There is an account in Microsoft Windows that is more powerful than the Administrator account in Windows Operating Systems. That account is called System account it is similar to the root OR super user in the Linux/Unix world . I will show you how to access this system account in this article.
You can use this facility for removing programs that are causing problems to your system, malware etc.
Introduction
If you look at the task manager (which can be launched by pressing [CTRL]+[ALT]+[DEL]) you will see some processes that are running with System level privileges. Even the Administrator account is unable to do some of the things a system account can do.
System is the highest account in Windows (like root),You can be a super power user by accessing the system account (even while you are logged in as a restricted user)
Note: Accessing system account may cause serious problems.
Leave this tread and don’t follow the rest of this topic
if you don’t know what you are doing. I am not liable for any problems caused by accessing the system account
Local system differs from an administrator account in that it has
full control of the operating system, similar to root on a Unix
machine. Most system processes are required by the operating
system, and cannot be closed, even by an administrator account;
attempting to close them will result in an error message.
In Windows NT and later systems derived from it (windows 2000,
Windows XP, Windows servers 2003 and Windows Vista), there may
or may not be a superuser. By default, there is a superuser named
Administrator, although it is not an exact analogy of the Unix
root superuser account. Administrator does not have all the
privileges of root because some superuser privileges are assigned
to the Local System account in windows NT/XP.
What you gain by accessing System account?
Local privilege escalation is useful on any system that a hacker
may compromise; the system account allows for several other
things that aren’t normally possible (you can reset passwords, resetting administrator passwords is also possible)
You can even login to System and lock administrator account out by
editing group policy or other tools in windows.
How to access System:
Note : Don’t follow the procedure bellow if you don’t know what you
are doing. You may harm your PC. If you follow, Do it on your own risk.
- Check the name of the account you’ve logged into (Click start. You
will see the name of the account you’ve logged in.) - Launch the command prompt. (Start | Run | cmd | [Enter] )
in command prompt, create a schedule to run cmd.exe.
To create a schedule type the following line and hit enter.
at 10:41 /interactive “cmd.exe”
this will create a schedule to run cmd.exe at 10:41.
(Since you are testing, check the time in your system try and add two or three minutes.)Change this time according to your local time
Hint: you can check if the schedule is placed by typing “at“
and hitting enter after the above step. - Wait for the time you set for the schedule.
cmd.exe would be launched at the specified time. - After cmd.exe is launched by the scheduled time, press [CTRL] + [ALT] + [DEL] and launch task manager.
Select “Process” tab, select explorer.exe in the process list and click “End Process” button.
You will receive a confirmation dialogue. Click “Yes” to end the process. - Close task manager by clicking the close (X) button.
Close the first cmd window (be careful to close the first one not the second one.) - Now you have only the second command prompt window and an empty desktop.
In command prompt type the following line and hit “Enter”
cd .. - In command prompt type the following line and hit “Enter”
explorer.exe
If this is the first time you do it, windows creates the necessary
components for you to access System ( Desktop, start menu,
My document)
when it’s finished you will have a new desktop. - Close command prompt window. Click start and check your username.
It’s changed to System.
Now you are a super-power user. Be careful not to harm your PC and delete or modify system files if you don’t know what you are doing.
Am once again saying, don’t attempt accessing system account, unless you are an experienced Windows user.
System Account : Further Links
I’ve been messing around with admin and setting up alot of group policies lately, but there was always a few things i couldnt get to cause it was on System privlages. This is easy and def help. Thanks for the tip.
Comment by Eric — November 14, 2006 @ 5:05 pm
This didn’t work for me cyberhawk recognised this as a virus and screwed my computer over, I had to use a system restore point to continue use. So WARNING to all those who use virus protection, disable it before doing this.
Comment by SilentShadow — January 2, 2007 @ 5:29 am
Why does this start svchost.exe, and not cmd.exe like it was asked?
(the prompt’s titlebar says svchost)
Comment by Karel — January 4, 2007 @ 11:09 pm
After opening cmd.exe i checked it using “at” but a message appeared to me “Access denied”!!! do i have any alternative solutions or or something else.
Thankx anyway
Comment by unknown — February 22, 2007 @ 9:56 am
Change or Reset Any Windows XP Password
Last month, I wrote about automatically cracking the Windows XP password with Ophcrack. In the article, I revealed the simplicity of downloading the Live-on-CD *.iso Linux distribution file and running it at the computer startup.
But sometimes, it is n…
Trackback by hacker not cracker — March 15, 2007 @ 10:29 pm
thanks dude
Comment by ofek — March 31, 2007 @ 3:11 pm
Please join for discussions on topics about The Virtual Reality.
Technology development of The Virtual Reality and its perspectives.
