Wednesday, December 21, 2011

Run CMD.exe as Local System Account

Strike 1:

I found information online which suggests lauching the CMD.exe using the DOS Task Scheduler AT command. Here’s a sample command:

AT 12:00 /interactive cmd.exe

I gave it a shot but I received a Vista warning that “due to security enhancements, this task will run at the time excepted but not interactively.”

It turns out that this approach will work for XP, 2000 and Server 2003 but due to session 0 isolation Interactive services no longer work on Windows Vista and Windows Server 2008.

Strike 2:

Another solution suggested creating a secondary Windows Service via the Service Control (sc.exe) which merely launches CMD.exe.

C:\sc create RunCMDAsLSA binpath= "cmd" type=own type=interactC:\sc start RunCMDAsLSA

In this case the service fails to start and results it the following error message:

FAILED 1053: The service did not respond to the start or control request in a timely fashion.

Strike 3:

The third suggestion was to launch CMD.exe via a Scheduled Task. Though you may run scheduled tasks under various accounts, I don’t believe the Local System Account is one of them. I’ve tried using the Runas as well, but think I’m running into the same restriction as found when running a scheduled task.
Not Out Yet:

Fortunately, I came across this article which demonstrates the use of PSTools from SysInternals which was acquired by Microsoft in July, 2006. I launched the command line and issued the following statement and suddenly I was running under the Local System Account like magic:

psexec -i -s cmd.exe

PSTools worked great. It’s a lightweight, well-documented set of tools which provided an appropriate solution to my problem.

No comments:

Post a Comment