I’m currently running Vista and I would like to manually complete the same operations as my Windows Service. Since the Windows Service is running under the Local System Account, I would like to emulate this same behavior. Basically, I would like to run CMD.EXE under the Local System Account. (By the way, it’s fair to question why my Windows Service is running with elevated permissions. Generally, it’s not a good practice, but anyway…
I found information online which suggests lauching the CMD.exe using the DOS Task Scheduler AT command. Here’s a sample command:
AT 12:00 /interactive cmd.exe
I gave it a shot but I received a Vista warning that “due to security enhancements, this task will run at the time excepted but not interactively.”
It turns out that this approach will work for XP, 2000 and Server 2003 but due to session 0 isolation Interactive services no longer work on Windows Vista and Windows Server 2008.
Another solution suggested creating a secondary Windows Service via the Service Control (sc.exe) which merely launches CMD.exe.
C:\sc create RunCMDAsLSA binpath= "cmd" type=own type=interactC:\sc start RunCMDAsLSA
In this case the service fails to start and results it the following error message:
FAILED 1053: The service did not respond to the start or control request in a timely fashion.
The third suggestion was to launch CMD.exe via a Scheduled Task. Though you may run scheduled tasks under various accounts, I don’t believe the Local System Account is one of them. I’ve tried using the Runas as well, but think I’m running into the same restriction as found when running a scheduled task.
Not Out Yet:
Fortunately, I came across this article which demonstrates the use of PSTools from SysInternals which was acquired by Microsoft in July, 2006. I launched the command line and issued the following statement and suddenly I was running under the Local System Account like magic:
psexec -i -s cmd.exe
PSTools worked great. It’s a lightweight, well-documented set of tools which provided an appropriate solution to my problem.
Updated 01/09/2008: Changed “Local Admin Account” to “Local System Account” in final paragraph. My goof.