Open main menu

SYSTEM user Command Prompt

Sometimes while testing or debugging scripts and applications, it is useful to run programs as the SYSTEM user (also called NT AUTHORITY\SYSTEM or LocalService account). This is the user context under which most services run. So, for example, if one is testing a workstation startup script, he would want to execute it as the SYSTEM user since that is the user account that runs system startup scripts.

Usage

Copy and paste the following lines into a text file and save it as systemcmd.bat. When you execute the script, you should be presented with a Command Prompt with a current working directory of c:\windows\system32. 

@ECHO OFF
::  systemcmd.bat
::
::  This bat file starts a command window (cmd.exe) under the SYSTEM (aka LocalSystem)
::  user context.  Running this script requires Administrator rights on the local 
::  workstation.

>NUL 2>NUL sc create systemcmd binpath= "cmd /C start" type= own type= interact
>NUL 2>NUL net start systemcmd
>NUL 2>NUL sc delete systemcmd


To verify that it worked, run the command set user at the prompt. The output should look like this: 

c:\windows\system32>set user
USERPROFILE=C:\Documents and Settings\LocalService

c:\windows\system32>

Use Cases

Verify Network Share Access

So to verify that the SYSTEM user has read access to the wpkg directory and/or the software installer directories, you can run something like this: 

c:\windows\system32>dir \\server\share\wpkg
 Volume in drive \\server\share is DATA
 Volume Serial Number is XXXX-XXXX

 Directory of \\server\share\wpkg

10/27/2010  09:12 AM    <DIR>          .
10/27/2010  09:12 AM    <DIR>          ..
09/26/2009  12:31 AM            40,003 Changelog
09/07/2009  10:59 AM            25,524 config.xml
06/04/2010  06:30 AM    <DIR>          hosts
03/26/2010  10:48 AM               627 hosts.xml
08/17/2010  03:23 PM    <DIR>          packages
03/26/2010  10:49 AM             2,152 packages.xml
06/17/2010  09:30 AM    <DIR>          profiles
03/26/2010  10:46 AM               540 profiles.xml
05/12/2010  02:51 PM             2,713 setServer.bat
05/05/2010  08:52 AM    <DIR>          tools
10/27/2010  09:12 AM             1,950 wpkg.bat
05/13/2010  07:26 AM           232,007 wpkg.js
03/29/2010  09:32 AM    <DIR>          xsd
               8 File(s)        305,516 bytes
               7 Dir(s)  49,194,672,128 bytes free

c:\windows\system32>

If you get Access is denied, then you need to check the share and NTFS permissions. If you are on a Windows domain, you can set the NTFS permissions to allow read access from "Domain Computers" and the share permissions to allow "Everyone" full control (or you can just add "Domain Computers" to the share permissions).

Windows Explorer

Sometimes it it handy to browse the file system with Windows Explorer instead of the command line. However, simply starting explorer.exe will just open a new Explorer window running as the logged-in-user (not the SYSTEM user). This command will start a separate explorer.exe process running as the SYSTEM user: 

c:\windows\system32>explorer.exe /separate
Last modified on 18 November 2010, at 15:49