Friday, June 22, 2012

Running Application/Process using System Account

Recently I ran into a situation which demanded me to run an application using the System Account. Even though it took a while, it was a delight to figure it out, thanks to Matt from SysInternal Forums.

First and foremost, let’s see what all tools we are going to use.

1.       Sc.exe - Manages a windows Service.
2.       Net.exe - Starts a Windows Service.
3.       Cmd.exe - Runs the application.

Let’s start with the Windows Calculator (calc.exe) and attempt to execute it under the System Account.

cmd /c sc create -- binPath= "cmd /c start calc" type= own type= interact & net start -- & sc delete --

So how does it work ? Lets figure it out by breaking it down.

Step 1 : Create Service
sc create -- binPath= "cmd /c start calc" type= own type= interact

Step 2 : Start Service
net start --

Step 3 : Delete Service
sc delete--

There are two variables we are using here,
a.       The Service name : --
b.      Application to Run : calc

Now lets analyze how it works.

1.       Cmd /c - This is the easiest one, allows us to pass in parameters to cmd.
2.       Sc create binPath= - The Next Step for us is to create a service entry for our application.
3.       Net start - The service has been registered, the next obvious step is to run the service. That's where use the net start command.
4.       Sc delete - Finally we delete the service

PS: The "&" is basically a new line delimiter which allows multiple commands to be combined into 1 line.

Hope that helps….