Recently I ran into a situation
which demanded me to run an application using the System Account. Even though
it took a while, it was a delight to figure it out, thanks to Matt from
SysInternal Forums.
First and foremost, let’s see what
all tools we are going to use.
1.
Sc.exe - Manages a windows Service.
2.
Net.exe - Starts a Windows Service.
3.
Cmd.exe - Runs the application.
Let’s start with the Windows
Calculator (calc.exe) and attempt to execute it under the System Account.
|
cmd /c sc create -- binPath= "cmd /c start calc" type= own type= interact & net start -- &
sc delete --
|
So how does it work ? Lets figure
it out by breaking it down.
Step 1 : Create Service
sc create -- binPath= "cmd /c
start calc" type= own type= interact
Step 2 : Start Service
net start --
Step 3 : Delete Service
sc delete--
There are two variables we are
using here,
a.
The Service name : --
b.
Application to Run : calc
Now lets analyze how it works.
1.
Cmd /c - This is the easiest one, allows us to pass in parameters
to cmd.
2.
Sc create binPath= - The Next Step for us is to create a service
entry for our application.
3.
Net start - The service has been registered, the next obvious step
is to run the service. That's where use the net start command.
4.
Sc delete - Finally we delete the service
PS: The "&" is basically a new line delimiter which
allows multiple commands to be combined into 1 line.
Hope that helps….
