Thursday 5 July 2012

Running cmd.exe as NT Authority\System on Windows 8

To my surprise Microsoft blocked all normal routes to start an executable in interactive mode as the SYSTEM account. Admittedly you don't need it, but it's interesting that they have disabled running a process in interactive mode with the following usual methods:

at                  (The old way of scripting / creating scheduled tasks from the CLI, it's now depreciated)
schtasks       (The new way of scripting / creating scheduled tasks from the CLI)
sc                 (The CLI Service creation/editing/deletion tool)

You obviously can't use runas as it wants a password and there is no tangible SYSTEM account password to use!

However, I've found that using PsExec from Sysinternals works! This is the almighty command:
psexec -i -s cmd.exe

Replace cmd.exe with your favourite executable.

Of course Microsoft have made this change for security reasons.

No comments:

Post a Comment