It is sort of possible to log onto a computer interactively as the superpowerful Local System account, better known as NT AUTHORITY\SYSTEM. You can even have the Start menu display "SYSTEM" as the username - Windows will give the account is own real profile, with libraries and everything. Fair warning, though, you will experience some strange stuff if you try to use it for everyday activities.
First, you'll need the excellent PsExec tool. Open an administrator command prompt and type the following line from a location where the PsExec file is reachable:
psexec -s -i taskmgr.exe
You will get an instance of Task Manager running as SYSTEM. Use it to kill all explorer.exe processes running as your normal account. Then, run a new instance of explorer.exe from Task Manager.
If you're running Windows 7, you'll see the sequence that occurs when a user logs on for the first time. If you're running Windows 8, you'll get a frozen taskbar that can't do anything. (This doesn't work all that well on Windows 8).
When you click on the Start button, you will notice that Explorer is indeed running as SYSTEM. You can go to your Documents, which may or may not show the files from your normal account. All processes you launch from the Start menu or with Windows+R will run as SYSTEM with all the rights and privileges thereof. Your home folder is now:
C:\Windows\system32\config\systemprofile
You will notice quickly that right-clicking almost any surface created by Explorer does not spawn a context menu. In my experience, everything seemed to go slower running as SYSTEM, but your mileage may vary.
No comments:
Post a Comment