Running commands as System account in Windows


Windows System account is normally not available for the users. In some cases however one would want to run some command using System's privileges for example when diagnozing permission issues with services, ran under Local system account. This is not achievable using RUNAS command. There's a workaround for this: create a service that interacts with Desktop and opens cmd window. For Remote Desktop users: the window pops up in the console session, so you have to be connected to it. Then run it - cmd window will be with System's privileges. Here's the needed code:
 
@echo off
sc create CmdAsSystem type= own type= interact binPath= "cmd /c start cmd /k (cd c:\ ^& color ec ^& title ***** SYSTEM *****)"
net start CmdAsSystem
sc delete CmdAsSystem 

Source: http://myitforum.com/cs2/blogs/jnelson/archive/2008/02/15/112673.aspx
 
This helps us resolving another issue, related to services running under System account. When one mounts network drive under some letter, let's say \\otherserver\shared\folder as X:, it is only visible to the user that mounted it. So if your service tries to use your mounted share and try to read the content of X:\, it'll get file not found error. So now, using the above approach, we'll just:
 
sc create MountAsSystem type= own type= interact binPath= "cmd /c net use X: \\otherserver\shared\folder "
net start MountAsSystem
sc delete MountAsSystem

 

No comments yet

Back to articles list

This page was last modified on 2018-12-09 03:36:47