Gnolet.com
Comment by Gnoletcom — April 13, 2007 @ 9:09 pm
That doesn’t work, I mean work but you have to have administrator rights to get the task going, and if you have administrator rights why bother doing that! huh ?
Comment by humm — April 17, 2007 @ 4:18 pm
I got an error message and a reschedule for the next day
Comment by artusa — April 17, 2007 @ 3:59 pm
how do you get to turn on the scheduled tasks in limited accounts in Windows?
Comment by hacker — May 4, 2007 @ 9:51 am
how do you get to turn on the scheduled tasks in limited accounts in Windows?
Comment by hacker2 — May 4, 2007 @ 9:51 am
is there any other way of acessing the system account????
Comment by vidur — May 28, 2007 @ 9:21 am
my parents have locked me out of all the good programs in my pc and i have tried ever trick i can think of to get around it but nothing works. i need a way to give myself administrative privaleges from a limited acount.
Comment by haxzor — June 15, 2007 @ 10:49 pm
Heh, just try to use shutdown -i and terminate remotely a computer in your local network…
Comment by TheOneAndOnly — July 13, 2007 @ 7:37 pm
[...] what u could do is u could use the system account, which is more powerful than an administrator account and then from there u could make ur account an administrator How to gain access to system account the most powerful account in Windows. « The Prince of Darkness…. [...]
Pingback by A Question About IE — August 12, 2007 @ 6:19 am
OK. So if you are a limited user like i was then this is for u
first u open notepad and type:
at 10:41 /interactive “cmd.exe”
then save it as something.bat
then run it
it should work if not ur out of luck
ok now if ur [CTRL]+[ALT]+[DEL] doesnt work then do this
at 10:41 /interactive “taskmgr.exe”
and if that doesnt eork ur also out of luck
then continue with his instructions about explorer.exe and all that
hopefully that works!
Comment by idea — September 21, 2007 @ 7:48 pm
opps forgot to mention that the:
at 10:41 /interactive “taskmgr.exe”
or
at 10:41 /interactive “cmd.exe”
must be in a 24 hour clock time
1:00 = 1:00 am
2:00 = 2:00 am
3:00 = 3:00 am
4:00 = 4:00 am
5:00 = 5:00 am
6:00 = 6:00 am
7:00 = 7:00 am
8:00 = 8:00 am
9:00 = 9:00 am
10:00 = 10:00 am
11:00 = 11:00 am
12:00 = 12:00 noon
13:00 = 1:00 pm
14:00 = 2:00 pm
15:00 = 3:00 pm
16:00 = 4:00 pm
17:00 = 5:00 pm
18:00 = 6:00 pm
19:00 = 7:00 pm
20:00 = 8:00 pm
21:00 = 9:00 pm
22:00 = 10:00 pm
23:00 = 11:00 pm
24:00 = 12:00 midnight
minutes stay the same its just hours that change
so there u go
now thats y it reschedules for tammaro because u put it in as 10:41 instead of 22:41
Comment by idea — September 21, 2007 @ 8:03 pm
agree this trick is useless when we don’t have administrator account.
looking for something that work for user with poweruser account.
that will be great…
Comment by fxsuprapto — October 4, 2007 @ 6:13 am
hi i didny get the files that wer ment to b in my documents can ne 1 help or tell me wer thy might b?? bell-2k7@hotmail.co.uk thanx very much
Comment by john — December 17, 2007 @ 8:30 am
hey, this is sweet, and i got it to work, however, im wondering how/if its possible to put everything back to the way it was?? without use of sumthing like norton go-back??
Comment by jelloman — February 3, 2008 @ 9:48 pm
Hello kiddies! If you want to take over yur computer and you are not an administrator, do the following:
1. go to the cmd prompt and type “net user” (without quotes)
2. you will see list of users; determine which one is administrator; it may be listed as xadministrator, administrator, etc. & should be last on list
3. now type at cmd prompt “net user administrator *” (without quotes). you will be prompted for a new password; be careful…when you type the new password, it will not be visible so remember it because you will have to confirm it.
4. exit out of cmd prompt, log off then log back in using the administrator’s username and the new password. you are now the administrator of your computer. have fun!!
Comment by hemlock — February 4, 2008 @ 6:00 am
in step 3, make sure you leave a space between words and don’t forget to type the asterisk at the end (shift+8)
Comment by hemlock — February 4, 2008 @ 6:02 am
Pretty cool! I couldn’t get it to work with Server 2003 though, only XP.
Comment by SteveJHU — February 22, 2008 @ 9:05 pm
i have come accross a problem
the admin knows what he is doing where i work and has blocked task manager so i cant do the last part
would you know how to open task manager or a way to divert the last part
Comment by warhawkmad1 — March 28, 2008 @ 10:31 pm
typing taskkill /IM explorer.exe /F in first prompt then explorer.exe in the second should do the trick.
