Local System Account

[Guest]

I am a novice to Windows administration. On Windows 2000, several services
run as local system account. If I were to run some commands manually as
system, how do that. Do I logon as Administrator login locally on the server
and then execute my commands, or there is something else to be done.

I am an account on the server (pmehrotr) which is in Administrators group,
but I do not have access to Administrator account per se. Is there any way I
can run something as local system account by logging on as my login. When I
run something as pmehrotr, I know it is not run as local system account.

Thanks a lot.

Prem

 

[Miha Pihler [MVP]]

Hi,

It is _not_ common to run commands or tasks as Local System. Personally I
never had to use Local System except for demonstration purposes.

Account that you would use to run commands and tools depends on task that
you would like to perform. If the tool requires administrative permissions
for some reason then you can either use Administrator account or any other
account that is member of Administrators Group on that computer (e.g. in
your case pmehrotr). If this account is member of Administrators group is
has same permissions as built-in Administrator account.

Note: don't use account that is member of administrator group for everyday
work. It can be quite dangerous. E.g. if you surf the web or read infected
e-mail with such account you can quickly infect the computer with a virus...
Personally I have two accounts. E.g. account "mike" for everyday's work and
"admin-mike" for administrative work. With second account I e.g. don't surf
the web and I don't read e-mail with it. If I am logged on to the computer
as mike (usually I am) I use tools such as runas (command line tool) to run
a specific program with higher permissions.

 

[Guest]

Actaully, I do exactly what you are recommending, but somehow in this case,
Oracle does not seem to honor group (administrators ) privileges. It
appeatrs that user id is embedded in some Oracle key, as a result only the
user who ran he command to generate the key can run the application.
Since application runs as "Local System Account", I want to run key
generation commands from Local System Command.

Sorry for repeating the question. To clarify:
1. If I logged on as Adminstrator account, is it same thing as LocalSystem.

Thanks a lot,

Prem

 

[Miha Pihler [MVP]]

Hi,

No, administrator is not same as Local System.

 

[Guest]

Mike:

I really appreciate your quick reponse. I see whne some Windows service is
run, one can specify it to run as localsystem account. Is there a way to run
some .exe (which is not a service) using localsystem account.

Prem

 

[Miha Pihler [MVP]]

Hi,

Sure -- it is called interactive mode.

First logon to the server (you have to go to console -- this will not work
e.g. over RDP). Now that you are logged on to the server as administrator,
run following command from command line:

at 17:57 /i cmd.exe

where 17:57 is at least one minute more then current time. Now wait for
cmd.exe to start (in e.g. 1 minute). This cmd.exe that executes now runs as
"Local System". You can check this in e.g. Task Manager. If you open Task
Manager and look for cmd.exe you will see that it runs under Local System...
(note: if you have more then one cmd.exe running at the same time chance is
that one will run under your account).
Any exe file or application that you now run from cmd.exe running under
Local System will also run as Local System.

Again -- I would like to stress that this is not a common way to run exe
files or applications... I never had to do this in production environment.
It could cause some problems with your application if it works over the
network.

I hope this helps,

 

[Guest]

Mike:

This is great information. I also do not want to run applications as
LocalSystem (this is last resort).

 

[Roger Abell [MVP]]

You really should go back to the source of your issue and try to
resolve it there rather than trying to find kludgy, risky workarounds.
In this case, review the Oracle docs on how to get this working as
intended given the install choices that were made.
Also, be aware that the workaround provided doez not work that
way post W2k where the cmd prompt you get will not be as System.

 

[Miha Pihler [MVP]]

Roger,

The procedure that I wrote in my post also works on XP and Win2k3...

You can also use Sysinternals (PSexec) to call any application to run it in
interactive mode. Prime example in this case would be Registry to see
Security part of it...

 

[Roger Abell [MVP]]

Roger,

The procedure that I wrote in my post also works on XP and Win2k3...

Right you are, at least on the XP SP2 I have available at the moment.
I just love Sunday mysteries, namely why/when I got it drilled into my
head that this was changed so one would end up with cmd running as
Local Service
hmmm ...

Thanks Mike,

 

[Miha Pihler [MVP]]

Hi,

I checked on Windows Server 2003 and Vista Beta 2. It works on Windows
Server 2003 SP1. Vista will not allow running in interactive mode from "at"
command, but you can use schtasks to schedule and run a process in
interactive mode.