Command prompt as SYSTEM user (Windows 7)

10

6

How can I get a command prompt as the SYSTEM user on Windows 7?

Context: I'm testing a computer startup script, and I need to figure out the behavior of a command when run as SYSTEM rather than my user account.

I've seen ways to do this with at and psexec, but those methods only appear to work on Windows XP or Windows Vista.

I'm using Windows 7 Pro SP1.

stephenwade

Posted 2013-07-01T13:36:34.753

Reputation: 592

Or... probably you haven't run cmd as Administrator. PsExec needs administrative privileges. – Jet – 2014-07-23T17:42:18.647

1SYSTEM is generally the user services run under, not an interactive account... – Austin T French – 2013-07-01T13:56:59.603

...which would explain why I haven't been able to find the answer yet. – stephenwade – 2013-07-01T14:00:23.297

"Context: I'm testing a computer startup script and I need to figure out the behavior of a command when run as SYSTEM rather than my user account." – stephenwade – 2013-07-01T14:01:07.253

Can you / or have you tried running it as a service then? – Austin T French – 2013-07-01T14:06:23.407

1Maybe I'm misunderstanding something. Here's the goal: I have a script that I plan to deploy to our organization via Group Policy. Even though the script should be working, it isn't. – stephenwade – 2013-07-01T14:43:27.087

1The script will run as a computer startup script, which I think runs as SYSTEM; therefore I want a command prompt as SYSTEM to test my script. Am I correct that startup scripts run as SYSTEM? If so, what's the best way to go about testing my script? – stephenwade – 2013-07-01T14:43:43.840

Startup scripts from which method? Many Startup scripts run as the current user. – Austin T French – 2013-07-01T14:57:11.100

1A computer startup script in Group Policy. – stephenwade – 2013-07-01T14:59:59.587

1I've seen ways to do this with at and psexec, but those methods only appear to work on Windows XP or Windows 7. I'm using Windows 7 Pro SP1.   Um… ఠ_ಠ – Synetech – 2013-07-01T16:20:59.267

Oops... I meant Vista. – stephenwade – 2013-07-01T16:43:44.387

Answers

3

This was asked on Stack Overflow. The accepted answer uses PsExec (from the Systinternals suite) as Scott suggested.

Another solution involves creating a service that runs under the System account to run the command interpreter. You can do this manually, or use a program that creates the services, runs the prompt, then deletes the service automatically. I just tried it and it worked a treat:

Screenshot of Task Manager with CMD running as System

Synetech

Posted 2013-07-01T13:36:34.753

Reputation: 63 242

9

Use PsExec from Microsoft's Systinternals suite. PsExec must be run from an administrative command prompt. Use the -i -s switches to launch your script/command prompt.

Enter image description here

Scott Chamberlain

Posted 2013-07-01T13:36:34.753

Reputation: 28 923

Yes, psexec -i -s cmd.exe works fine. – mivk – 2016-06-17T15:00:47.020

psexec was first telling me that it couldn't connect to the PsExec service running on the PC. After some checks, I found that the Microsoft File Sharing protocol was disabled in the bindings for the network adapter I was using. For some reason this also affects local connections as the one PsExec is doing. – Ale – 2016-07-18T12:07:19.100

1Even in an Administrator command prompt, I get the message "Access is denied." – stephenwade – 2013-07-01T16:45:18.017

@stephenwade How are you getting the administrator command prompt, are you right clicking and doing "Run as Administrator"? Does it say "Administrator: Command Prompt" in the tile when you have the window open before you start PsExec? Also are you attempting to point it at a network file to run, the token to connect to the remote share is lost during the elevation process. – Scott Chamberlain – 2013-07-01T16:47:05.370

Yes, I right-clicked on Command Prompt in the Start menu and clicked "Run as Administrator". – stephenwade – 2013-07-01T16:49:11.520

1I'm running psexec from a network folder linked to the H: drive. Might that be the problem? – stephenwade – 2013-07-01T16:49:47.930

1@stephenwade yes, when you elevate you loose your network drives (because they are tied to the user account and you are changing user accounts), copy local and it will work. – Scott Chamberlain – 2013-07-01T16:52:28.987

1

I would be very careful doing this. SYSTEM is the Administrator account but much, much more dangerous as it has a higher level of access.

