Run cmd.exe as Local System in Safe Mode #

When running Windows XP in Normal Mode, you can easily run cmd.exe as the LocalSystem Account (LSA) via:
at 14:02 /interactive cmd.exe
However, in Safe Mode, it returns:
This service cannot be started in Safe Mode
Microsoft points out that:
"The Task Scheduler service cannot be used while the computer is running in safe mode."
Creating a custom service with this neat hack from Adi Oltean also returns
This service cannot be started in Safe Mode
However, combining the hack with these instructions from Don Jones to add a service to the "safe" list did the trick. Here are the combined steps (which assume you are booted into Safe Mode):
  1. Add a key to HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal named lscmd or what have you. If you are in Safe Mode with Networking, add the key to HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\.
  2. C:\>sc create lscmd binpath= "cmd /K start" type= own type= interact
  3. C:\>sc start lscmd
  4. A new cmd.exe window will open with LocalSystem privileges. When you are finished, close the window, delete the registry key you made, and delete the service: sc delete lscmd .

In retrospect, it may very well have been possible simply to add Task Scheduler to the list of safe services, but I wanted to share both of these hacks.

UPDATE: Run any app under the NT Authority\Local System account with ETS (Elevate To System).

/windows | Dec 14, 2008


Subscribe or visit the archives.