It is a built-in user account that is run on a Windows OS. It has powers even more than the Administrator account ! Using that account, one can gain complete control over everything. You can kill any stubborn process, make system wide changes etc. But, one cannot log in as NT AUTHORITY\SYSTEM. Windows doesn’t allow this and for a good reason coz malicious programs if run as NT AUTHORITY\SYSTEM, then it would be nothing less than a disaster!

Why should I become the NT AUTHORITY\SYSTEM ?

There are many rare instances when you will need to become the NT AUTHORITY\SYSTEM like in case you cannot end a virus process using Task Manager or from command line using taskkill even when the /f switch is used.

How can I become NT AUTHORITY\SYSTEM ?

Here is a little trick that allows you to gain system wide access as NT AUTHORITY\SYSTEM in XP. This won’t work in Vista.

1. You must be logged in as an Administrator
2. Make sure that “Task Scheduler” service is running. If not, start it using services.msc or using command line by typing net start "Task Scheduler"
3. Now, you need to schedule a task using the at command as show below. Here’s the general command syntax.
   
at one_minute_more_than_current_time /interactive file_path

   And here’s an example. Consider that the current time in your system tray clock is 21:21. Here’s the command that you need to enter to run the cmd.exe as NT AUTHORITY\SYSTEM.
   
at 21:22 /interactive C:\WINDOWS\system32\cmd.exe

   You must specify the time one or two minutes more than the current time in system tray clock in 24 hour format.
   
   

   Schedule a task

4. When the time is elapsed, a new Command Prompt appears which is running as NT AUTHORITY\SYSTEM. All programs, GUI programs, commands etc launched from this Command Prompt also runs as NT AUTHORITY\SYSTEM. For example, the Task Manager (taskmgr.exe) started from this Command Prompt can end any process. Be careful while playing around with this trick

Registry editing has been disabled by your administrator

Task Manager has been disabled by your administrator

The command prompt has been disabled by your administrator

Well, here are my first VB Scripts that are damn useful to fix these problems. I did borrow the idea from another similar script. But these scripts have more features.

• RegSwitch
  You can use this to turn on/off registry editing access i.e to block or unblock regedit.
  
• TaskmgrSwitch
  You can use this to turn on/off Task Manager i.e to block or unblock taskmgr access.
  
• cmdSwitch
  Similar to the above two, this will enable/disable Command Prompt access.

All the above scripts first check for existence of regedit.exe/taskmgr.exe/cmd.exe and also log events to the Event Log.

Just run the scripts again to toggle between on and off. The scripts have been tested successfully on XP SP3 and Vista SP1. Please let me know if there are any bugs. You can view the source code of the script by opening it with notepad

Download RegSwitch
Download TaskmgrSwitch
Download cmdSwitch

P.S : These scripts were initially posted by me at Raymond.cc Forum.