108.bz » OS Internals http://www.108.bz Wandering futilities... Fri, 27 May 2011 09:08:43 +0000 en hourly 1 http://wordpress.org/?v=3.1.1 Executing processes as the SYSTEM user http://www.108.bz/posts/it/executing-processes-as-the-system-user/ http://www.108.bz/posts/it/executing-processes-as-the-system-user/#comments Fri, 08 Jan 2010 22:05:08 +0000 Giuliano http://www.108.bz/?p=179 On MS Windows operating systems, many processes run under the NT AUTHORITY\SYSTEM account, be them scheduled tasks or services.
Sometimes it’s useful to run cmd.exe as the SYSTEM user and see what’s going on. Here’s a nifty trick to do it.

C:\Documents and Settings\giuliano>time /t
17:10

C:\Documents and Settings\giuliano>at 17:11 /interactive cmd.exe
Added a new job with job ID = 1

C:\Documents and Settings\giuliano>

Basically you check what time it is and schedule cmd.exe to run on the next minute. You do that by means of the at.exe OS command.

When the time comes, a Command Prompt window should pop-up. It runs under the SYSTEM account:

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\WINDOWS\system32>whoami
nt authority\system

C:\WINDOWS\system32>

Each process you run from there, also runs as SYSTEM. If you run regedit.exe, for instance, you can import registry data into the SYSTEM user’s hive. Today I used this tecnique to export/import Putty’s settings (they are stored in the registry) in order to make plink.exe, as run from a UPS monitoring Agent, see a pre-configured SSH “Session” (hostname, login username, private key, …). I needed the Agent to shut down a bunch of Linux servers when the battery charge was running low: plink.exe on Windows side and sudo on the Linux one, did the job.

For completness sake, here‘s a post on the same subject. It also deals about Vista/Windows Server 2008 and how to achieve our goal using PsExec.

]]> http://www.108.bz/posts/it/executing-processes-as-the-system-user/feed/ 0