How do you run CMD.exe under the Local System Account?

windows-services user-accounts
Ben Griswold picture Ben Griswold · Sep 16, 2008 · Viewed 345.7k times · Source

I'm currently running Vista and I would like to manually complete the same operations as my Windows Service. Since the Windows Service is running under the Local System Account, I would like to emulate this same behavior. Basically, I would like to run CMD.EXE under the Local System Account.

I found information online which suggests lauching the CMD.exe using the DOS Task Scheduler AT command, but I received a Vista warning that "due to security enhancements, this task will run at the time excepted but not interactively." Here's a sample command:

AT 12:00 /interactive cmd.exe

Another solution suggested creating a secondary Windows Service via the Service Control (sc.exe) which merely launches CMD.exe. 

C:\sc create RunCMDAsLSA binpath= "cmd" type=own type=interact
C:\sc start RunCMDAsLSA

In this case the service fails to start and results it the following error message:

FAILED 1053: The service did not respond to the start or control request in a timely fashion.

The third suggestion was to launch CMD.exe via a Scheduled Task. Though you may run scheduled tasks under various accounts, I don't believe the Local System Account is one of them.

I've tried using the Runas as well, but think I'm running into the same restriction as found when running a scheduled task.

Thus far, each of my attempts have ended in failure. Any suggestions?

Answer

Ben Griswold picture Ben Griswold · Sep 17, 2008

Though I haven't personally tested, I have good reason to believe that the above stated AT COMMAND solution will work for XP, 2000 and Server 2003. Per my and Bryant's testing, we've identified that the same approach does not work with Vista or Windows Server 2008 -- most probably due to added security and the /interactive switch being deprecated.

However, I came across this article which demonstrates the use of PSTools from SysInternals (which was acquired by Microsoft in July, 2006.) I launched the command line via the following and suddenly I was running under the Local Admin Account like magic:

psexec -i -s cmd.exe

PSTools works well. It's a lightweight, well-documented set of tools which provides an appropriate solution to my problem.

Many thanks to those who offered help.

Related questions

Start / Stop a Windows Service from a non-Administrator user account

I have a WindowsService named, say, BST. And I need to give a non-Administrator user, UserA, the permissions to Start/Stop this particular service. My service runs on a variety of Windows OS, starting from Windows Server 2003 to Windows 7. How …

Read More
Error in installing Windows service developed in .NET

I have developed a windows service using C# and Visual Studio 2008. I have Windows XP SP2 installed on my machine. When I try to install the service using the installutil tool, after entering the username and password, I get the …

Read More
How do I uninstall a Windows service if the files do not exist anymore?

How do I uninstall a .NET Windows Service, if the service files does not exists anymore? I installed a .NET Windows Service using InstallUtil. I have since deleted the files but forgot to run InstallUtil /u first. So the service …

Read More