Run Explorer in SYSTEM account on Windows Vista or 7 using Sysinternal’s psexec tool?

windows-7 windows-vista windows-explorer psexec sysinternals

33,924

Solution 1

Kill all your exploreres

pskill explorer

Then launch

psexec -i -s explorer

Your taskbar will be runing as system so everything you open via it will be runing as system.

After you finish kill it again and open a normal explorer via Task Manager (Ctrl-Shift-Esc)

Solution 2

Why (from "Impact of Session 0 Isolation on Services and Drivers in Windows"):

In Windows XP, Windows Server 2003, and earlier versions of Windows, all services run in Session 0 along with applications. This situation poses a security risk. In Windows Vista, Windows Server 2008, and later versions of Windows, the operating system isolates services in Session 0 and runs applications in other sessions, so services are protected from attacks that originate in application code.

From the MS paper available on that page:

In Windows Vista®, Windows Server 2008, and later versions of Windows, the operating system mitigates this security risk by isolating services in Session 0 and making Session 0 noninteractive. Only system processes and services run in Session 0.

I did find this little freeware utility that apparently allows you to launch things in session 0 in Vista; there's no mention of Windows 7 compatibility, and I haven't tested it.

You can find this program ("Run As System") here, perhaps it'll help you accomplish what you're trying to do.

Here's the blurb from that page:

It is a simple tool that enables you to start a program or run command and script under a local system account. Requires administrative privileges on the PC. This tool is fully compatible with Vista UAC.

Hope that helps...

Solution 3

Suggestion : for file management with administration rights, I use a third party "explorer", than I "run as" under my master account.

I have been using "FreeCommander" ( FreeCommander ) : when you right click explorer commands in it (such as Properties) they are correctly with admin rights.

A side benefit is that it is visually not explorer so see instantly that you are in an administrative window (reduced risk of doing something stupid).

Solution 4

Try out this one:

psexec \localhost -i 0 cmd there you should start your explorer or other GUI in isolation session 0

View more solutions

33,924

Rob

Updated on September 17, 2022

Comments

Rob over 1 year
Has anyone been successful at launching an instance of Windows Explorer in the SYSTEM account on Windows Vista or 7? It is possible to do this on XP, but I haven't been able to get it to completely work in Vista or 7.

Trying to launch Explorer as SYSTEM into session 1 (my user session) results in Explorer exiting immediately and returning an error code of 1.

I can launch Explorer as SYSTEM into session 0 with the following command:
```
psexec -i 0 -s explorer
```
That will create an instance of explorer running as SYSTEM with a taskbar and start menu on the hidden session 0 desktop, but won't let you open a file browser window. If you switch to the hidden session 0 desktop and try to open an Explorer window from there to browse files, the following error message appears:

"The server process could not be started because the configured identity is incorrect. Check the username and password."

I have set the following registry key to 1 for my user account and the SYSTEM account:
```
\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
```
There has got to be a way to make this work? If it is not possible, can anyone explain why?

-Rob
- HiFi almost 14 years
  
  First question: Why on earth are you wanting to run explorer as root?
- Billy ONeal over 13 years
  
  You can modify those files by taking ownership of them.
- surfasb over 12 years
  
  There is probably a reason you can't delete them. . .
- nergeia over 11 years
  
  A little weird, but you can open mspaint or notepad instead explorer, as SYSTEM with PsExec, go to "File" menu, and navigate through file system as SYSTEM.
- Scott Chamberlain over 11 years
  
  Why are you trying to modify the C:\Windows\system32 directory?
- CausingUnderflowsEverywhere almost 8 years
  
  I'm trying to copy my files from another hard drive and I'm receiving access denied errors. Seems I need to copy them as the system account.
Ƭᴇcʜιᴇ007 over 13 years

No prob. Unfortunately I think you're simply trying to do the impossible, or at least something Windows 7 is supposed to be designed to prevent. People complained for years how insecure Windows was, so one of the new security features to prevent system takeover from user sessions is to isolate all SYSTEM account processes to session 0. Maybe CACLS or some WMI magic could help you take ownership and delete those files via a script/shortcut?
Rob over 13 years

Yeah. Other utilities, such as regedit, notepad, cacls or cmd have no problem running as SYSTEM in session 1 or 0. That, coupled with the fact that explorer will partially work as SYSTEM in session 0, makes me think that there is a bug or some bad implementation of security in explorer preventing it from working.
Ƭᴇcʜιᴇ007 over 13 years

I don't think it's a bug. I think it's simply UAC bent into a shape that is both restrictive (to prevent malware), yet not too 'whiney' (to prevent users complaining about having to click "OK" or enter a passsword).. :)
kizzx2 about 13 years

I remember there is a known issue for psexec. Sometimes you may need to psexec 127.0.0.1 -i 0 cmd
Basic over 8 years

Right-Click Run As... doesn't allow you to run as the local system account, only as an administrator