Generally, your SYSTEM is the account services run under, not an interactive profile. There are ways to do this though.

Reading through this I think we have a good approach:

  1. Check the name of the account you’ve logged into (Click start. You
    will see the name of the account you’ve logged in.)
  2. Launch the command prompt. (Start | Run | cmd | [Enter] )
    in command prompt, create a schedule to run cmd.exe.
    To create a schedule type the following line and hit enter.
    at 10:41 /interactive “cmd.exe”
    this will create a schedule to run cmd.exe at 10:41.
    (Since you are testing, check the time in your system try and add two or three minutes.)Change this time according to your local time
    Hint: you can check if the schedule is placed by typing “at
    and hitting enter after the above step.
  3. Wait for the time you set for the schedule.
    cmd.exe would be launched at the specified time.
  4. After cmd.exe is launched by the scheduled time, press [CTRL] + [ALT] + [DEL] and launch task manager.
    Select “Process” tab, select explorer.exe in the process list and click “End Process” button.
    You will receive a confirmation dialogue. Click “Yes” to end the process.
  5. Close task manager by clicking the close (X) button.
    Close the first cmd window (be careful to close the first one not the second one.)
  6. Now you have only the second command prompt window and an empty desktop.
    In command prompt type the following line and hit “Enter”
    cd ..
  7. In command prompt type the following line and hit “Enter”
    explorer.exe
    If this is the first time you do it, windows creates the necessary
    components for you to access System ( Desktop, start menu,
    My document)
    when it’s finished you will have a new desktop.
  8. Close command prompt window. Click start and check your username.
    It’s changed to System.
    Now you are a super-power user. Be careful not to harm your PC and delete or modify system files if you don’t know what you are doing.

The other option would be to run your script as a service.

Austin T French

Posted 2013-07-01T13:36:34.753

Reputation: 9 766

2

C:\Windows\system32>at 23:56 /interactive "cmd.exe" Warning: Due to security enhancements, this task will run at the time expected but not interactively. Use schtasks.exe utility if interactive task is required ('schtasks /?' for details). Added a new job with job ID = 1 http://blogs.technet.com/b/askds/archive/2008/10/22/getting-a-cmd-prompt-as-system-in-windows-vista-and-windows-server-2008.aspx

– Dagelf – 2015-04-28T21:57:44.917

2at doesn't work in Windows 7. – stephenwade – 2013-07-01T14:39:47.383

1at runs on my Windows 7 machine. What doesn't work for you? – uSlackr – 2013-07-01T15:44:32.057

3Here’s another (quicker?) way to terminate your explorer process in Windows 7:  Click on Start.  Move the mouse to the right side of the menu (where “Run” and “Log off” are).  (Ctrl)+(Shift)+(right click); click on “Exit Explorer”. – Scott – 2013-08-19T23:33:41.520

1

There is a little more hacky approach to this as well, which involves basically subbing cmd.exe in place of Utilman.exe in \Windows\System32 (which would obviously require a backup). You would have to do this outside of the currently running Windows beforehand (e.g. in Linux or via an installation/recovery CD). Here would be an example script to use (via Windows):

cd "%SystemRoot%\System32"
ren Utilman.exe Utilman.exe.bak
robocopy cmd.exe Utilman.exe /copyall

After you do that, boot into regular Windows and hit Windows Key+U, and instead of bringing up a set of utilities to help with accessibility, etc., it brings up a System-level command prompt with all the available tools of your system.

Isiah Meadows

Posted 2013-07-01T13:36:34.753

Reputation: 163

This is handy if you cannot login to a system and only get to login screen – Vitas – 2017-04-21T13:50:28.907

Also it's possible to do it inside Windows, without disks, even without rebooting it. Just go to System32, open properties of UtilMan.exe, take all privileges and ownership, and do that steps after it. – Jet – 2014-06-06T14:54:21.700

Asked: 2013-07-01T13:36:34.753

Viewed: 50 644 times

Active: 2015-09-30T18:06:18.290