When RunAs SYSTEM Isn’t Enough

I’ve written several times in the past about running under the SYSTEM account using the well known trick psexec -i -s cmd which runs cmd under SYSTEM, but what if you want to run as TrustedInstaller? More accurately, you can run as SYSTEM with the TrustedInstaller token. I happened to stumble across this trick when trying to delete the files in C:\Windows\WinSxS\Temp\PendingDeletes\ and it just wasn’t happening using the SYSTEM account alone. The program I used is SuperCMD. Just run SuperCMD.exe /TI /Run:cmd.exe using RunAs Administrator on cmd.exe and viola, you are SYSTEM running with the TrustedInstaller token!

Another program that can be used is NSUDO which is based on SuperCMD.

  • Soli Deo Gloria