Localsystem: use local system account - more rights
From the user's point of view, there is no reasonable reason to start something as "SYSTEM". However, if the local administrator has too few rights, "SYSTEM" can still grant access. The SYSTEM account (Local System account or local System) has unlimited rights on the computer.
SYSTEM has no password and reports to the network as a computer account.
In the registry SYSTEM has the SID S-1-5-18. SYSTEM is sometimes also displayed as NT Authority\SYSTEM or LocalSystem.
see also: msdn.microsoft.com/en-us/library/windows/desktop/ms684190(v=vs.85).aspx
To run commands as another user, see: runas: Run commands or programs as another user
Start as system
Starting as a system should be reserved for the operating system, but there are several ways to gain access as a system from a normal user.
At computer startup
Scripts that are executed at computer startup use SYSTEM account for this purpose. Therefore, it is possible to start certain scripts or programs as system via the local group policy when starting the computer:
Task Scheduling - as a scheduled task.
Another way to start something as a system is task scheduling (scheduled task):
The task can be run as "SYSTEM":
for further application see the example of reading the domain by scheduled task
with psexec as system
As a prerequiste PsTools from Microsoft Sysinternals have to be downloaded and extracted to a folder: PsTools - Sysinternals | Microsoft Learn
The Sysinternals command psexec even starts SYSTEM interactively:
System on network
Network access
Accessing a share with psexec as "SYSTEM", uses the computer account as the user.
c:\temp>net use z: \\domain.local\share
The command was executed successfully Our computer is named "DOMAINW7", so it appears on the file server as DOMAINW7$:
The computer can be authorized to access a share accordingly:
Local System Domain Access
In the user context the "AD Explorer" acknowledges us the access from a local user to the Active Directory domain with the error:
Logon failed: unknown username or incorrect password.
A local user of a client integrated into the domain can access objects of the domain using SYSTEM, completely without a password:
The access is done as a "computer account".
Thus, it is possible to read the domain content from a computer integrated into the domain, without a domain user.
Per scheduled task
Since ADexplorer does not necessarily need a window to read out the AD, we can also dump the domain to a file in the background:
So reading the domain is also possible with a scheduled task and the SYSTEM account:
({{pro_count}})
{{percentage}} % positive
({{con_count}})
THANK YOU for your review!
Top articles in this section
When cloning a large hard disk to a smaller one, I lost the recovery partition. So far not bad, Windows works without recovery partition, but in case of an error the partition helps to get the PC up and running again. To summarize, here's how it works with the recovery partition: As long as the partition is still there, it can be deactivated and written to a file. If the partition gets lost unexpectedly, it can be recovered from the Windows setup media. This post is also available as a video, se...
Build means the kernel version of Windows. How current the Windows 10 or Windows 11 installation is, can be seen by the build number used.
Anyone who frequently creates scripts or analyzes log files and handles different versions can compare them very quickly with the help of the right editor.
