Run a command prompt in the Local System context!

Sometimes you may need to run a command, especially when you are troubleshooting a problem that requires the System context to execute and return results. The Local System context, which is normally a protected layer for the operating system to execute services, can be accessed using a privileged service account called NT AUTHORITY\SYSTEM or LocalSystem.  If a service running in the Local System context is compromised then your system is at risk!

But there are instances when you need to run tools from a command prompt using these credentials. If you try to script tasks that run in the Local System context then any results are not displayed in your interactive command prompt window but in session 0 winstab0\default desktop! A workaround exists and it is called PsExec. PsExec is a utility by Mark Russinovich which can be downloaded from Windows Sysinternals that allows you to execute processes on remote systems and redirect console applications’ output to the local system. The remote applications appear to run on your local computer!

Download PsExec from here – http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

After you download PsTools which is a suite of utilities including PsExec, extract the compressed file to your desired location and change path to this location. Then, run the following command:

psexec –sid cmd.exe

You can verify that the newly opened command prompt is running under the Local System context by using Task Manager and search for cmd.exe instance with SYSTEM displayed as User Name. Also, the path displayed in the privileged command prompt window would be %SystemDrive%\Windows\System32>

Note, that PsExec can be detected as a malicious program by some anti-virus scanners, although PsTools do not contain viruses, they have been leveraged by viruses and other malware.

Share