Run CMD.exe as Local System Account

I’m currently running Vista and I would like to manually complete the same operations as my Windows Service. Since the Windows Service is running under the Local System Account, I would like to emulate this same behavior. Basically, I would like to run CMD.EXE under the Local System Account.  (By the way, it’s fair to question why my Windows Service is running with elevated permissions.  Generally, it’s not a good practice, but anyway…

Strike 1:

I found information online which suggests lauching the CMD.exe using the DOS Task Scheduler AT command.  Here’s a sample command:

AT 12:00 /interactive cmd.exe

I gave it a shot but I received a Vista warning that “due to security enhancements, this task will run at the time excepted but not interactively.”

It turns out that this approach will work for XP, 2000 and Server 2003 but due to session 0 isolation Interactive services no longer work on Windows Vista and Windows Server 2008.

Strike 2:

Another solution suggested creating a secondary Windows Service via the Service Control (sc.exe) which merely launches CMD.exe.

C:\sc create RunCMDAsLSA binpath= "cmd" type=own type=interactC:\sc start RunCMDAsLSA

In this case the service fails to start and results it the following error message:

FAILED 1053: The service did not respond to the start or control request in a timely fashion.

Strike 3:

The third suggestion was to launch CMD.exe via a Scheduled Task. Though you may run scheduled tasks under various accounts, I don’t believe the Local System Account is one of them. I’ve tried using the Runas as well, but think I’m running into the same restriction as found when running a scheduled task.

Not Out Yet:

Fortunately, I came across this article which demonstrates the use of PSTools from SysInternals which was acquired by Microsoft in July, 2006. I launched the command line and issued the following statement and suddenly I was running under the Local System Account like magic:

psexec -i -s cmd.exe

PSTools worked great. It’s a lightweight, well-documented set of tools which provided an appropriate solution to my problem.

Updated 01/09/2008: Changed “Local Admin Account” to “Local System Account” in final paragraph. My goof.


  1. Ben,
    Glad you enjoyed my article that you linked to above. I noticed the traffic coming from your post and just wanted thank you for the link.

    ~ The Verbal Processor

  2. Great article, however I was confused when reading the conclusion to your article. In the last paragraph you said “I was running under the Local Admin Account like magic”. You mean cmd.exe ran under SYSTEM or Administrator privileges? Technically speaking, Local Admin is the same as the Administrator account. Sorry for being picky but I rather just ask.

    Great work!

  3. Yikes. Thanks for calling this out, Elmar. The paragraph should have read “Local System Account.” I will update and thanks for keeping me honest. 🙂

  4. I am Shinda from Uganda
    And I have some tag too

    type your…
    Type your…
    Type your…

    Don’t listen to Ephrem, he is crazy ethiopian

  5. Hello Ben,
    Thanks for the tip.
    It also works for other local account without giving their passwords:

    psexec -i -u “nt authority\network service” cmd.exe

    Best regards,

  6. Maybe somebody know how to run/install program exe under local system account if you don’t know admin password? Thanks.

  7. [url=]tramadol delivered overnight [/url] [url=]buy soma cheap cod [/url] [url=]should you taper off tramadol [/url] [url=]soma cod orders only [/url] [url=]buy online pharmacy soma [/url] [url=]prescription tramadol without [/url] [url=]Trazodone cod overnight [/url] [url=]cheap cialis online [/url] [url=]Prednisone medicine [/url] [url=]cheap soma online [/url]