Two ways to launch a Windows Command Prompt as user SYSTEM

Home > Blogs > Windows 8 > Two ways to launch a Windows Command Prompt as user SYSTEM

Two ways to launch a Windows Command Prompt as user SYSTEM

1 5Mark Jacob
Added by August 12, 2015

This blog explores two ways to launch a command prompt as user SYSTEM in Windows. It applies to Windows 7/8 and Server 2008/2012 (Windows 10 has a slightly different method). That is not to say you can’t do this in previous versions of Windows, but in earlier versions it was much easier to accomplish what you are about to see.

Why would I need this? you may ask. “I am already an administrator and I have all the power.” Dismayingly this is not true – the SYSTEM account is even more powerful than the Administrator account. It is much like ROOT in Linux. You have enough power to actually damage the OS, which also means one should take great care when exercising this power. Typing commands that may cause you to drop out of your support plan with Microsoft is not a career-extending activity, so I suggest trying this out in a test environment where collateral damage is minimized. Warning aside, with this power you can debug scripts that aren’t functioning correctly, stop unstoppable services (sound like a Superman reference), and many other tasks which are not ordinarily available to the Administrator account. Let’s begin.

The first method requires the installation of PsExec, which is a component of the PsTools download provided by Mark Russinovich PsExec v2.11. Once you have downloaded this and extracted it to a folder, you can proceed to the next step. Launch CMD as an administrator and navigate to the folder where you unzipped PsTools.zip. If you want to take a look at your options, type psexec /?. The output is shown in figure 1.

001-launch-Windows-Command-Prompt-as-SYSTEM

Figure 1

Type the following command:

psexec –i –s CMD (not case-sensitive)

This will open a new command prompt window which doesn’t look all that impressive on the surface. However, note which user account holds sway within this window (Figure 2 below):

You may also like:  Performance testing and monitoring using free tool NTttcp from Microsoft

002-launch-Windows-Command-Prompt-as-SYSTEM

Figure 2

Notice that you now can type commands as if you are SYSTEM! Feel the power! For example, using the sc command, check for a service that is listed as UNSTOPPABLE and disable it (it will likely still not allow you to stop it directly, but disabling it and rebooting accomplishes the same task). My current box has no services running that are unstoppable, but figure 3 demonstrates where you to look to see it.

003-STOPPABLE-launch-Windows-Command-Prompt-as-SYSTEM

Figure 3

The second method may be to your liking as well. It involves creating a test service (to be used just for the purpose of creating the CMD window with the SYSTEM credentials) and then starting this service. Create the service with this command:

sc create cmdsvc binpath= “cmd /K start” type= own type= interact

The word after ‘create’ is what you have named your new service – feel free to give it any (unused) name you desire. In this command, the service name is cmdsvc.

Now to start the service: sc start cmdsvc

If you are running Windows 7, this will cause an icon to appear on your taskbar demanding your attention. If you click on it, this window appears:

004-sc-start-cmdsvc-Windows-Command-Prompt-as-SYSTEM

Figure 4

Select ‘View the message’ and your desktop briefly disappears and the screen is blank except for your new command prompt window. Once again, verify your status with the whoami command and see that you are once again wielding the awesome power of the SYSTEM account.

If you leave this window up for several minutes, you will end up getting logged off. To prevent this, do what you need to do in this window and then exit to get back to your familiar desktop.

You may also like:  Using Deployment Image Servicing and Management (DISM.EXE) tool to convert to the Full Graphical Shell in Server 2012 R2 Datacenter

If you are running an OS higher than Windows 7, you will NOT see the above message, rather you will see an error message. To complete this same process in that situation involves a registry modification. Proceed with caution if you are not one to regularly change the registry as system damage can occur. Otherwise, take a deep breath a perform the following. Type regedit or regedt32 to get to the registry. then navigate to this location:

HKLM\System\CurrentControlSet\Control\Windows

Once there, look for DWORD titled NoInteractiveServices, and change its value from ‘1’ to ‘0’ and then close the registry.

Now to start the service you just enabled, which is the Interactive Detection Service.

sc start ui0detect

Now you can return to the command above with which you created your sample service and start it, because now it will work.

sc start cmdsvc

Now that the Interactive Detection Service is running, the behavior will match the behavior I described above for Windows 7.

I once again suggest using this in a test environment or on lab-type computers as serious damage can be done – unintentionally, of course – when you are typing with SYSTEM authority.

If you have any comments or questions, please feel free to post them….

Until next time.

Mark Jacob
Cisco and CompTIA Network + Instructor – Interface Technical Training
Phoenix, AZ

Videos You May Like

Agile Methodology in Project Management

0 60 0

In this video, you will gain an understanding of Agile and Scrum Master Certification terminologies and concepts to help you make better decisions in your Project Management capabilities. Whether you’re a developer looking to obtain an Agile or Scrum Master Certification, or you’re a Project Manager/Product Owner who is attempting to get your product or … Continue reading Agile Methodology in Project Management

Subnetting a TCP/IP Network using the Magic Box Method

0 373 2

In this session, we are going to look at how to subnet a Class B address into multiple network segments using what's called The Magic Box. Let's run through this real quick.

Detailed Forensic Investigation of Malware Infections – April 21, 2015

2 193 1

In this IT Security training video, Security expert Mike Danseglio (CISSP / CEH) will perform several malware investigations including rootkits, botnets, viruses, and browser toolbars.

Write a Comment

See what people are saying...

  1. richard

    reg add “HKLM\System\CurrentControlSet\Control\Windows” /v NoInteractiveServices /t REG_DWORD /d 1 /f

    sc stop ui0detect

    sc stop cmdsvc

    sc delete cmdsvc

  2. Michael

    Very helpful, however it would be nice for some explanation on how to ‘undo’ what was done in order to create the service. I did delete the service using sc but the Interactive Services Detection is still popping up with the “View this message” dialog.

  3. Thanks

    Thank you Sir.

  4. Kelli

    God help me, I put aside a whole afotrneon to figure this out.

  5. Pingback: How to launch a Command Prompt as SYSTEM In Windows 10

Share your thoughts...

Please fill out the comment form below to post a reply.