How to run commands using SYSTEM account

Shaun VermaakLead Engineer
CERTIFIED EXPERT
My name is Shaun Vermaak and I have always been fascinated with technology and how we use it to enhance our lives and business.
Published:
Sometimes Administrators rights are not enough. These cases call for the SYSTEM account. The process in this article outlines the steps required to execute commands using the SYSTEM account.

Introduction


This is a process I use whenever I get an "Access Denied" message. One example of this is when I do not have access to SQL Server directly, only administrative rights to the actual server.


PROCESS


1) Download PsExec which is part of the PsTools suite


2) Extract PsTools.zip to a convenient location. I usually copy PsExec.exe to the System32 folder. This allows PsExec.exe to be executed from any folders without specifying the full path.


3) Execute the following command

PsExec.exe -s -i -d CMD.exe



4) From within this new command prompt, everything you open will open as the SYSTEM account.


Examples


Viewing NT Secrets


Open Regedit.exe and you will be able to see content of HKEY_LOCAL_MACHINE\SECURITY

  • This allows you to view passwords that were stored as NT Secrets


Opening SQL Server Management Studio as SYSTEM


Open SQL Management Studio and you will be able to log on with SYSTEM

  • This allows you to access SQL without directly having been granted SQL right yet you have administrative rights to SQL Server

You will be able to browse to any folder that only allows SYSTEM account

  • You can export permissions with SetACL/ICACLS to folders that administrators group might have been removed on
  • Kill processes that give error Access Denied when you try to terminate it with normal Administrator rights


WinDirStat/TreeSize etc.


Running something like TreeSize as SYSTEM will actually give you a better view and understanding of what is using space because you will get less access denials


Some others...

  • Simulate GPO start scripts
  • Simulate GPO based MSI installation
  • Diagnose why scheduled tasks that run as SYSTEM don't run as intended
  • Start/stop protected services


Conclusion


Using this process, (or one similar) will allow you to start processes as the SYSTEM account allowing you to access parts of files system, registry and application not accessible with normal Administrative rights.


Please do not forget to press the "Thumb's Up" button if this article was helpful and valuable for EE members.


It also provides me with positive feedback. Thank you!

6
2,854 Views
Shaun VermaakLead Engineer
CERTIFIED EXPERT
My name is Shaun Vermaak and I have always been fascinated with technology and how we use it to enhance our lives and business.

Comments (1)

AlanConsultant
CERTIFIED EXPERT

Commented:
Great article Shaun - it is easy to forget to try running as System if something is giving you grief :-)

Alan.

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.

Get access with a 7-day free trial.
You Belong in the World's Smartest IT Community