6

Has anyone been successful at launching an instance of Windows Explorer in the SYSTEM account on Windows Vista or 7? It is possible to do this on XP, but I haven't been able to get it to completely work in Vista or 7.

Trying to launch Explorer as SYSTEM into session 1 (my user session) results in Explorer exiting immediately and returning an error code of 1.

I can launch Explorer as SYSTEM into session 0 with the following command:

psexec -i 0 -s explorer

That will create an instance of explorer running as SYSTEM with a taskbar and start menu on the hidden session 0 desktop, but won't let you open a file browser window. If you switch to the hidden session 0 desktop and try to open an Explorer window from there to browse files, the following error message appears:

"The server process could not be started because the configured identity is incorrect. Check the username and password."

I have set the following registry key to 1 for my user account and the SYSTEM account:

\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess

There has got to be a way to make this work? If it is not possible, can anyone explain why?

-Rob

Rob
  • 69
  • 1
  • 1
  • 3
  • 5
    First question: Why on earth are you wanting to run explorer as root? – TheLQ Aug 05 '10 at 17:15
  • 2
    For file management. In Windows Vista and 7, there are files in the C:\Windows\system32 directory that only SYSTEM has full control over. I would like to be able to easily delete these type of files without having to change permissions on every file first. I'm aware that there are other ways of doing it. I would just prefer to be able to pop an explorer window and do it with as few steps as possible. – Rob Aug 05 '10 at 20:51
  • 1
    You can modify those files by taking ownership of them. – Billy ONeal Jan 09 '11 at 16:42
  • There is probably a reason you can't delete them. . . – surfasb Nov 26 '11 at 06:11
  • Why are you trying to modify the C:\Windows\system32 directory? – Scott Chamberlain Oct 03 '12 at 16:38
  • A little weird, but you can open mspaint or notepad instead explorer, as SYSTEM with PsExec, go to "File" menu, and navigate through file system as SYSTEM. – nergeia Oct 03 '12 at 16:34
  • I'm trying to copy my files from another hard drive and I'm receiving access denied errors. Seems I need to copy them as the system account. – CausingUnderflowsEverywhere Jul 22 '16 at 13:57

4 Answers4

5

Kill all your exploreres

pskill explorer

Then launch

psexec -i -s explorer

Your taskbar will be runing as system so everything you open via it will be runing as system.

After you finish kill it again and open a normal explorer via Task Manager (Ctrl-Shift-Esc)

regisbsb
  • 261
  • 3
  • 5
2

Why (from "Impact of Session 0 Isolation on Services and Drivers in Windows"):

In Windows XP, Windows Server 2003, and earlier versions of Windows, all services run in Session 0 along with applications. This situation poses a security risk. In Windows Vista, Windows Server 2008, and later versions of Windows, the operating system isolates services in Session 0 and runs applications in other sessions, so services are protected from attacks that originate in application code.

From the MS paper available on that page:

In Windows Vista®, Windows Server 2008, and later versions of Windows, the operating system mitigates this security risk by isolating services in Session 0 and making Session 0 noninteractive. Only system processes and services run in Session 0.

I did find this little freeware utility that apparently allows you to launch things in session 0 in Vista; there's no mention of Windows 7 compatibility, and I haven't tested it.

You can find this program ("Run As System") here, perhaps it'll help you accomplish what you're trying to do.

Here's the blurb from that page:

It is a simple tool that enables you to start a program or run command and script under a local system account. Requires administrative privileges on the PC. This tool is fully compatible with Vista UAC.

Hope that helps...

Ƭᴇcʜιᴇ007
  • 111,883
  • 19
  • 201
  • 268
  • Thanks for trying to help! But, I am aware of Session 0 Isolation. Psexec works fine for launching things into session 0. I don't need another utility. I was just pointing out in my post that launching into session 0 partially works. I would rather be able to launch into session 1 as SYSTEM. – Rob Aug 05 '10 at 20:56
  • No prob. Unfortunately I think you're simply trying to do the impossible, or at least something Windows 7 is supposed to be designed to prevent. People complained for years how insecure Windows was, so one of the new security features to prevent system takeover from user sessions is to isolate all SYSTEM account processes to session 0. Maybe CACLS or some WMI magic could help you take ownership and delete those files via a script/shortcut? – Ƭᴇcʜιᴇ007 Aug 06 '10 at 12:56
  • Yeah. Other utilities, such as regedit, notepad, cacls or cmd have no problem running as SYSTEM in session 1 or 0. That, coupled with the fact that explorer will partially work as SYSTEM in session 0, makes me think that there is a bug or some bad implementation of security in explorer preventing it from working. – Rob Aug 06 '10 at 13:49
  • 1
    I don't think it's a bug. I think it's simply UAC bent into a shape that is both restrictive (to prevent malware), yet not too 'whiney' (to prevent users complaining about having to click "OK" or enter a passsword).. :) – Ƭᴇcʜιᴇ007 Aug 06 '10 at 23:42
2

Suggestion : for file management with administration rights, I use a third party "explorer", than I "run as" under my master account.

I have been using "FreeCommander" ( FreeCommander ) : when you right click explorer commands in it (such as Properties) they are correctly with admin rights.

A side benefit is that it is visually not explorer so see instantly that you are in an administrative window (reduced risk of doing something stupid).

Michel
  • 329
  • 1
  • 2
  • Right-Click Run As... doesn't allow you to run as the local system account, only as an administrator – Basic Oct 22 '15 at 18:13
1

Try out this one:

psexec \localhost -i 0 cmd there you should start your explorer or other GUI in isolation session 0

Tatoosh
  • 11
  • 1
  • 2
    I remember there is a known issue for psexec. Sometimes you may need to `psexec 127.0.0.1 -i 0 cmd` – kizzx2 Feb 07 '11 at 16:21