Localsystem: use local system account - more rights

 

From the user's point of view, there is no reasonable reason to start something as "SYSTEM". However, if the local administrator has too few rights, "SYSTEM" can still grant access. The SYSTEM account (Local System account or local System) has unlimited rights on the computer.

SYSTEM has no password and reports to the network as a computer account.

In the registry SYSTEM has the SID S-1-5-18. SYSTEM is sometimes also displayed as NT Authority\SYSTEM or LocalSystem.

 

see also: msdn.microsoft.com/en-us/library/windows/desktop/ms684190(v=vs.85).aspx

To run commands as another user, see: runas: Run commands or programs as another user

Start as system

Starting as a system should be reserved for the operating system, but there are several ways to gain access as a system from a normal user.

At computer startup

Scripts that are executed at computer startup use SYSTEM account for this purpose. Therefore, it is possible to start certain scripts or programs as system via the local group policy when starting the computer:

Task Scheduling - as a scheduled task.

Another way to start something as a system is task scheduling (scheduled task):

The task can be run as "SYSTEM":

for further application see the example of reading the domain by scheduled task

with psexec as system

As a prerequiste PsTools from Microsoft Sysinternals have to be downloaded and extracted to a folder: PsTools - Sysinternals | Microsoft Learn

The Sysinternals command psexec even starts SYSTEM interactively:

System on network

Network access

Accessing a share with psexec as "SYSTEM", uses the computer account as the user. 

c:\temp>net use z: \\domain.local\share
The command was executed successfully

Our computer is named "DOMAINW7", so it appears on the file server as DOMAINW7$:

The computer can be authorized to access a share accordingly:

Local System Domain Access

In the user context the "AD Explorer" acknowledges us the access from a local user to the Active Directory domain with the error:

Logon failed: unknown username or incorrect password.

A local user of a client integrated into the domain can access objects of the domain using SYSTEM, completely without a password:

The access is done as a "computer account".

Thus, it is possible to read the domain content from a computer integrated into the domain, without a domain user.

Per scheduled task

Since ADexplorer does not necessarily need a window to read out the AD, we can also dump the domain to a file in the background:

So reading the domain is also possible with a scheduled task and the SYSTEM account:

positive Bewertung({{pro_count}})
Rate Post:
{{percentage}} % positive
negative Bewertung({{con_count}})

THANK YOU for your review!

Questions / Comments


By continuing to browse the site, you agree to our use of cookies. More Details