Run Cmd or any process as System account on Windows

Run Cmd or any process as System account on Windows

Unlike Linux and unixes systems, there is no obvious built-in way to run a process as root on Windows, and there’s normally no need for it. But whatever are your reasons, it is still possible and may come in handy (for example if you want to kill a stubborn process or see what’s inside C:\System Volume Information without messing with the permissions). We’ll show you how to do it, and we know two ways to achieve this.

The System account

On all the Windows NT family, the root user is System, also known as “NT AUTHORITY\System”. On a local system, there is no user with higher privileges than the System account. For example, the NT Kernel is run with System user, as well as most services.

How to run any process as System account

Before Windows Vista

The first way is built-in inside Windows and works for all Windows NT before Vista (so it includes XP and Server 2003 for example). If your version of Windows is older or equal to Windows Vista, please use the second way.

Let’s say it’s 13:36 and you need to run a command as System user. You can use the “at” command to run a scheduled task with the System account:

at 13:37 /interactive cmd.exe

This will result in the cmd.exe process to be run at precisely 13:37 as System user. You can of course replace cmd.exe with any other executable path.

From Windows NT 4 to Windows 10

The second one should work for all the Windows NT family (tested from XP to Windows 10, but should also work for Windows NT 4 and Windows 2000 – untested by us). You will need the Microsoft’s SysInternal suite. Download the .zip and extract it somewhere, for example in C:\bin. Then you can add C:\bin to your PATH if you want for easy access. Once that’s done, follow these steps:

  1. Open a command prompt (Cmd.exe) with Administrator privilèges. For example with Windows 10, you can search “cmd” in the start menu, right-click “cmd.exe” and choose “Run as Administrator”.
  2. Once you got rid of the UAC prompt, you should get a window like this:
  3. Type:
    cd c:\bin   (optional if you added C:\bin to your PATH)
    psexec -i -s cmd.exe

    -i is for running a task in interactive mode (so that it will accept user input)
    -s is for running a task with System user

  4. It should display another command prompt:
  5. Type the following to ensure the new command prompt is run as System user:
    whoami

    It should display something like:

  6. Now you can type any command and they will be run as the System user! Alternatively, you can type psexec -i -s yourcommand where yourcommand is a valid command (for example: calc.exe)

Leave a Reply

Your email address will not be published. Required fields are marked *

*