Monday, 13 September 2010

Starting an interactive command prompt as the local system

Occasionally you need to run some operations under the credentials of the operating system itself. For instance, if you lock yourself out of a service security descriptor by emptying the DACL, you'll only be able to run sc sdset .... under the SYSTEM account.

Under XP/2003 and before this could be done by running an interactive command prompt under that account via

Under Vista/2008 this was perceived as a security hole and so running the command prompt interactively was stopped.

The easiest way to accomplish this now is to use psexec.
Once downloaded you can run:
psexec -i -s -d cmd

You can confirm that the subsequent command prompt is running under the SYSTEM account by typing whoami /user in it.

No comments:

Post a Comment