How to Run CMD/Program as SYSTEM (LocalSystem) in Windows

Sometimes, local administrator permissions may not be sufficient to manage certain system files, registry keys, processes, and services in Windows. In such cases, an administrator can take ownership of files/other objects or perform actions on behalf of the privileged SYSTEM (LocalSystem) account. In this post, we will cover how to open a command prompt or run any program as SYSTEM.

How to Run CMD/Process as SYSTEM on Windows Using PSExec

The easiest way to run a command or program as NT Authority\System is to use the Sysinternals PSExec.exe console tool.

The PSExec tool doesn’t require installation. Simply extract the PSTools.zip archive to a local drive (it’s likely that you’ll need to unblock the file you downloaded from the Internet before you can use it).

Open the command prompt (CMD) in “Run as administrator” mode and navigate to the directory where the psexec.exe file is located:

cd C:\PSTools\

To run a program or command as SYSTEM, run:

psexec -i -s cmd.exe

The command to run PSexec from the PowerShell shell will look like this:

.\psexec.exe -i -s <executable>

• -i – run the specified app in the interactive mode (a user can interact with the program on the desktop). If not specified, the process is launched in a console session.
• -s – run process as Local System account
• cmd.exe – the name of the EXE file, script, or command that will be run on behalf of the SYSTEM user.

After executing the command, a new command prompt window will appear, running under the NT Authority\System account. Make sure it is true by running this command:

whoami

Since in this example we launched the interactive console of the command-line interpreter cmd.exe under the SYSTEM account, all subsequent commands and programs started from this session will also run with SYSTEM privileges.

Now, you will be able to change, rename, or delete system files or registry keys that are owned by TrustedInstaller or SYSTEM. For example, you can terminate a system service or close a file locked by a system process.

If the Couldn’t install PSEXESVC service error appears, make sure that:

• The command prompt is run as administrator
• Another PSEXESVC service instance is not running

Configure a Task Scheduler to Run a Task as SYSTEM

The Task Scheduler can be used to periodically execute certain scripts or commands on behalf of the system. For example, I want to run a particular PowerShell script with system privileges when Windows boots.

1. Open the Task Scheduler console by running the taskschd.msc command
2. Create a new task PSscriptAsSYSTEM
3. In the User field, click the Change User or Group button and type SYSTEM (the account used to run task will change to NT AUTHORITY\SYSTEM)
4. Enable the Run with highest privileges option
5. Go to the Triggers tab and select when you want to run your script (in this example, the task will run At startup)
6. On the Actions tab, specify which program you want to run.
7. In this example, we will run a PowerShell script (*.ps1). To do this, specify in the Program/Script field: powershell.exe . In the Arguments field, specify the path to the PS1 script file: -ExecutionPolicy Bypass -NonInteractive -File "C:\PS\MySampleScript.ps1" 
   Learn more about running PowerShell scripts from Task Scheduler.
8. Save the task settings
9. To activate a task, right-click on it and select Enable.

Each time Windows boots, the Task Scheduler will run the specified PowerShell script with SYSTEM privileges.

If you only need to run a program or command on behalf of SYSTEM once, you can skip creating a trigger for a scheduled launch. Instead, run the scheduler task manually by selecting it in the console and clicking Run.

The AT command has been deprecated. Please use schtasks.exe instead.
Warning: Due to security enhancements, this task will run at the time expected but not interactively.
Use schtasks.exe utility if interactive task is required ('schtasks /?' for details).
The request is not supported.