Windows

How to Run a Program in Windows as the SYSTEM (LocalSystem) Account

Imoh Etukby
Leave a Comment on How to Run a Program in Windows as the SYSTEM (LocalSystem) Account
Local-System-Account
Local System Account

The LocalSystem account is a service control manager-defined local account. Because the security subsystem does not recognize this account, you cannot specify its name in a LookupAccountName call. It has extensive privileges on the local computer and serves as the network computer. The SYSTEM (a.k.a. LocalSystem) account, which has a high privilege level, owns many Windows system files, registry keys, and services. There are at least two ways to modify a registry key owned by the SYSTEM account. When accessing resources not located on the computer, the local Windows system account is also the computer account.

Most resources that do not reside on the computer itself, such as remote shares, do not have security access rights granted to computer accounts. Local system account “user” profiles are different from regular “user” profiles. Consider variables such as the environment. You can also learn about the merits and demerits of Local System Account and Service Logon Account, Create Disk Cleanup Shortcut: How to Perform Disk Clean-up in Windows, Microsoft Management Console: How to fix Windows Task Scheduler Service Greyed Out in Services MMC, How to forcefully Remove Language Pack on Windows 10 and Windows 11, How to convert a PEM Key to a PPK Key on a Linux VM in AWS or on Windows 10 and 11 in Azure Platform.

How to Use the Local System Account

Before you begin testing an SCCM service account, make sure you’re using the local system account, also known as the computer account or nt authority\system, NT Authority\system is a predefined local account used by the service control manager. It is also an account with the highest privileges on the local computer. Once you’ve determined that you’re using the local system account, you can usually troubleshoot an error by simulating how SCCM would access those resources.

How to Run Programs as SYSTEM (LocalSystem account)

To run a program under the SYSTEM account, follow along with me in the following method:

Method 1 – Using PsExec.exe from Windows Sysinternals

To run a program in the SYSTEM context, use Microsoft’s Windows Sysinternals PsExec.exe console tool. Follow these steps:

Step 1 – Click here to download PsExec from Microsoft Sysinternals.

Download-PExec
Downloading PsExec.exe File

Step 2 – Unzip and extract the tool to your desired folder — e.g., C:\User\Desktop

Extract-the-file
Extracting the PsExec File

Step 3 – Open Command Prompt window with admin privileges.

Open-CMD
Opening Command Prompt

Step 4 – Type the following command, and press ENTER in the Command Prompt Window to start the Registry Editor under the SYSTEM account:

C:\Users\name\Desktop\PSTools>psexec.exe -sid c:\windows\regedit.exe

In the command above make sure you’re on the right path and also replace the <name> with your username.

Accept-the-EULA
Agree to the EULA

Once you run the command, you will be prompted to agree to the EULA. Go ahead and accept it. The System Registry will open up immediately after agreeing to the EULA.

System-Registry-Opens-up
Opening System Registry in LocalSystem Account Profile

The Registry Editor is launched by the PsExec command line mentioned above under the LOCALSYSTEM account so that you can edit the registry’s protected areas. In the Registry Editor window, go to the desired registry key and modify the values you want. When you are done, simply exit the Registry Editor.

Method 2 – Using Advanced Run from Nirsoft

With the help of the straightforward Windows tool, AdvancedRun,you can run programs with various options, such as low or high priority, start directory, main window state (minimized or maximized), running the program with various users or permissions, operating system compatibility settings, and environment variables. The program can also be automatically launched from the command line with the desired settings by saving the desired settings into a configuration file and then running it that way.

Using Advanced Run, you can also launch a program under SYSTEM or a different user context.

Step 1 – To use AdvancedRun, click here to download it. When on the download page, scroll down to the feedback section and select the version based on your OS compatibility to download the zip file. It doesn’t require any installation. Just extract the zip file and save it to a location on your PC.

Download-AdvancedRun
Download AdvancedRun

Step 2 – Open the extracted folder and double-click on the AdvancedRun program

Opening-th-Extracted-folder
Launching the AdvancedRun Program

Step 3-In the “Program to Run” field, click on the 3-dotted lines on the right-hand side of the screen, choose a program to run, and choose SYSTEM user in the Run As dropdown box, and click Run.

Run-AdvancedRun-Program
Running a Program with AdvancedRun Tool

As shown in the screenshot above, I’m running the Registry Editor Program. So, clicking on “Run” will open up the Registry Editor screen. You can choose to run other programs.

Ran-Windows-Registry-1
Opening Windows Editor Screen

Step 4 – Alternately, you can also use the below command to run a program as a SYSTEM using AdvancedRun in an elevated command prompt:

AdvancedRun.exe /EXEFilename "C:\Windows\regedit.exe" /RunAs 4 /Run

/RunAs 4 instructs to start the program under the LocalSystem account. The possible  data values for the /RunAs switch are as follows:

1 – Run as current user (elevate)
2 – Run as current user (no elevation)
3 – Run as Administrator (force elevation)
4 – Run as SYSTEM
8 – Run as TrustedInstaller
Run-AdvancedRun-in-CMD
A Running Program as a System Using AdvancedRun in CMD

Method 3 – Using Process Hacker

An excellent process manager that does similar things as Sysinternals Process Explorer is called Process Hacker. This tool has a special feature that lets you start a program under the same user account as a process or service that is already running.

To use Process Hacker to run a task, do the following:

Step 1 Download and install the Process Hacker Software

Step 2 – Find a program or service which is currently running under NT AUTHORITY\SYSTEM.

Process-Hacker-Tasks
Process Hacker showing Running Programs

Step 3 – Right-click on the process, click Miscellaneous and click Run as this user

Run-Program-with-Process-Hacker
Run Program as

Step 4 – Choose the program (e.g., regedit.exe, or cmd.exe) you want to run as that user and click OK.

Run-progam-as-this-user
Run a Program as NT AUTHORITY\SYSTEM

As shown above, we just ran the cmd.exe program. The program would run as SYSTEM (NT AUTHORITY\SYSTEM)

Method 4 – Using NirCmd.exe from NirSoft

There is a versatile command-line tool called NirCmd from NirSoft. To get started, follow the steps below:

Step 1Download NirCmd and extract it to a particular location

NirCmd
Download and Extract NirCmd to a Folder

Step 2 – Right-click and run NirCmd as an administrator. You can also run NirCmd as a SYSTEM

Run-NirCmd-as-Admin
Running NirCmd as an Administrator

A dialog box prompt will show up, click on copy to Windows Directory and then click on Yes to be able to run NirCmd without specifying the full path

Copy-to-Windows-Directory
Copying NirCmd to Windows Directory

Now use the below command line to start the Registry Editor elevated and under the SYSTEM account:

nircmd.exe elevatecmd runassystem c:\windows\regedit.exe
Use-NirCmd-to-run-Regedit
Running System Registry Editor with NirCmd

There are several ways to run processes under the LocalSystem Account. The above-stated methods should get you started.

Tags:

Published by Imoh Etuk

Imoh Etuk is an experienced Cloud Infrastructure and Security Engineer with a focus on multi-cloud platforms (Azure, AWS, and GCP). He is a Microsoft Certified Trainer (MCT), Microsoft Most Valuable Professional (MVP - Azure Category) and an AWS Community Builder. He has worked with various team sizes ranging from small, medium, and large teams. Over the years, he has designed and implemented infrastructure and security solutions that are highly available, scalable, and reliable both in the cloud and on-premises for different organizations around the globe.

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x