Running a script in the Windows Local System account
Today I needed to debug a scheduled script and test its behavior when run in the Windows Local System account instead of my regular domain user’s (this was on Windows Server 2016 but should work the same in (much) older versions).
I did a bit of research and found a tool from the PsTools suite on sysinternals called PsExec. It is mainly for executing programs on remote machines and gives you the ability to launch interactive command prompts. Good stuff, even though we only need a tiny portion of its capabilities.
Let’s do it!
Let’s download the tool (2.7 MB zip file, the whole PsTools suite), extract it and then open an elevated cmd prompt.
Navigating to the extraction location of the suite, we can now run:
psexec -i -s cmd.exe
This will give us another cmd prompt, but this time in the context of the Local System. To verify, we run whoami in this prompt and should now see nt authority\system. ✊
Breaking down the options
We don’t specify a remote (as in psexec \\remote) as we want to run it locally. -i will let us run the process (cmd) interactively, and -s stands for the System account. If you like, you can add the -d option to not wait for the process to terminate (without it, the process in the initial prompt will continue until you exit the “remote” one).
To learn more about the options of PsExec, check out this page in the Microsoft docs: https://docs.microsoft.com/en-us/sysinternals/downloads/psexec.
Like to comment? Feel free to send me an email or reach out on Twitter.
Did this or another article help you? If you like and can afford it, you can buy me a coffee (3 EUR) ☕️ to support me in writing more posts. In case you would like to contribute more or I helped you directly via email or coding/troubleshooting session, you can opt to give a higher amount through the following links or adjust the quantity: 50 EUR, 100 EUR, 500 EUR. All links redirect to Stripe.