Occasionally you need to run some operations under the credentials of the operating system itself. For instance, if you lock yourself out of a service security descriptor by emptying the DACL, you'll only be able to run sc sdset .... under the SYSTEM account.
Under XP/2003 and before this could be done by running an interactive command prompt under that account via
Under Vista/2008 this was perceived as a security hole and so running the command prompt interactively was stopped.
The easiest way to accomplish this now is to use psexec.
Once downloaded you can run:
psexec -i -s -d cmd
You can confirm that the subsequent command prompt is running under the SYSTEM account by typing whoami /user in it.