Win7 Get system permissions

Windows7 under the authority of the problem, but this mysterious ubiquitous system is bigger than the administrator and can not log in is not understandable, especially a lot of directories actually have to system permissions to delete, really makes people headache.

Here is a script, you can get the command line under the system permissions, in fact, the principle is very simple, because the service is actually operating system permissions, it is very difficult to understand. But, this idea is really very handsome, I like:


SC Create supercmd binpath= "cmd/k start" type= own type= Interact
SC start Supercmd

Note the space after the equal sign.

The essence of these two sentences is to set up a running CMD interactive service, when the service started, the Windows processing of this is to display a hint, as long as the message can open cmd, this cmd is the system permissions, so, you can do what you want to do.
Finally, come up with a method of the brother, the idea is really too handsome.


As you know, System is the ultimate Super Administrator account. By default, we cannot directly log in to the Login dialog box
Log on to the Windows desktop environment as the system account. In fact, the system account has long been "entrenched" in the systems. Think about it too, even if the user is responsible for verifying
Winlogon, LSASS and other processes are running as the system identity, who can also be qualified to test system? Since the system account has already appeared in the
Starting the Shell Program Explorer for Windows as the system account would be equivalent to logging in to Windows with System identity.

First, access to privileges

1. Execute "start → run" input cmd enter to open the Command Prompt window.

2. Enter the following command at the command prompt and return:

taskkill/f/im Explorer.exe

(End Explorer for current account) (Fig. 1)

　　

Figure 1

3. Continue entering the following command at the command prompt and enter:

At Time/interactive%SystemRoot%\Explorer.exe

(Time is a moment later in the current system time, such as a second interval.) ) (Fig. 2)

　　

Figure 2

4. The user configuration will be reloaded after one second, starting the shell process for Windows as System identity Explorer.exe

Second, Yue Heyue

1. Start menu, display the system account. (Fig. 3)

　　

Figure 3

2, open the Registry Editor, as long as the proof HKCU is hku\s-1-5-18 link can be
(S-1-5-18 is the SID of the system account). The proof method is simple: Create a new test subkey under HKCU, then refresh and look at hku\s-1-5-18
If the test subkey appears in sync, it means the user hive for the system account is currently loaded! (Fig. 4)

　　

Figure 4

3, enter the following command prompt symbol:

WhoAmI

Display: NT Authority\System (Figure 5)

　　

Figure 5

Tip: Support Tools must be installed

　　

Three, the big line of its way

1. Registry access:

Note: Under non-system permissions, users cannot access certain registry keys, such as
"Hkey_local_machine\sam", "hkey_local_machine\security" and so on. These entries record the core data of the system, but
Some viruses or Trojans often patronize here. For example, under the SAM Project, create a hidden account with administrator privileges, by default the administrator by typing "NET" at the command line
User "or" Local Users and Groups "(lusrmgr.msc) is not visible, to the system caused a great danger. Under "SYSTEM" permissions, access to the registry does not have any
What obstacles, all the black hands are exposed!

Action: Open the Registry manager and try to access Hkey_local_machine\sam and hkey_local_machine\security, and you should now have unrestricted access. (Fig. 6)

　　

Figure 6

2. Access the System Restore file:

Description: System Restore is a self-protection measure for Windows systems that is built under each root directory
The System Colume
Information "folder, save some system information for system recovery to be used. If you do not want to use System Restore, or if you want to delete some of the files under it, this folder has hidden,
Non-system permissions cannot be deleted. If you log in with system permissions you can delete it arbitrarily, even if you can create a file under it, to protect the privacy of the role.

Action: In Explorer, click "Tools → Folder Options" in the pop-up Folder Options window to switch to
View tab, in the Advanced Settings list, undo the Hide protected operating system (recommended) check box, and then select the Show all files and folders item for hidden files and folders. Then you can
Working directory C:\System Volume information with unrestricted access to the System Restore. (Fig. 7)

　　

Figure 7

3, replace the system files:

Description: The Windows system protects the system files, in general you will not be able to change the system files
, because the system has a backup of the system files, it exists in C:\WINDOWS\system32\dllcache (assuming your system is mounted on the C drive). When you change the system file
, the system automatically recovers the corresponding system files from this directory. When there is no corresponding system file in the directory, the prompt will pop up (Figure 8), allowing you to insert the installation disk. In practical applications if you sometimes need to
DIY your own system to modify some system files, or use a higher version of the system files to replace the lower version of the system files, so that the system function. Like window.
The XP system only supports one user telnet, if you want it to support multi-user Telnet. To replace window with a remote login file for Windows 2003
The appropriate files for XP. This is difficult to implement under non-system permissions, but can be easily implemented under system permissions.

　　

Figure 8

Action: From Windows
2003. Extract the Termsrv.dll file from the system, and then replace the file with the same name under WINDOWS XP C:\WINDOWS\system32 with the file. (For Windows
XP SP2 must also replace C:\WINDOWS\ $NtServicePackUninstall $ and C:\WINDOWS\ServicePackFiles
file with the same name under the \i386 directory). Then make the appropriate system settings to allow Windows XP to support multi-user Telnet.

4, manual anti-virus:

Description: The user in the process of using the computer is generally used by administrator or other administrator
User login, poisoning or after the horse, viruses, Trojans are mostly run with administrator privileges. We in the system after poisoning is generally used anti-virus software to disinfect, if you kill the soft paralysis, or antivirus software can only detect
Come, but can not clear, this time can only shirtless, manual anti-virus. Under the Adinistrator authority, if the manual avira for some viruses powerless, generally to boot into safe mode, there is
Can not be cleaned up even in safe mode. If you log in with system permissions, it is much easier to get the virus.

Operation: (Take a manual anti-virus as an example, I in order to simulate a previous period of time in the virtual machine manual antivirus. ) hit "Windows
Task Manager ", found a suspicious process" 86a01.exe ", under the administrator administrator cannot end the process (Figure 9), of course, it is not possible to remove the virus in the system directory
The original file "86a01.exe". Log in with system permissions, the process is successfully completed, and then delete the virus original file, clear the registry of the relevant options, the virus was thoroughly cleaned out of the system. (Figure
10)

　　

Figure 9

　　

Figure 10

Iv. Summary

System permissions are higher than the administrator permissions, and use it to complete
into a lot of normal situations can not be completed tasks, it has a lot of applications, my article is just a tip, I hope you can dig more practical skills in practice. Of course, the biggest privilege means a bigger
Danger, like holding "Imperial sword", do not kill innocent! In the process of using "system administrator rights", and even "general user rights", only in special cases only use system
Permissions.

When you have Adobe Reader installed
After 9.0, for some reason to unload, or because you re-installed the system, you will find the original C:\Program Files\adobe\reader
Some files under the 9.0\resource\cmap folder cannot be deleted, prompting you to require system permissions. There are two solutions available below:

1, manual One to remove: Select the file you want to delete, right--and properties--Security tab
--click Advanced on the bottom right---the owner--and edit--to change the owner of the file to administrators OK--
Go back to the properties panel of the file--Select User administrators--> edit--Change administrators permissions to Full Control,
You can delete the file.

2, through the System CMD window, with the DOS command file operation: First, the following two lines of code to save the Syscmd.bat file, please note that the quotation marks in English and Chinese.

SC Create SysCMD binpath= "cmd/k start" type= own type= Interact

SC start SysCMD

Any double-click on the Syscmd.bat file, the following window appears:

Click "View Message", then the cmd window will appear, you can use the DOS command to manipulate the file or folder, you can forcibly delete the entire folder at once. The DOS command format is rmdir/s
/q "folder name".

Http://hi.baidu.com/zbjit/item/824f352f21454c0e72863ec5

Win7 Get system permissions