How To Launch Console As System User

1 minute read


Despite how cool it sounds “Ya! Running as the highest privileged user on the system!”, I can count on my hands how often I’ve ever had to run a Powershell or CMD prompt as system. Even then, it was to just clear credential manager or something quick. Regardless of why, here is how you can go about getting a ‘NTAuthority\System’ prompt:

To Resolve:

  1. Most common, download PSExec:
Start-Process -FilePath cmd.exe -Verb Runas -ArgumentList '/k C:\SysinternalsSuite\PsExec.exe -i -s powershell.exe'

NOTE: This assumes you have the psexec executable in the ‘c:\sysinternalssuite’ directory. This will give you an interactive SYSTEM prompt.

  1. If you want to use the ‘all native’ route, you can use task scheduler to run a script as system:
    Open Task Scheduler (taskschd.msc)
    Create a Basic Task
    Set a trigger (for example, ‘One time’)
    Set the start time (Synchronize across time zones = UTC)
    Start a program


Add arguments (optional):
–NoProfile –ExecutionPolicy Bypass –File C:\Demo\Get-CurrentUser.ps1


    'env:USERNAME' = $env:USERNAME
    'whoami' = whoami.exe
    'GetCurrent' = [Security.Principal.WindowsIdentity]::GetCurrent().Name
} | Format-List | Out-File -FilePath C:\demo\whoami.txt

Check the box ‘Open the Properties dialog for this task when I click Finish’
Change user to SYSTEM and configure for the OS of this machine (in my case it is Windows 10)
Note: I didn’t checked the box “Run with highest privileges” in this case as not needed but sometimes you could need that enabled.

After it runs:
If I check the content of C:\demo\whoami.txt, I see that the script successfully ran under the context of NT AUTHORITY\SYSTEM
As we can see, the current user was indeed NT AUTHORITY\SYSTEM (the variable $env:USERNAME will show as “MACHINE$”).