Why can't my SYSTEM Command Prompt access these files owned by SYSTEM and how do I fix it?

1

I launched a Command Prompt under SYSTEM with PsExec to move a file owned by SYSTEM without changing the file and folder's permissions, but I'm still being denied access. What's going on here?

reggie-man

Posted 2016-05-23T07:58:34.187

Reputation: 13

http://stackoverflow.com/questions/19098101/how-to-open-an-elevated-cmd-using-command-line-for-windows – Frank Sixteen – 2016-05-23T08:10:27.513

Just the first thought: does SYSTEM has the right to write on the destination directory? Is the file in use? – Hastur – 2016-05-23T08:11:46.577

@FrankSixteen I don't need Administrator privileges, I need SYSTEM privileges, and I've already worked out how to get that. That's not my problem. – reggie-man – 2016-05-23T19:53:09.270

@Hastur Yes, it does, and I'm fairly certain it's not being accessed. – reggie-man – 2016-05-23T19:54:09.597

Answers

0

It's very likely that you need to run as trusted installer. Some programs, like GWX do this.

Look for a proggie called runasti.exe on the internet, and it should do the magic,

wendy.krieger

Posted 2016-05-23T07:58:34.187

Reputation: 660

It doesn't seem to work, and whoami /user reports that I'm SYSTEM rather than trusted installer. I just managed to capture a screenshot of the initial command line before it closed. https://i.imgur.com/8nTskRp.png

– reggie-man – 2016-05-23T19:51:42.093

You run runasti cmd.exe Even though it still reports system, it gets additional rights from the trusted installer process, which allows it to do things that a regular system prompt does. For example, if i ran something like the sysintern system-user prompt, I could still not delete the GWX thing. A prompt under TrustdUser token allowed me nearly full control of a win7 system. – wendy.krieger – 2016-05-23T23:31:57.473

I see. Well, it seems this isn't my solution then. :\ – reggie-man – 2016-05-24T02:07:18.543

You might want to use something like process explorer and see who has the file open. Run procexp under your system prompt. Procexp allows you to see who has individual files open, based on a search of the file name. – wendy.krieger – 2016-05-24T03:12:37.143

I searched the dll with process explorer, no results, then tried moving the file again, didn't work. It must be something else. – reggie-man – 2016-05-24T03:25:10.773

@SillyGoose Maybe antivirus? Which attributes for that file? I start to be curious... :) – Hastur – 2016-05-25T18:47:02.760

Asked: 2016-05-23T07:58:34.187

Viewed: 364 times

Active: 2016-05-23T08:16:17.397