Another thing that just came up today. I needed a truly elevated command prompt. And by that I mean I needed cmd.exe to run as NT Authority\System.
In the good old days we would just schedule cmd.exe with the good old AT command. (AT 9:08 /interactive "c:\windows\System32\cmd.exe") But what does a current Windows Server 2008 R2 system say to it?
Warning: Due to security enhancements, this task will run at the time
expected but not interactively.
Use schtasks.exe utility if interactive task is required ('schtasks /?'
for details).
Added a new job with job ID = 1
hmm admin is not happy. Starting an interactive cmd.exe using Server Manager's Task Scheduler did also not work.
What helped? psexec from the Sysinternals suite did the job!
Here is the command:
psexec.exe -i -s -d cmd /accepteula
(-i for interactive, -s for NT Authority\System, -d for do not wait for termination of the new cmd.exe, and /accepteula for 'I am in a command line and I do not want to switch to the mouse to click Accept')
In the newly opened command prompt I was really NT Authority\System:
C:\>whoami
nt authority\system
Admin was happy again ;-)
