Overview
Sometimes it may be useful to mimic the way M-Files server communicates by default, using the local system account. This can be helpful when testing e.g. connections or mapping network drives to ensure the local system account can perform the tasks.
NOTE: Local system account is a high privileged account. Take care not to run anything unintended using this.
Solution
This can be done using the PsExec tool found in Windows Sysinternals tools (https://docs.microsoft.com/en-us/sysinternals/)
PsExec download link and information: https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
- Download PSTools.zip from the link above
- Unzip the contents to a folder
- Open an elevated command prompt (admin) and navigate to the folder where you placed PsExec.exe
- Run "psexec.exe -s -i cmd.exe" (or powershell.exe)
- This will open a new Command Prompt. Verify your new identity by running "whoami", it should display "nt authority\system":
You can use the command prompt window you launched to run commands as the local system user.
If making persistent changes such as mapping network drives (net use), please make sure to also remove them.
Troubleshooting
If PsExec throws an error such as "PsExec could not start cmd.exe: The system cannot find the file specified":
- Verify there are no path issues:
- Try adding the full path of both psexec.exe and cmd.exe to the command, for example: "C:\<path>\psexec.exe -s -i C:\Windows\System32\cmd.exe"
- Depending on your organization's security policies, PsExec may be blocked from running certain commands:
- The Microsoft Defender Attack Surface Reduction rules can prevent PsExec and other similar tools from running, specifically the Block process creations originating from PSExec and WMI commands rule. NOTE: exercise caution when considering disabling this rule, this risks exposing your system to dangerous code. For instructions on changing these settings and more information, see Microsoft's article Enable attack surface reduction rules.
- Other antivirus and security systems can interfere with PsExec, verify with your system to see if PsExec is allowed to create processes.
