ChunkDog Posted December 23, 2005 Share Posted December 23, 2005 Well, I tried to search the forum about this, but came up dry.I would like to be able to run programs on an nt system using the local "System" account. I have tried out psexec from sysinternals, but it does not seem to work for my needs. I mainly would like to run Windows Explorer using the system account, and a few other thiongs as well. Any help or ideas would be great. Thanks in advance.Title Edited - Please follow new posting rules from now on.--Zxian Link to comment Share on other sites More sharing options...
cluberti Posted December 23, 2005 Share Posted December 23, 2005 It can be done, but why would you want to? Link to comment Share on other sites More sharing options...
_tru_ Posted December 24, 2005 Share Posted December 24, 2005 I think i know what your talking about, when you turn the logon screen saver into a command prompt, and log out and wait for the screen saver you will then get a dos, then open the task manager, (taskmgr.exe) then open the explorer.exe from the taskmanager Link to comment Share on other sites More sharing options...
purg99 Posted December 24, 2005 Share Posted December 24, 2005 (edited) Intresting question that is normally asked around exploitingIf im wrong and you get no luck I know of an exploit that uses a built in account for one off programs but isnt usable.A better way uses the flawed AT command. It runs as a service so anything run from it runs as "NT_AUTHORITY/System" unless you us /uat 00:25 /interactive c:\windows\system32\cmd.exe--------------------------read above for the first howtomust have been typing, anyway both end up using "NT_AUTHORITY/System"-------------------------- Edited December 24, 2005 by purg99 Link to comment Share on other sites More sharing options...
ChunkDog Posted January 4, 2006 Author Share Posted January 4, 2006 (edited) Thank you far all the replies, good stuff. I have finally found a correct way to do it. PSEXEC is needed, and some knowledge about windows. Basically the problem I was having before when using PSEXEC was that when you load windows explorer, it inherits permissions from the original copy loaded when logging into the system. For example, If I log into the system as "user", the first copy of explorer is loaded with "user" account's privileges, so when running explorer again to view Windows Explorer, it has to inherit the permissions from the originally loaded explorer.exe, wich in this scenario is "user". The workaround is to logon normaly, then end the task "explorer.exe", then load a command prompt for the PSEXEC command. Now we cxan load explorer.exe with local system rights with the command:psexec -s -i -d c:\windows\explorer.exe This will reload explorer with system rights. Give it a try! Edited January 4, 2006 by ChunkDog Link to comment Share on other sites More sharing options...
jftuga Posted January 4, 2006 Share Posted January 4, 2006 This is interesting. The only way I ever knew how to do this was similar to the at command. I used the same comcept -- creating a Scheduled Task that used the System Account.-John Link to comment Share on other sites More sharing options...
ChunkDog Posted February 9, 2006 Author Share Posted February 9, 2006 I thought I'd bump this because I want more people to see it. Sorry if this against the rules Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now