Windows – Problems with runas and system account

runasvbscriptwindowswindows xp

I have a process that is running under the local system account on a Windows XP machine. This process then attempts to open a file with its default application as another user (say Max) on the system. Max is logged in and has a desktop.

The file is opened with the following command with ShellExecute in vbscript:

runas /user:Max "cmd.exe /C start \"path_to_file\""

After the process running under the local system account executed above, Max is prompted to enter his password. (So, the runas component clearly gets started at least.)

Only, even after entering the correct password, runas produces the following error:

RUNAS ERROR: Unable to run - cmd.exe /C start "path_to_file"
5: Access is denied.

I am not clear to what access is denied. Running cmd.exe /C start "path_to_file" as Max works perfectly fine. Max thus clearly has access to "path_to_file".

Best Answer

This appears to be the same problem as encountered with PSExec. Edit: Runas and PSExec spawn new processes with different credentials by calling CreateProcessWithLogonW. However if you are using the "LocalSystem" account:

You cannot call CreateProcessWithLogonW from a process that is running under the "LocalSystem" account, because the function uses the logon SID in the caller token, and the token for the "LocalSystem" account does not contain this SID.