elevating your rights from admin to system in Windows
Results 1 to 5 of 5

Thread: elevating your rights from admin to system in Windows

  1. #1

    elevating your rights from admin to system in Windows

    How to elevate your administrator rights to the rights of the system.



    **Note: i did not list this info to illegally break into a computer, this is lame and in no way can that be called
    hacking. I am absolutely not responsible for the (mis)use of this knowledge / listed tools and i do not encourage
    illegal actions with this text.**



    Why would we want this?:

    It might happen sometime that you would like to access a folder that is created by Windows and when you double click
    you get "Access Denied". This can be very frustrating, especially when you have accidentally moved some
    important files from to it (This happened to someone not so long ago).

    Or you might want to learn more about how the Windows registry works and you will find out that with this technique
    you are able to view more keys then with your normal administrator account. This is done to protect the important
    files from Windows, but hey, we would like to know more wouldn't we ;-)?
    one of those keys is located at HKEY_LOCAL_MACHINE\security\, here you can see for yourself what the difference
    would be. (ALWAYS create a backup from the registry before messing with it!).

    One other reason might that you would like to access the files from another account on your computer which might have
    access rights set or might be encrypted using the NTFS encryption called EFS (Encrypted files system).
    This of course should only be done with permission from the owner of those files.

    There might be other reasons you could think of, but these are the ones i use them for.


    How does it work?:

    Well, it's pretty simple, in Windows there are several services running in the background which run under the system account.
    We could use one of those services to elevate our rights by normal means. This will be the "schedular" service.

    The schedular is a service which allows you to run any program at a particular time for a given number of times.
    It allows you to schedule a task and that task will be a child process of the schedular service.
    This means it will inherit the same rights as the parent process (schedular).

    So if the schedular is running as a system account, anything we will start from it will also be run from the system
    account.
    You could start the schedular by typing the following command at the command prompt "at XX:XX < option > < application >",
    where XX:XX stands for the time you wish the program to start (run the command without the " quotes).


    Let's use this knowledge:

    Now we would like to elevate our rights so we decide to start the schedular 1 minute from now with the following command:
    "at XX:XX /interactive taskmgr" (run the command without the " quotes), where XX:XX is the current time + 1 minute,
    e.g. 14:34. This command will let the taskmanager popup in 1 minute.

    When the taskmanager is popped up, you could use this to start any other command from it which also will inherit the
    system rights.
    This is what i usually do:
    kill explorer.exe, and then click on the button "new task" in the taskmanager and type "explorer.exe" (without quotes)
    and hit < enter >. Now the taskbar and desktop will be loaded again, but now with the system rights.
    This means you have a complete GUI running under the system account!!

    Now you can access whatever you like from there and you will eventually see you can access a lot more then you can with
    your administrator account!

    This however is not forever, when you log off (or shut down) the computer, you will have your normal rights back again,
    so you would have to perform this action anytime you need it.


    Be careful what you do with it, cause when you do something wrong, you could end up destroying your Windows and you would
    have to reinstall again!!




    regards,


    White Scorpion

  2. #2
    Thanks, I learn something new everyday. Is it possible to elevate from a limited account? It worked fine from a admin account but access denied from a limited account. Thanks, good short tut for us noobs.

  3. #3
    Thanks, I learn something new everyday. Is it possible to elevate from a limited account? It worked fine from a admin account but access denied from a limited account. Thanks, good short tut for us noobs.
    every account which has access to the schedular can do this, in windows 2000 the power users also can do this by default, but lesser then that you would have to manually give the restricted accounts these rights.

    hope this clears things up

  4. #4
    Member
    Join Date
    Aug 2004
    Posts
    95
    Is there any way to do this from a lesser account than admin.... in Windows.

  5. #5
    Is there any way to do this from a lesser account than admin.... in Windows.
    i have already explained this in my previous post, the power user can also do this by default, otherwise you would need an account which is given explicit rights to use the schedular, so normally only the power user, a guest or normal user can not do this.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •