Requirement is to run CMD.EXE under the Local System Account. So that we can map a network drive to be used by a windows service, which will be created by command: - net use z: \\servername\sharedfolder /persistent:yes

Environment: -

OS:  Windows 7 32/64 bit, Windows 2008 Server 64 bit/ Windows 2012 Server 64 bit

.

Priority: - Critical

.

RequirementSince the Windows Service is running under the Local System Account, we would like to emulate this same behaviour.

Basically, we would like to run CMD.EXE under the Local System Account. So that we can map a network drive to be used by a service using following command

 

net use z: \\servername\sharedfolder /persistent:yes.

Already Attempt: -

.

  1. We tried to launch the CMD.exe using the DOS Task Scheduler AT command.  Heres a sample command:

AT 10:36 /interactive cmd.exe

But I received a warning that due to security enhancements, this task will run at the time excepted but not interactively.

It turns out that this approach will work for XP, 2000 and Server 2003 but due to session isolation Interactive services no longer work on Windows 7, Windows Server 2008 and above.

.

  2.  We tried to create a secondary Windows Service via the Service Control (sc.exe) which merely launches CMD.exe.

<Drive>:\sc create RunCMDAsLSA binpath= "cmd" type=own type=interact <Drive>:\sc start RunCMDAsLSA

In this case the service fails to start and results it the following error message:

FAILED 1053: The service did not respond to the start or control request in a timely fashion.

.

  3. One suggestion, we found to launch CMD.exe via a Scheduled Task, but it is not giving any option to launch CMD.exe in interactive mode; so that I can map network drive using net command.

.

  4. I read an article, which demonstrates the use of PSTools from SysInternals. I launched the command line and executed following command

psexec -i -s cmd.exe

PSTools worked fine, but It seems that in scope of Sysinternals Software License Terms. You may not "use the software for commercial software hosting services."

Application will deploy on client, which will be like commercial, so we are not able to use PSTools.         

Kindly assist us for achieving the requirement. We have tried all the ways, but nothing is working for us. Kindly suggest.

 

I will be really thankful.
April 18th, 2015 7:23am

Basically, we would like to run CMD.EXE under the Local System Account. So that we can map a network drive to be used by a service using following command

Why do you need to physically see a cmd.exe windows in front of you to then map the drive? Currently your approach is: create a script that will run cmd.exe as system in interactive mode... so that I can manually type "net use ..." and then close the cmd.exe.

Do you see where I'm going with this? Why not just create something that will call "net use ..." as system, therefore eliminating the need for it to be interactive?

It also removes the need for you to be in front of the PC to manually type the "net use" command
Free Windows Admin Tool Kit Click here and download it now
April 18th, 2015 10:24am

Hi Sir,

Thanks for giving another direction: -

Kindly assist me to give a way, by which I can create something that will call "net use ..." as system, so that I wont need any interactive cmd.exe.

April 18th, 2015 11:34am

Hi Sir,

Thanks for giving another direction: -

Kindly assist me to give a way, by which I can create something that will call "net use ..." as system, so that I wont need any interactive cmd.exe.

Unfortunately SYSTEM cannot normally authenticate remotely so it will likely not work.

To manually create a mapping just add the mapping to the SYSTEM registry hive and restart the services.  Realize that every service that uses the system account wil lhave the drive mapped.  This may create issues fro other services.

Normally questions like this come up from people who are not trained in Windows technologies and are asking the wrong question or applying the wrong solution. I think you might want to do a little more research on how to best accomplish your goal.  Remember that this is how Sony got hacked.

Free Windows Admin Tool Kit Click here and download it now
April 18th, 2015 11:55am

Hi Sir,

          Kindly assist us anything, which can help us to achieve the requirement.

I will be really thankful.

Regards,

S. P. Singh

April 18th, 2015 2:01pm

Hi Sir,

Thanks for giving another direction: -

Kindly assist me to give a way, by which I can create something that will call "net use ..." as system, so that I wont need any interactive cmd.exe.

You already presented several methods above which will work, 'at' command being one of them... Once you realize you don't require it to be interactive anymore, anything that can start a process as system will work fine.

Though as jrv said, if you're running a system you need to be wary of potentially not having enough rights to authenticate remotely. So on your net use command you might have to specify a username and a password...

The best way forward really depends on what you're trying to do, how many systems for, etc etc.

Free Windows Admin Tool Kit Click here and download it now
April 18th, 2015 6:34pm

Hi Sir,

          Nothing worked from above for us. You can see our remarks on posted query. Thats why, we posted on forum.

And there will not be any vulnerability, because, if we will use "net use ..." in network domain; definitely, we will provide username and password of mapped drive system.

And, that system, itself is given by client; so that, there must not be any vulnerability; they are ready to provide user name and password.

.

We need a way; by which we can complete the requirement. Kindly assist.

Regards,

S. P. Singh

April 19th, 2015 12:52am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics