11

How can I get a command prompt as the SYSTEM user on Windows 7?

Context: I'm testing a computer startup script, and I need to figure out the behavior of a command when run as SYSTEM rather than my user account.

I've seen ways to do this with at and psexec, but those methods only appear to work on Windows XP or Windows Vista.

I'm using Windows 7 Pro SP1.

Peter Mortensen
  • 12,190
stephenwade
  • 691

4 Answers4

9

Use PsExec from Microsoft's Systinternals suite. PsExec must be run from an administrative command prompt. Use the -i -s switches to launch your script/command prompt.

Enter image description here

Peter Mortensen
  • 12,190
Scott Chamberlain
  • 30,874
  • 1
    Even in an Administrator command prompt, I get the message "Access is denied." – stephenwade Jul 01 '13 at 16:45
  • @stephenwade How are you getting the administrator command prompt, are you right clicking and doing "Run as Administrator"? Does it say "Administrator: Command Prompt" in the tile when you have the window open before you start PsExec? Also are you attempting to point it at a network file to run, the token to connect to the remote share is lost during the elevation process. – Scott Chamberlain Jul 01 '13 at 16:47
  • Yes, I right-clicked on Command Prompt in the Start menu and clicked "Run as Administrator". – stephenwade Jul 01 '13 at 16:49
  • 1
    I'm running psexec from a network folder linked to the H: drive. Might that be the problem? – stephenwade Jul 01 '13 at 16:49
  • 1
    @stephenwade yes, when you elevate you loose your network drives (because they are tied to the user account and you are changing user accounts), copy local and it will work. – Scott Chamberlain Jul 01 '13 at 16:52
  • Yes, psexec -i -s cmd.exe works fine. – mivk Jun 17 '16 at 15:00
  • psexec was first telling me that it couldn't connect to the PsExec service running on the PC. After some checks, I found that the Microsoft File Sharing protocol was disabled in the bindings for the network adapter I was using. For some reason this also affects local connections as the one PsExec is doing. – Ale Jul 18 '16 at 12:07
4

This was asked on Stack Overflow. The accepted answer uses PsExec (from the Systinternals suite) as Scott suggested.

Another solution involves creating a service that runs under the System account to run the command interpreter. You can do this manually, or use a program that creates the services, runs the prompt, then deletes the service automatically. I just tried it and it worked a treat:

Screenshot of Task Manager with CMD running as System

Community
  • 1
Synetech
  • 68,827
2

There is a little more hacky approach to this as well, which involves basically subbing cmd.exe in place of Utilman.exe in \Windows\System32 (which would obviously require a backup). You would have to do this outside of the currently running Windows beforehand (e.g. in Linux or via an installation/recovery CD). Here would be an example script to use (via Windows):

cd "%SystemRoot%\System32"
ren Utilman.exe Utilman.exe.bak
robocopy cmd.exe Utilman.exe /copyall

After you do that, boot into regular Windows and hit Windows Key+U, and instead of bringing up a set of utilities to help with accessibility, etc., it brings up a System-level command prompt with all the available tools of your system.

Claudia
  • 173
  • Also it's possible to do it inside Windows, without disks, even without rebooting it. Just go to System32, open properties of UtilMan.exe, take all privileges and ownership, and do that steps after it. – Jet Jun 06 '14 at 14:54
  • This is handy if you cannot login to a system and only get to login screen – Vitas Apr 21 '17 at 13:50
1

I would be very careful doing this. SYSTEM is the Administrator account but much, much more dangerous as it has a higher level of access.

Generally, your SYSTEM is the account services run under, not an interactive profile. There are ways to do this though.

Reading through this I think we have a good approach:

  1. Check the name of the account you’ve logged into (Click start. You
    will see the name of the account you’ve logged in.)
  2. Launch the command prompt. (Start | Run | cmd | [Enter] )
    in command prompt, create a schedule to run cmd.exe.
    To create a schedule type the following line and hit enter.
    at 10:41 /interactive “cmd.exe”
    this will create a schedule to run cmd.exe at 10:41.
    (Since you are testing, check the time in your system try and add two or three minutes.)Change this time according to your local time
    Hint: you can check if the schedule is placed by typing “at
    and hitting enter after the above step.
  3. Wait for the time you set for the schedule.
    cmd.exe would be launched at the specified time.
  4. After cmd.exe is launched by the scheduled time, press [CTRL] + [ALT] + [DEL] and launch task manager.
    Select “Process” tab, select explorer.exe in the process list and click “End Process” button.
    You will receive a confirmation dialogue. Click “Yes” to end the process.
  5. Close task manager by clicking the close (X) button.
    Close the first cmd window (be careful to close the first one not the second one.)
  6. Now you have only the second command prompt window and an empty desktop.
    In command prompt type the following line and hit “Enter”
    cd ..
  7. In command prompt type the following line and hit “Enter”
    explorer.exe
    If this is the first time you do it, windows creates the necessary
    components for you to access System ( Desktop, start menu,
    My document)
    when it’s finished you will have a new desktop.
  8. Close command prompt window. Click start and check your username.
    It’s changed to System.
    Now you are a super-power user. Be careful not to harm your PC and delete or modify system files if you don’t know what you are doing.

The other option would be to run your script as a service.

Austin T French
  • 10,571
  • 2
    at doesn't work in Windows 7. – stephenwade Jul 01 '13 at 14:39
  • 1
    at runs on my Windows 7 machine. What doesn't work for you? – uSlackr Jul 01 '13 at 15:44
  • 3
    Here’s another (quicker?) way to terminate your explorer process in Windows 7:  Click on Start.  Move the mouse to the right side of the menu (where “Run” and “Log off” are).  (Ctrl)+(Shift)+(right click); click on “Exit Explorer”. – Scott - Слава Україні Aug 19 '13 at 23:33
  • 3
    C:\Windows\system32>at 23:56 /interactive "cmd.exe" Warning: Due to security enhancements, this task will run at the time expected but not interactively. Use schtasks.exe utility if interactive task is required ('schtasks /?' for details). Added a new job with job ID = 1 http://blogs.technet.com/b/askds/archive/2008/10/22/getting-a-cmd-prompt-as-system-in-windows-vista-and-windows-server-2008.aspx – Dagelf Apr 28 '15 at 21:57
  • Link in the comment above has been moved to https://docs.microsoft.com/en-us/archive/blogs/askds/getting-a-cmd-prompt-as-system-in-windows-vista-and-windows-server-2008 – jkmartindale May 27 '22 at 21:41