MS-DOS and Windows command line command wmic

Administrator rights are not enough to perform certain actions in Windows. For example, you cannot replace certain registry keys when deleting the system and files, stopping system services, or performing other potentially harmful actions that could affect the stability of the corresponding operating system. In these cases, the system administrator can take ownership of files or other objects, or perform actions on behalf of the agreement account. In this article, we’ll take a look at how an app or command prompt and the SYSTEM (LocalSystem) privileged account still work on Windows 10.

The built-in SYSTEM account is only used by the SCM (Service Control Manager) to start and manage the solution’s services. When using the system user account (also known as NT AUTHORITY\SYSTEM, Local System, or Computer\LocalSystem), most software services and processes are chargeable (including the NT OS kernel). Open the System Management MMC snap-in (services.msc) and usually the services for which the LogOn columnAs” is “Local System”. These providers operate under the trading account SYSTEM.

How Do I Run CMD Under A Local System Account On Windows (pre-Vista Versions)?

In Windows XP, but Windows 2003 Server (which is long out of support) there was an interesting switch that allowed you to run the appropriate program or interactive Swift command (cmd.exe) with the task scheduler system. privilege. It was possible to open a command prompt with an administrator account and run most of the following commands:

where 10:23 is the hottest hour + one minute (in my 24-hour clock)

After the specified time has elapsed, a command prompt will appear running under the local system account. If you run this command in a terminal (RDP) session on Windows Server Note 2003/xp, the command line with system privileges usually appears separately in the console session (you can access it with mstsc /console or mstsc/admin).

Windows 10 does not support launching an interactive command line using the at command. Instead, it is recommended to work with schtasks.exe.

Pwarning. For security reasons, the job will run at the scheduled time, but not interactively.
Use the internal processing of schtasks.exe when an interactive task is required ('schtasks /?' for details).
The request is definitely not supported.

How To Run CMD /Process As SYSTEM On Windows 10 Using PSExec?

In Windows 7 or later, the fun command line cannot run as often as the system account with the task scheduler. You can use the Sysinternals PSExec.exe utility to run commands as NT Authority\System.

You can usually download the PSExec.exe tool from the Microsoft website: Every Windows administrator is familiar with PSExec. In most cases, it is used to control Windows remotely, and also has a useful feature for running processes on behalf of the system account. Some antivirus programs may identify PSExec.exe as a potentially malicious package (by the way, psexec was used to spread the notorious Notpetya virus).

PSExec does not need to be installed. Open an accelerated team from higherthese privileges (“Run as administrator”), navigate to the folder where PSexec.exe is located, and run the following command:

-i – start the process/application in interactive mode (the user interacts with the application on the desktop, if you do not specify a specific parameter, the process is launched in the corresponding console session),

–s means that your process (in this case, the query request) should run as the system account.

The first time you open PsExec, you will be prompted to accept a driver’s license agreement.

After running the command, beginners will see a command prompt window running under NT Authority\System Advantage. Make sure it’s true and run this command:

Therefore, you can run any program, command, or script with the system account. Simply replace cmd.exe in the PsExec parameter with the name of the software package executable you want to run.

Usually in the Command Prompt window, which is an acronym, you can run any command containing SYSTEM. Now you can editRename, rename, or delete system files/registry keys owned by TrustedInstaller or SYSTEM. Any programs or processes shown in this window run with elevated LocalSystem privileges. For example, we can stop a system service and close a file opened by a system process.

If you receive the error “Failed to install PSEXESVC” please check the following:

  • Command line started for administrator;
  • Another PSEXESVC service instance is down
  • There are also a number of third-party mobile tools in png for running applications on behalf of the system account (AdvancedRun, RunAsSystem, PowerRun), but I see no reason to use them. First, they are third-party, and you and your family cannot be sure that they contain little malicious code. In addition, you can easily get by with the official utilityRead Microsoft PsExec. PSExec,

    You can use to open an interactive command prompt on a remote computer with NT AUTHORITY\SYSTEM permissions. To do this, we use our own command:

    /NAMESPACE NAMESPACE is the path to the namespace for which the alias is being used. Namespaces are always relative. That is, if a namespace does not start with “\\”, it is assumed to be comparable to the current namespace. USAGE:


    /ROLL ROLL 2 . Path to the role that contains alias definitions for finding the utility session.


    NOTE. Roles are namespaces that should be treated the same, i.e. relative paths should behave appropriately (default namespace

    < /td>
    /NODE NODE – Specify the servers against which the alias is protected.


    /NODE:NOTE: ::=< @ filename | Computer ID > | <@filename | tools<,machine id> id list>

    NOTE. If the value contains special parts such as “-” or “/”, enclose the switch value in double safety quotes.< /p> /IMPLEVEL IMPLEVEL – Specify at what level the command line should be impersonated. The default is Impersonation.



    Various impersonation levels:
    Level< br> ——————
    Impersonate< br> Delegate

    Note. Use the / AUTHORITY flag based on the authorization type specification.

    /AUTHLEVEL AUTHLEVEL – Specify the level that the command line must have for authentication. The default is “Pktprivacy”.



    Various authentication levels:
    – —- – – —

    /LOCAL LOCALE – Specify the English locale identifier when using the command line.


    Index: A parameter specifying the “LOCALE” radio button can be associated with a form MS_XXX. Where
    is XXX for English 409, XXX for Finnish 40b.

    /PRIVILEGES PRIVILEGES – enable or disable all privileges.


    Valid values ​​for

    /TRACER TRACE. Specify whether to copy debug information from the results to stderr during processing, most commonly associated with the query(s).



    /SAVE RECORD – Writes all WMIC searches and output commands to an XML file.



    /INTERACTIVE INTERACTIVE – Sets or resets the collaborative mode. USAGE:


    /REJECT FAILFAST – Sets or resets all FailFast modes.



    MS-DOS and Windows command line command wmic
    Scroll to top