Mike Howells's Blog

Just another WordPress.com site

Running a Command Prompt as NT AUTHORITY\SYSTEM

Posted by mikehowells on February 12, 2011

I recently ran into a situation where I was using the SysInternals tool ProcDump to write a dump file to be examined for a memory leak.

The problem started when trying to run ProcDump against the process oracle.exe. The error message was “Access denied.”

I was an administrator on the server so how could I become more powerful than an administrator?

The answer comes in the form of opening a command prompt as NT AUTHORITY\SYSTEM, which will then grant us the authority to access the oracle.exe process to create a dump file.

The first step is to download the Sysinternals tool PsExec from the below URL:

http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

Extract PsTools.zip to a folder on your hard disk.

Launch a command prompt as administrator (right-click the command prompt shortcut):

In the command prompt navigate to the folder containing the PsTools.zip extracted data.

We will now launch PsExec.exe with the -i and -s switches to launch the program interactively using Local System.

psexec.exe -i -s %SystemRoot%\system32\cmd.exe

Type whoami at the newly opened command prompt and you will see that you are now running as NT AUTHORITY\SYSTEM:

You can now execute ProcDump against the process that you were previously denied access to and complete your work.

Note: If your system does not have whoami.exe, you can typically find this program as a separate download via the resource kit or support tools appropriate to your Microsoft operating system.

Advertisements

7 Responses to “Running a Command Prompt as NT AUTHORITY\SYSTEM”

  1. Vik said

    Hey Mike, thanks for this valuable info..it really helped.

  2. Jim Link said

    The /accepteula switch fixed my issues. I had accepted the EULA for my logged in user, but not the SYSTEM user and it took me an hour or so to realize what the problem was as no error was being logged (since I was using the -d switch).

  3. Hey this is kinda of off topic but I was wanting to know if blogs use WYSIWYG editors or if you have to manually code with HTML.
    I’m starting a blog soon but have no coding know-how so I wanted to get guidance from someone with experience. Any help would be greatly appreciated!

  4. […] Of course, there is no reason given for the failure. But, after performing some research on canceling BITS jobs, it appears that you have to be logged in as the user who created the BITS job. So, how do you log in as NT AUTHORITYSYSTEM? I actually blogged about this in 2011 in this blog article here: https://mikehowells.wordpress.com/2011/02/12/running-a-command-prompt-as-nt-authoritysystem/ […]

  5. Great insight! It saved my life while I was trying to recover a lost sa password, and my only option left was to work from the command line as NT AUTHORITY\SYSTEM. A million thanks!

  6. […] could also always just open up a shell as NT-Authority and access them that […]

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: