How to gain access to system account the most powerful account in Windows.
There is an account in Microsoft Windows that is more powerful than the Administrator account in Windows Operating Systems. That account is called System account it is similar to the root OR super user in the Linux/Unix world . I will show you how to access this system account in this article.
You can use this facility for removing programs that are causing problems to your system, malware etc.
Introduction
If you look at the task manager (which can be launched by pressing [CTRL]+[ALT]+[DEL]) you will see some processes that are running with System level privileges. Even the Administrator account is unable to do some of the things a system account can do.
System is the highest account in Windows (like root),You can be a super power user by accessing the system account (even while you are logged in as a restricted user)
Note: Accessing system account may cause serious problems.
Leave this tread and don’t follow the rest of this topic
if you don’t know what you are doing. I am not liable for any problems caused by accessing the system account
Local system differs from an administrator account in that it has
full control of the operating system, similar to root on a Unix
machine. Most system processes are required by the operating
system, and cannot be closed, even by an administrator account;
attempting to close them will result in an error message.
In Windows NT and later systems derived from it (windows 2000,
Windows XP, Windows servers 2003 and Windows Vista), there may
or may not be a superuser. By default, there is a superuser named
Administrator, although it is not an exact analogy of the Unix
root superuser account. Administrator does not have all the
privileges of root because some superuser privileges are assigned
to the Local System account in windows NT/XP.
What you gain by accessing System account?
Local privilege escalation is useful on any system that a hacker
may compromise; the system account allows for several other
things that aren’t normally possible (you can reset passwords, resetting administrator passwords is also possible)
You can even login to System and lock administrator account out by
editing group policy or other tools in windows.
How to access System:
Note : Don’t follow the procedure bellow if you don’t know what you
are doing. You may harm your PC. If you follow, Do it on your own risk.
- Check the name of the account you’ve logged into (Click start. You
will see the name of the account you’ve logged in.) - Launch the command prompt. (Start | Run | cmd | [Enter] )
in command prompt, create a schedule to run cmd.exe.
To create a schedule type the following line and hit enter.
at 10:41 /interactive “cmd.exe”
this will create a schedule to run cmd.exe at 10:41.
(Since you are testing, check the time in your system try and add two or three minutes.)Change this time according to your local time
Hint: you can check if the schedule is placed by typing “at“
and hitting enter after the above step. - Wait for the time you set for the schedule.
cmd.exe would be launched at the specified time. - After cmd.exe is launched by the scheduled time, press [CTRL] + [ALT] + [DEL] and launch task manager.
Select “Process” tab, select explorer.exe in the process list and click “End Process” button.
You will receive a confirmation dialogue. Click “Yes” to end the process. - Close task manager by clicking the close (X) button.
Close the first cmd window (be careful to close the first one not the second one.) - Now you have only the second command prompt window and an empty desktop.
In command prompt type the following line and hit “Enter”
cd .. - In command prompt type the following line and hit “Enter”
explorer.exe
If this is the first time you do it, windows creates the necessary
components for you to access System ( Desktop, start menu,
My document)
when it’s finished you will have a new desktop. - Close command prompt window. Click start and check your username.
It’s changed to System.
Now you are a super-power user. Be careful not to harm your PC and delete or modify system files if you don’t know what you are doing.
Am once again saying, don’t attempt accessing system account, unless you are an experienced Windows user.
System Account : Further Links
I’ve been messing around with admin and setting up alot of group policies lately, but there was always a few things i couldnt get to cause it was on System privlages. This is easy and def help. Thanks for the tip.
This didn’t work for me cyberhawk recognised this as a virus and screwed my computer over, I had to use a system restore point to continue use. So WARNING to all those who use virus protection, disable it before doing this.
Why does this start svchost.exe, and not cmd.exe like it was asked?
(the prompt’s titlebar says svchost)
After opening cmd.exe i checked it using “at” but a message appeared to me “Access denied”!!! do i have any alternative solutions or or something else.
Thankx anyway
thanks dude
Please join for discussions on topics about The Virtual Reality.
Technology development of The Virtual Reality and its perspectives.
Gnolet.com
That doesn’t work, I mean work but you have to have administrator rights to get the task going, and if you have administrator rights why bother doing that! huh ?
I got an error message and a reschedule for the next day
how do you get to turn on the scheduled tasks in limited accounts in Windows?
how do you get to turn on the scheduled tasks in limited accounts in Windows?
is there any other way of acessing the system account????
my parents have locked me out of all the good programs in my pc and i have tried ever trick i can think of to get around it but nothing works. i need a way to give myself administrative privaleges from a limited acount.
Heh, just try to use shutdown -i and terminate remotely a computer in your local network…
OK. So if you are a limited user like i was then this is for u
first u open notepad and type:
at 10:41 /interactive “cmd.exe”
then save it as something.bat
then run it
it should work if not ur out of luck
ok now if ur [CTRL]+[ALT]+[DEL] doesnt work then do this
at 10:41 /interactive “taskmgr.exe”
and if that doesnt eork ur also out of luck
then continue with his instructions about explorer.exe and all that
hopefully that works!
opps forgot to mention that the:
at 10:41 /interactive “taskmgr.exe”
or
at 10:41 /interactive “cmd.exe”
must be in a 24 hour clock time
1:00 = 1:00 am
2:00 = 2:00 am
3:00 = 3:00 am
4:00 = 4:00 am
5:00 = 5:00 am
6:00 = 6:00 am
7:00 = 7:00 am
8:00 = 8:00 am
9:00 = 9:00 am
10:00 = 10:00 am
11:00 = 11:00 am
12:00 = 12:00 noon
13:00 = 1:00 pm
14:00 = 2:00 pm
15:00 = 3:00 pm
16:00 = 4:00 pm
17:00 = 5:00 pm
18:00 = 6:00 pm
19:00 = 7:00 pm
20:00 = 8:00 pm
21:00 = 9:00 pm
22:00 = 10:00 pm
23:00 = 11:00 pm
24:00 = 12:00 midnight
minutes stay the same its just hours that change
so there u go
now thats y it reschedules for tammaro because u put it in as 10:41 instead of 22:41
agree this trick is useless when we don’t have administrator account.
looking for something that work for user with poweruser account.
that will be great…
hi i didny get the files that wer ment to b in my documents can ne 1 help or tell me wer thy might b?? bell-2k7@hotmail.co.uk thanx very much
hey, this is sweet, and i got it to work, however, im wondering how/if its possible to put everything back to the way it was?? without use of sumthing like norton go-back??
Hello kiddies! If you want to take over yur computer and you are not an administrator, do the following:
1. go to the cmd prompt and type “net user” (without quotes)
2. you will see list of users; determine which one is administrator; it may be listed as xadministrator, administrator, etc. & should be last on list
3. now type at cmd prompt “net user administrator *” (without quotes). you will be prompted for a new password; be careful…when you type the new password, it will not be visible so remember it because you will have to confirm it.
4. exit out of cmd prompt, log off then log back in using the administrator’s username and the new password. you are now the administrator of your computer. have fun!!
It doesn’t work as limited user. Access Denied.
in step 3, make sure you leave a space between words and don’t forget to type the asterisk at the end (shift+8)
Pretty cool! I couldn’t get it to work with Server 2003 though, only XP.
i have come accross a problem
the admin knows what he is doing where i work and has blocked task manager so i cant do the last part
would you know how to open task manager or a way to divert the last part
typing taskkill /IM explorer.exe /F in first prompt then explorer.exe in the second should do the trick.
Not working getting “Access is Denied”
Not working getting “Access is Denied” whatever I do. Cant boot either with a floppy or CD.
Doesn’t work in Windows Vista and Windows 2008. The at command cannot be run in interactive mode any more. schtasks also does not run cmd.exe in interactive mode.
Any valid way to login into system account in Windows Vista/2008?
Also got the same problem on vista ultimate, cannot run cmd.exe interactively.
I would like to know how to access system in vista. if somebody has done this, please mail me at kelly.j2@sky.com with the info
Alright, if you are running a limited account, you can NOT use this running it as your account.
Don’t cry yet.
If you know anyone on the computer with administrative privledges, get them in here.
Go to the actual file for command prompt (C:\Windows\system32\)(scroll down until you see cmd or cmd.exe
Right-click cmd (or cmd.exe) and click “Run as”
Alright, here’s where your administrator helps you.
First, uncheck the “Protect my computer and data from unauthorized program activity”. Then switch to the “Log in as another user” and select the administrator’s account next to you.
Have him log in.
There is the command prompt that is running as his account, and you can use it correctly.
If you have comments: unwantedhate724@aim.com
HELP i have done exactly what you have told me but then it just said access denied!
I am running Vista
and i am an administrator
psexec -s -i cmd.exe
then u have a shell with SYSTEM permissions, u can start regedt32 interactively from this shell too
(psexec from sysinternal)
You guys just don’t understand all these commands need admin access. What’s the point of doing all these to gain admin access if you already have it? man ppl are dum
“man ppl are dum”
don’t take heavy words for your self, it’s not allright
i have a limited account without privileges to do anything in cmd or change system time is there any way that i can actually view the password not change it theres only one admin priviliged account on my computer
WITH OUT ADMIN LOGIN THIS IS WASTAGE OF TIME
So i did all this on a PC at school just to delete some annoying toolbar that some student downloaded…
after that i shut off the pc and ever since, when i log in with my account, MS Office 2003 update keeps running on and on and on….
its done by “application explorer” and it normally does it 1 time at start-up (duh) but now i get the pop up like every 10 sec.
saying something like Processing script: running post launch script
how can i undo this?
Cant get in task manager?
do this;
Notepad;
regedit
save as .bat
start the bat
go to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\policies\system
disable task manager
edit it or delete it… now u can acces TM
>You guys just don’t understand all these commands need admin access.
>What’s the point of doing all these to gain admin access if you
>already have it? man ppl are dum
>Comment by asdf — September 9, 2008 @ 8:21 am
The point is they are trying to access an account with higher than Admin rights.
Then they can modify their limited access account on the sly or at least be able to
goof off on the computer using an account they haven’t got the right to be in.
Hey idiots, when you do get system rights, open cmd prompt and type “format c:”!
And if warhawkmad1 is still trying to change his work computer on the sly,
you deserve to be fired.
Especially in an economy as lousy as this one.
If you have a legitimate reason to change the computer the Admin will do it for you.
When I type in:
at 10:44 /interactive “cmd.exe”
It tells me Access is denied…
Is there anything Ican do to get around this?!
Tested and working a month ago, but the school has completely blocked command prompt through group policy across the entire campus domain. Is there a way to get Task Scheduler to run /interactive without using command prompt? Or use another system-level program to start explorer?
this time i got it.
the net user method worked….
thk u
thk u
thk u
This Works quite well !
mine just says “the service has not been started”
Thanks. By the way, I was able to remove the stupid annoying Windows Genuine Advantage Notification Progra.☻
Louie, I don’t mean to offend. I think it’s possible that you can get to the Command Prompt by simply creating a shortcut to “cmd.” Don’t let anyone see you though! ☺ And don’t crash the computer either. As a experienced technician, I recommend that you shouldn’t use CMD in an open-session class, since CMD is easy to distinguish from other programs.
[_Infantry_]
Of course, it’s possible to get to cmd easily. Even without the use of shortcuts. In any case cmd.exe already resides in programs\accessories. You being an experienced technician I would have thought that you would know Group Policy disables cmd by telling it to refuse access when cmd checks for permissions. Command prompt window should open with a “your administrator has disabled command prompt…” text in place of the usual credits. Of course its possible to bypass this with gpdisable.exe, as you, an experienced technician should know.
could i put the “at 10:41 /interactive “cmd.exe” ” in a batch file to run a a certain time every day?
Can’t you just access cmd by typing command.com into notepad and then save it as .bat:
Open notepad and type
command.com
save as bat and run it. I’ve been using it on my school computers.
@Hatch
Clearly your school’s entire IT department should be fired. Even if Microsoft Word was somehow programmed to trigger up an interactive version of command prompt (not an unusable one) the OS will just give you an error message telling you that the command prompt has been disabled. Of course they won’t if Word tells command prompt exactly what to do and nothing more.
Is it possible to make my account as SYSTEM? Aaand which accounts can be deleted?