Is it possible to run a script on Windows boot as admin by adding it into a "Current Version\Run" registry key of the user "NT AUTHORITY\SYSTEM"?

0

This is the Windows registry autorun key for my current (administrator group) user:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

and this one is for the "NT AUTHORITY\SYSTEM" user:

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run

This is a simple script "Test.cmd" :

echo "Hello" >> C:\Test.txt

If I add it to the current user Run key, it works, but if I add it to the SYSTEM user, it does not.
What is going on here, and how can I add a .cmd script via Windows registry to be executed with the privileges of the user SYSTEM?

Tested on Windows XP, but it would be fine to get some answer for Windows 7 too.

Sopalajo de Arrierez

Posted 2014-07-28T02:54:45.617

Reputation: 5 328

I'm not 100% sure about this, but you're probably not logging on as NT AUTHORITY\SYSTEM. I don't even know if that's possible, but you could try this and see if that works.

– Vinayak – 2014-07-28T03:08:06.430

I am not sure about the method you suggest to add a .cmd script to the boot sequence of Windows, @Vinayak. The change I have proposed in the registry gest recorded, even between reboots, but the program does not run at all (there is no C:\Test.txt file). Are you suggesting to make the changes to the registry after loggin as NT AUTHORITY\SYSTEM? I think that will make no difference. – Sopalajo de Arrierez – 2014-07-28T03:14:33.320

No, I was suggesting that you merely logon as you normally would, then run Task Manager as Administrator and kill Explorer. Then use PsExec to start Explorer under the NT AUTHORITY\SYSTEM account to see if the text file gets created then. – Vinayak – 2014-07-28T03:18:25.720

1Forget my earlier comment. I think this one might work: Create a scheduled task (Run -> "taskschd.msc") and click the "Change User or Group" button and enter "System" and press OK. Then under "Triggers", create a new trigger and from the "Begin the task" dropdown menu, select "At startup" or "At log on". Could you check if that works? – Vinayak – 2014-07-28T03:23:46.993

@Vinayak, the question refers to registry editing methods. I have edited it to make it clearer. – Sopalajo de Arrierez – 2014-07-28T03:31:05.453

Do you wish to simply run a program through your script under the NT AUTHORITY\SYSTEM account? That could be done if you're using Windows XP (using the AT command privilege escalation)

– Vinayak – 2014-07-28T04:01:14.400

Answers

0

I believe your initial question/post is incorrect. Anything under HKEY_LOCAL_MACHINE applies regardless of the user account used to log in. So your first statement is incorrect. Whoever you're logged in as, your Run key would reside under this registry branch:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Additional users would reside under HKEY_USERS. If you edited the above key while logged in as Administrator, that would also edit the relevant key under HKEY_USERS (since HKCU is just a proxy for one of the entries under HKEY_USERS).

If you place your test.cmd script under HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\Windows\CurrentVersion\Run then it will run no matter which user logs on. Now your original question in the title says you want to run the command "on Windows boot". Do you really mean during the boot-up process (i.e. when the Windows logo is showing against a black screen), or do you mean during the logon process?

smashingly

Posted 2014-07-28T02:54:45.617

Reputation: 173

I meant boot-up process, without any need of logon. The user's HKLM key only runs after it. As long as the user "SYSTEM" does never log in, that could be the problem. The point of the question was to execute a script as administrator, so the registry edition should be done for the user "SYSTEM". I have edited the original question to make it clear. – Sopalajo de Arrierez – 2014-07-28T04:03:49.157

Asked: 2014-07-28T02:54:45.617

Viewed: 1 843 times

Active: 2014-07-28T04:05:43.620