do this very simply. You will need to be logged in with an account that has administrator privileges. Open a command prompt (Start, Run, CMD). At the command prompt type the following line. Replace 01:23 with the current time in 24 hour format + one minute. i.e. if it is 3:42 in the afternoon, enter it as 15:43.
at 01:23 /interactive cmd.exe
This schedules a task to run cmd.exe at the time you specify. When the CMD prompt pops up, it will be running as Local System. Be very careful. Note: you will only see this if you are at the console of the computer…so if you are connected to a server via Remote Desktop, you will not see the prompt come up unless you are connected to the console. I’ve been bit by that more than once…today as a matter of fact.
Now…what about Vista? I was bummed to see that this did not work in Vista. Good for security…bummer for me. So tonight I set out to find a way to do this. Cool thing is that the answer was actually pretty easy…and can be found on Microsoft’s site. Download PSTools from SysInternals. Microsoft bought SysInternals in 2006. Extract the files. You will use the file named PSexec.exe.
You still need a CMD prompt, but there’s an extra step… You will need to find the shortcut to the CMD prompt (Start, type CMD in the search box and wait for it to locate it…should be pretty fast). Once it locates it, right click it and choose to “Run as administrator”. (Do this even if your user account is an admin.) Once this opens, change directory til you get to the folder that contains PSexec (unless psexec is in a folder in your PATH already). This is where the magic happens…type the following line. (-i is for interactive, -s is to run as system)
psexec -i -s cmd.exe
The command prompt will look like:
Once you hit enter, another command prompt will open that will be running as the system account (NT Authority\System).
NOTE: you can use these instructions to run any program as System. If you had a dire need to run Calculator or Solitaire as Local System…you could do that…just replace cmd.exe with the executable file for the program you want to run. I will also say again…be careful. Don’t do this unless you really need to…and unless you are prepared to take responsibility for anything you might mess up by doing so!
Have fun! Actually…who am I kidding? This isn’t meant to be fun…it’s meant to be useful. Now…go get some work done. ;-)
Ivan Versluis said
Hi Jarvis, good post and thanks for publishing the howto. I used this interactive cmd.exe before and know how it works but forgot the syntex. Still it does not work, maybe something with the sms server. Thanks for the psexec also ;-)
I like your site and will put it on my blogroles/links. Cheers Ivan
Callum said
Very useful article – a must try for school :)
Jarvis said
Callum –
I saw that you are 14 years old. If you try it at school…I strongly encourage you not to do anything that would get you in trouble!
hapbt said
jarvis, stfu, ok?
Jarvis said
Well…that was a mature and helpful comment [sarcasm].
Dr.SeReB said
THANK YOU!!!
I’ve found an article about using service to gain SYSTEM rights, but it was too difficult to prepare and run.
“psexec -i -s exe” is really better and noble way how to do it. ;)
Jarvis said
Glad it was helpful to you. I had seen the way to do it by installing a service and had the same impression you did…way to difficult for a simple process. Took me more time to get the service installed and to later uninstall it than it did for me to actually do the small thing I needed to do as SYSTEM.
Bobby said
Jarvis,
Thank you for this information as well as your other posts I’ve used on SCCM. I tried to run PSEXEC but it doesn’t run it interactively.
I run psexec -i -s iexplore.exe and I watch the process start in Task Manager, but nothing appears before my eyes. I’m sitting at the console on my new Server 2008 box.
forrest said
it is very useful but if u log on with normal user privilege. u can’t run both of them (at or psexec). u will get access denied. :S . any work around?
Siva said
Its nice trick yar…. it works in vista too
Run CMD.exe as Local System Account | JohnnyCoder said
[...] I came across this article which demonstrates the use of PSTools from SysInternals which was acquired by Microsoft in July, [...]
Sherry said
Another way (probably similar to the way Dr.SeReb mentions): http://myitforum.com/cs2/blogs/cnackers/archive/2009/05/06/nt-authority-context-command-prompt.aspx?CommentPosted=true#commentmessage
Andreas said
Hi Jarvis
This article really helped. Hopefully I can get my cruisecontrol service to access my visual svn server now.
I have struggeled to find a description on how to do this in Vista. Maybe only few people care about Vista these days :]
—-
Hapbt. One year has passed since you wrote your amazingly stupid entry – have you gotten wiser?!
/Andreas
Nathan said
I don’t understand how this would work under Vista/W7. All system processes run in session 0, which cannot display info to the user. This is why interactive services are not allowed on Vista/W7.
I wonder how PSTools pulls this off…
More info:
http://www.kwakkelflap.com/blog/2007/04/howto-interactive-service-in-windows.html
Ian Schwamberger said
Check out the bio on the guy who wrote the pstools. He probably knows a few things the rest of us do not :)
fillipa Vtaputin said
I saw your comments about how it’s easier than installing a service. I guess from your perspective it is, but really you’re doing that. That’s how psexec works.
gokul said
hi jarvis
i am in a whole lot of mess sa i was careless with the permissions so using ur psexec -s -icmd.exe i ran explorer .exe and and wnt to cmputer and couldnt get into my computer as system pls help me edit permissions and all other accounts on my system don have rights as well
so is thera cmd program to help me out pls tell i am using vist ultimate X84
shyam said
thank you .
it was very helpful to me , finally i was able to delete some undeletable files
Aaron Guilmette said
As long as you have an account with administrative priviliges, you should be able to take ownership of anything. To apply the correct security, you may be able to run the Security Configuration Wizard and import the low-security template, C:\Windows\Security\templates\compatws.inf. That should reset most of the security settings back to their defaults.
Jarvis said
If I understand your problem correctly, you did something to remove all permissions from some folders on your computer…including system. If that is the case, you are limited in what you can do. What account does have permission on the folder? Logged in as an account that does have permission, you can take ownership of the folder, and then add other accounts (such as system) back in.
One possible option would be to use the System Restore functionality to restore back to a previous state. I’m honestly not sure if that will restore permissions or not, but it’s worth a shot.
If you somehow completely removed all permissions from a folder, then as far as I know you have one option…a new install. Sorry.
Let me know if I misunderstood or if any of the above was helpful.