How do you run CMD.exe under the Local System Account?
Though I haven't personally tested, I have good reason to believe that the above stated AT COMMAND solution will work for XP, 2000 and Server 2003. Per my and Bryant's testing, we've identified that the same approach does not work with Vista or Windows Server 2008 -- most probably due to added security and the /interactive switch being deprecated.
However, I came across this article which demonstrates the use of PSTools from SysInternals (which was acquired by Microsoft in July, 2006.) I launched the command line via the following and suddenly I was running under the Local Admin Account like magic:
psexec -i -s cmd.exe
PSTools works well. It's a lightweight, well-documented set of tools which provides an appropriate solution to my problem.
Many thanks to those who offered help.
- Download psexec.exe from Sysinternals.
- Place it in your C:\ drive.
- Logon as a standard or admin user and use the following command:
cd \
. This places you in the root directory of your drive, where psexec is located. - Use the following command:
psexec -i -s cmd.exe
where -i is for interactive and -s is for system account. - When the command completes, a cmd shell will be launched. Type
whoami
; it will say 'system" - Open taskmanager. Kill explorer.exe.
- From an elevated command shell type
start explorer.exe
. - When explorer is launched notice the name "system" in start menu bar. Now you can delete some files in system32 directory which as admin you can't delete or as admin you would have to try hard to change permissions to delete those files.
Users who try to rename or deleate System files in any protected directory of windows should know that all windows files are protected by DACLS while renaming a file you have to change the owner and replace TrustedInstaller which owns the file and make any user like a user who belongs to administrator group as owner of file then try to rename it after changing the permission, it will work and while you are running windows explorer with kernel privilages you are somewhat limited in terms of Network access for security reasons and it is still a research topic for me to get access back