Wednesday, December 21, 2011

Run CMD.exe as Local System Account

Strike 1:

I found information online which suggests lauching the CMD.exe using the DOS Task Scheduler AT command. Here’s a sample command:

AT 12:00 /interactive cmd.exe

I gave it a shot but I received a Vista warning that “due to security enhancements, this task will run at the time excepted but not interactively.”

It turns out that this approach will work for XP, 2000 and Server 2003 but due to session 0 isolation Interactive services no longer work on Windows Vista and Windows Server 2008.

Strike 2:

Another solution suggested creating a secondary Windows Service via the Service Control (sc.exe) which merely launches CMD.exe.

C:\sc create RunCMDAsLSA binpath= "cmd" type=own type=interactC:\sc start RunCMDAsLSA

In this case the service fails to start and results it the following error message:

FAILED 1053: The service did not respond to the start or control request in a timely fashion.

Strike 3:

The third suggestion was to launch CMD.exe via a Scheduled Task. Though you may run scheduled tasks under various accounts, I don’t believe the Local System Account is one of them. I’ve tried using the Runas as well, but think I’m running into the same restriction as found when running a scheduled task.
Not Out Yet:

Fortunately, I came across this article which demonstrates the use of PSTools from SysInternals which was acquired by Microsoft in July, 2006. I launched the command line and issued the following statement and suddenly I was running under the Local System Account like magic:

psexec -i -s cmd.exe

PSTools worked great. It’s a lightweight, well-documented set of tools which provided an appropriate solution to my problem.

How to gain access to system account the most powerful account in Windows.

Don’t follow the procedure below if you don’t know what you
are doing. You may harm your PC. If you follow, Do it on your own risk.

1)Check the name of the account you’ve logged into (Click start. You
will see the name of the account you’ve logged in.)

2)Launch the command prompt. (Start | Run | cmd | [Enter] )
in command prompt, create a schedule to run cmd.exe.
To create a schedule type the following line and hit enter.
at 10:41 /interactive “cmd.exe”
this will create a schedule to run cmd.exe at 10:41.
(Since you are testing, check the time in your system try and add two or three minutes.)Change this time according to your local time
Hint: you can check if the schedule is placed by typing “at“
and hitting enter after the above step.

3)Wait for the time you set for the schedule.
cmd.exe would be launched at the specified time.

4)After cmd.exe is launched by the scheduled time, press [CTRL] + [ALT] + [DEL] and launch task manager.
Select “Process” tab, select explorer.exe in the process list and click “End Process” button.
You will receive a confirmation dialogue. Click “Yes” to end the process.

5)Close task manager by clicking the close (X) button.
Close the first cmd window (be careful to close the first one not the second one.)
Now you have only the second command prompt window and an empty desktop.
In command prompt type the following line and hit “Enter”
cd ..

6)In command prompt type the following line and hit “Enter”
If this is the first time you do it, windows creates the necessary
components for you to access System ( Desktop, start menu,
My document)
when it’s finished you will have a new desktop.

7)Close command prompt window. Click start and check your username. It’s changed to System. Now you are a super-power user. Be careful not to harm your PC and delete or modify system files if you don’t know what you are doing.

Am once again saying, don’t attempt accessing system account, unless you are an experienced Windows user