Tuesday, September 29, 2015

execute command prompt under Local System or Network Service account

Running tasks under a different user context as you are just logged in is a quiet common tasks as a Windows server administrator. I like especially the local system account to sync files to other servers and I just assign permissions on the destination server under the source server name. That eliminates the need of having an service account with password or to have managed service accounts.
To run a script under the Local System account I used to create a scheduled task to execute the script. It is working but troubleshooting is a little tough because you do not see the console output.

Recently I came across this article http://blogs.msdn.com/b/beanexpert/archive/2015/06/11/azure-ad-application-proxy-connector-connectivity-issues-with-a-proxy.aspx

Using PsExec from Sysinternals

PsExec.exe -i -u "NT Authority\System" cmd.exe

will open a command prompt under the Local System account and you can run your scripts there and see their output. I tried that before using the runas command but it was always asking for a password what I do not have and I do not have to have it anymore. Less password = easier life.