How to Gain System Access to a Windows 2000-Based Computer

ID: Q238846

The information in this article applies to:
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server
IMPORTANT: This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore it if a problem occurs. For information about how to do this, view the "Restoring the Registry" Help topic in Regedit.exe or the "Restoring a Registry Key" Help topic in Regedt32.exe.

SUMMARY

You may need to run commands in the context of the local System account for recovery or other administrative purposes. For example, an administrator may want to start Registry Editor in the Local System context to investigate the SAM without manipulating the permissions on the registry.

In Microsoft Windows NT 4.0, this is very easy to do; the Scheduler service typically runs in Local System context and you can schedule a job to start a command prompt interactively. However, Task Scheduler in Windows 2000 does not allow scheduling of tasks in the System context--it requires user credentials for each task.

This article describes an alternative method of obtaining System access to Windows 2000-based computers.


MORE INFORMATION

WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

For information about how to edit the registry, view the "Changing Keys and Values" Help topic in Registry Editor (Regedit.exe) or the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Note that you should back up the registry before you edit it. If you are running Windows NT, you should also update your Emergency Repair Disk (ERD).

  1. Copy the Srvany.exe tool from the Windows NT Resource Kit to your temporary folder (for example, C:\Temp).


  2. Stop the Print Spooler service. The Spooler service is a good candidate for this procedure because it starts interactively as the local system account, does not have a complex configuration, and does not require rebooting to change the configuration.


  3. Start Registry Editor (Regedt32.exe).


  4. Locate the following key:


    5. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Spooler
  5. Save this key to the C:\Temp\Spooler.dat file.


  6. Change the following registry value:


    7. Value Name: Image
    Data Type: REG_SZ
    Value: c:\temp\srvany.exe
  7. Locate the following key:


    8. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Spooler\Parameters
  8. Add the following values:


    9. Value Name: Application
    Data Type: REG_SZ
    Value: c:\winnt\system32\cmd.exe

    Value Name: AppParameters
    Data Type: REG_SZ
    Value: /k
  9. Quit Registry Editor and start the Print Spooler service. A command prompt appears. This command prompt is running in the local system context.


To restore the Print Spooler service to its original configuration:
  1. Stop the Print Spooler service.


  2. Start Registry Editor (Regedt32.exe).


  3. Locate the following key:


    4. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Spooler
  4. Restore this key from the C:\Temp\Spooler.dat file.


  5. Quit Registry Editor.


  6. Start the Print Spooler service.


For additional information, please click the article number below to view the article in the Microsoft Knowledge Base:
Q231270 Allowing Normal Users Access to Local Administrator Tasks

Additional query words:

Keywords : kbenv
Version : WINDOWS:2000
Platform : WINDOWS
Issue type : kbhowto


Last Reviewed: December 29, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.