Comment by fdsd — April 2, 2008 @ 8:28 pm
Not working getting “Access is Denied”
Comment by Taimur — April 22, 2008 @ 2:54 pm
Not working getting “Access is Denied” whatever I do. Cant boot either with a floppy or CD.
Comment by Taimur — April 22, 2008 @ 2:56 pm
Doesn’t work in Windows Vista and Windows 2008. The at command cannot be run in interactive mode any more. schtasks also does not run cmd.exe in interactive mode.
Any valid way to login into system account in Windows Vista/2008?
Comment by justme — April 26, 2008 @ 6:47 pm
Also got the same problem on vista ultimate, cannot run cmd.exe interactively.
I would like to know how to access system in vista. if somebody has done this, please mail me at kelly.j2@sky.com with the info
Comment by Graham — June 2, 2008 @ 7:38 am
Alright, if you are running a limited account, you can NOT use this running it as your account.
Don’t cry yet.
If you know anyone on the computer with administrative privledges, get them in here.
Go to the actual file for command prompt (C:\Windows\system32\)(scroll down until you see cmd or cmd.exe
Right-click cmd (or cmd.exe) and click “Run as”
Alright, here’s where your administrator helps you.
First, uncheck the “Protect my computer and data from unauthorized program activity”. Then switch to the “Log in as another user” and select the administrator’s account next to you.
Have him log in.
There is the command prompt that is running as his account, and you can use it correctly.
If you have comments: unwantedhate724@aim.com
Comment by Opcticjutso — June 13, 2008 @ 2:33 am
HELP i have done exactly what you have told me but then it just said access denied!
I am running Vista
and i am an administrator
Comment by Chris — August 11, 2008 @ 6:10 pm
psexec -s -i cmd.exe
then u have a shell with SYSTEM permissions, u can start regedt32 interactively from this shell too
(psexec from sysinternal)
Comment by mamali — August 31, 2008 @ 5:34 pm
You guys just don’t understand all these commands need admin access. What’s the point of doing all these to gain admin access if you already have it? man ppl are dum
Comment by asdf — September 9, 2008 @ 8:21 am
“man ppl are dum”
don’t take heavy words for your self, it’s not allright
Comment by ytrewq — September 11, 2008 @ 8:39 am
i have a limited account without privileges to do anything in cmd or change system time is there any way that i can actually view the password not change it theres only one admin priviliged account on my computer
Comment by Hoss — October 10, 2008 @ 12:30 am
[...] found information online which suggests lauching the CMD.exe using the DOS Task Scheduler AT command. Here’s a [...]
Pingback by Run CMD.exe as Local System Account by JohnnyCoder — November 13, 2008 @ 10:56 am
WITH OUT ADMIN LOGIN THIS IS WASTAGE OF TIME
Comment by NAZI — January 1, 2009 @ 3:52 pm
So i did all this on a PC at school just to delete some annoying toolbar that some student downloaded…
after that i shut off the pc and ever since, when i log in with my account, MS Office 2003 update keeps running on and on and on….
its done by “application explorer” and it normally does it 1 time at start-up (duh) but now i get the pop up like every 10 sec.
saying something like Processing script: running post launch script
how can i undo this?
Comment by N00b — February 10, 2009 @ 1:57 pm
Cant get in task manager?
do this;
Notepad;
regedit
save as .bat
start the bat
go to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\policies\system
disable task manager
edit it or delete it… now u can acces TM
Comment by N00b — February 10, 2009 @ 2:03 pm
>You guys just don’t understand all these commands need admin access.
>What’s the point of doing all these to gain admin access if you
>already have it? man ppl are dum
>Comment by asdf — September 9, 2008 @ 8:21 am
The point is they are trying to access an account with higher than Admin rights.
Then they can modify their limited access account on the sly or at least be able to
goof off on the computer using an account they haven’t got the right to be in.
Hey idiots, when you do get system rights, open cmd prompt and type “format c:”!
And if warhawkmad1 is still trying to change his work computer on the sly,
you deserve to be fired.
Especially in an economy as lousy as this one.
If you have a legitimate reason to change the computer the Admin will do it for you.
Comment by Dave — February 13, 2009 @ 8:17 am
When I type in:
at 10:44 /interactive “cmd.exe”
It tells me Access is denied…
Is there anything Ican do to get around this?!
Comment by Alistair — February 24, 2009 @ 4:16 pm
Tested and working a month ago, but the school has completely blocked command prompt through group policy across the entire campus domain. Is there a way to get Task Scheduler to run /interactive without using command prompt? Or use another system-level program to start explorer?
Comment by Louie — April 22, 2009 @ 7:03 pm
this time i got it.
the net user method worked….
thk u
thk u
thk u
Comment by rajesh — April 28, 2009 @ 9:57 pm