Becoming NT AUTHORITY\SYSTEM on Windows

There are rare cases when you might want to become user NT AUTHORITY\SYSTEM on a Windows 2000, XP & 2003 machine. But you don't know the password for the NT AUTHORITY\SYSTEM account, and it is not displayed in the user manager so you can change the password (which would be a VERY BAD THING if you could).

But there is a little trick you can use to open up a command window as NT AUTHORITY\SYSTEM:

First, you need to be logged in as an administrator.
Next, open up a Command Prompt window.

For this trick to work, you need the Task Scheduler service running


Once the Task Scheduler is running, you need to schedule an AT job to open a Command Prompt window

Be sure to specify the /interactive parameter BEFORE you specify the command to be run (or else the command will take the /interactive param as its own) and set the time to 1-2 minutes in the future. You can check the status of your submitted job by simply running the c:\windows\system32\AT.EXE command.


After the time elapses, a Command Prompt window should appear running as NT AUTHORITY\SYSTEM!


From here, you can launch other arbitrary programs (including GUI programs) and have them execute as NT AUTHORITY\SYSTEM. This is very handy when trying to troubleshoot services or programs that fail, or simply to get higher access than Administrator.

For assistance contact
Information compiled and maintained by Computer Security Team ; last modified by TR on July 13, 2006.
(Address comments about page to the Computer Security Team.)