run process under another account from process running under "local system account"



  • 1. How to config windows firewall allow dhcp services?
    I have windows 2003 std with the sp that includes windows firewall. How do I set the firewall up so that it allows dhcp services to work normally? There is the exception list but that does not list all services like dhcp etc.
  • 2. Setting up IIS 6.0 tutorial
    Hi, is there any good tutorial for a semi-newbie on how to set up IIS 6.0 on a windows 2003 server to make it as safe as possible? I mean a step-by-step guide to follow that will make the webserver safe. Thanks /Surre
  • 3. Software Restriction Policy with custmized messages?
    Hi, I am testing the software restriction policy at the moment and didn't found a solution for following: 1) Is it possible to customze the message displayed when somebody trying to open a restricted file extension? Would like to insert a telephone number for that. 2) When I am trying to open a link which is allowed, but the link is trying to open an extension on a different location where it is not allowed, the user is not getting a message from the restriction policy in his session. otherwise SRP is really working fine. What could be done to solve my problems? best regards Rainer
  • 4. SPNEGO without a domain
    I tried posting this in the Access Security forum last week, but didn't hear anything back, and thought maybe someone here would have some ideas? Thanks! Hello, Having a problem with Kerberos/SPNEGO authentication with a Windows XP client. We have a non-Windows KDC and both Windows and non-windows clients. On a unix-type machine, if I run kinit and authenticacate with the KDC, I will get a TGT. Then, when I go to another intranet website that also requires kerberos authentication, I am automagically given an HTTP ticket (which I can see when I run klist) and allowed in the site. I want this same functionality from winxp. I need this same functionality on a non-domained windows client (and maybe domained ones as well, actually). I've installed kerbtray which I think is whats given me the ability to do the kinit/klist stuff on windows.. I really have no idea what to change. I've modified some firefox settings to allow the browser to do spnego (setting network.negotiate-auth.delegation-uris and network.negotiate-auth.trusted-uris). Does anyone know of a set specific instructions about this? If this is the wrong forum for this type of question, also please let me know. Thanks :) :) -- Emily

run process under another account from process running under "local system account"

Postby Michal Valent » Sun, 25 Jan 2009 00:25:30 GMT

please, can anybody help me to find out if is it possible to
run process under another account from process running under "local system 
account" ?

For example MSSQLSERVER trigger is running under "local system account"
and is firing javascript which ought to run under "domain\user" account.

thank you

Re: run process under another account from process running under "local system account"

Postby Al Dunbar » Sun, 25 Jan 2009 03:24:16 GMT

One process can certainly launch a new process under the credentials of 
another user. The method would depend on the nature of these processes. In 
the simplest case, any account with sufficient privileges to create a 
scheduled task can create a task with alternate credentials.

Under some circumstances, a single process can do some of its work with 
alternate credentials, however, this is somewhat limited by the available 
tools. For example, one can map a share under alternate credentials, and 
perform folder and file management on the share as if it had the privileges 

In what context is "MSSQLSERVER trigger" running - as a service, scheduled 
task, interactive session, or something else?

And in what mode(s) can the javascript run?


Re: run process under another account from process running under "local system account"

Postby Michal Valent » Tue, 27 Jan 2009 18:41:20 GMT

> In what context is "MSSQLSERVER trigger" running - as a service, scheduled 

The "MSSQLSERVER trigger" running - as a service

The javascript is fired  from the trigger :

CREATE TRIGGER [myUpdate] ON [dbo].[myTable]

IF UPDATE ( myCol )


 DECLARE @cmd as varchar(1000)
 declare @myColVal as varchar(20)
 declare @myTS as varchar(30)

 SET @myColVal = (SELECT myCol FROM inserted)
 SET @myTS = (select convert(varchar(30), getdate(), 121))
 SET @myTS = REPLACE(@myTS, ' ', '_')

 SET @cmd = '"C:\myScripts\myCallsToWebServices.js" '
+ @myColVal + ' ' + @myTS
 EXEC master..xp_cmdshell @cmd


Similar Threads:

1.Running processes from system account

Hi all,

I have a progam running as service under system account that is also 
A logged on user can choose to open a help file (.chm) from within an 
interactive window of this service, but it wont run.
I used ShellExecute with "open" command because it knows which executable to 
run in order to open the .chm file.
It seems to me that there's a problem with security settings with the system 
account. If my program is run as "normal" application
then it works fine. Does anyone know how to solve security issues of this 
kind? Any help appreciated.


2.Process running under Adminstrator account

I disabled the administrator account for security reasons. At the same time 
the event log shows failed administrator logon attempts.  Attempts repeat 
every 2 till 5 hours. The calling process has PID 944 which I looked up as 
svchost process.
This refers to the following services:

svchost.exe                   944 AeLookupSvc, AppMgmt, BITS, Browser,        
                                   CryptSvc, dmserver, EventSystem, helpsvc, 
                                   lanmanserver, lanmanworkstation, Netman,  
                                   Nla, RasMan, RemoteAccess, Schedule,      
                                   seclogon, SENS, ShellHWDetection, 

I can not find any service that starts with Administrator account.
Does someone have any suggestions? 

3.Tell if the process is running in a Guest account

I've been told earlier that to determine if the current process is running 
in a Guest account I need to call

But what parameters should I actually call it with? 

4.Running a service as Local System account on Windows Server 2003

Windows Server 2003.
Not sure if this is the correct group for my question as it is part server
2003 configuration/security and maybe part programming.  I have a small c++
application I wrote that installs as a service.  It monitors another machine
and periodically copies files from that machine.  The application has a GUI
that reflects the status of the other machine and file copies.  The problem
is if I set the service Logon proerties as "Local System account" and "Allow
service to interact with desktop" my program cannot access the other
machines shared directory.  If I set the Logon property to a specific
account then all works well. I am looking for a method that will allow me to
copy the files from the share and interact with the desktop.


5.Download file from NT Service running under Local System Account

Hi All,

When a NT service program runs under the local system account it
cannot access network resource either via UNC path or a network
mapped drive. Is there any way around to access network resource
for the service program?
  I writeen a NT service in VC++ , and i want to download a file from
Internet website. But my service running in local system account. I
want help in change service running under local system account to
current user to download file and change it back to local system
account from VC++ code. Please give details for this in VC++
programming not from services utility of NT.

A.V. Suresh

6. Running NET localgroup command from a logon batch script as local system account

7. Run service interactive with user account - not local system

8. Run scheduled task using local system account



Who is online

Users browsing this forum: No registered users and 90 guest