Sometimes just being Administrator is not enough to accomplish your task. A notorious example of this is when you need to end a process that apparently is causing a problem on your system and the End Process action just plainly refuses to complete with a nice and friendly: Access Denied.

A way around such a frustration is to get yourself more power than you already have with your Administrator status. This works on the premise that processes are started from within a given account context and will thereby also run within that ’start-account’ context. So if you could execute the End Process action from within the System account context you’re set.

This can be achieved using the At command through the Scheduler Service. By default the startup account setting for this service is the System account.

Open up a command prompt (cmd.exe) and type:

at <time in the near future> /interactive cmd.exe

Since the Scheduler service is starting your command prompt, that command prompt will be running within the System account context. Everything you subsequently start from within that command prompt window will therefore also be running within the System account context.

Now you just type taskmgr and you can End Process the offender.

On a slightly different note but employing the same principal, i.e. spawned processes run in the security context of the program that initiated the spawned process, Microsoft has published a Security Bulletin (MS02-024) detailing this vulnerability in respect to Debugger processes.

<excerpt>
The Windows debugging facility provides a means for programs to perform diagnostic and analytic functions on applications as they are running on the operating system. One of these capabilities allows for a program, usually a debugger, to connect to any running program, and to take control of it. The program can then issue commands to the controlled program, including the ability to start other programs. These commands would then execute in the same security context as the controlled program.
</excerpt>