The summary of ‘Run as SYSTEM with PsExec.exe (to be able test Intune Win32App or Scripts)’

This summary of the video was created by an AI. It might contain some inaccuracies.

00:00:0000:15:28

The video demonstrates the importance of running applications as a system in InTune to overcome user permission issues. Tools like PS Tools and PSExec are highlighted to run processes with elevated privileges. Understanding system paths, executing commands effectively, and accessing user sessions without passwords using system accounts are discussed. The video also covers accessing 'winget', system paths, and installing software via the command prompt. Overall, the presenter emphasizes the significance of system-level access for testing and system administration purposes, cautioning against misuse of these powerful capabilities.

00:00:00

In this segment of the video, the presenter discusses running applications as a system through InTune. They demonstrate the importance of running as a system, particularly when deploying packages that may fail when pushed through InTune due to user permissions. The presenter shows how to test running as a system using a virtual machine, emphasizing that the user must be an admin to do so. They mention using a tool called PSX to execute files as a system on the local machine and tease a hacker demonstration coming up later in the video.

00:03:00

In this segment of the video, the speaker demonstrates how to use PS Tools by Mark Russinovich, a tool suite acquired by Microsoft. They show how to download and extract the necessary files, emphasizing the importance of running the program as an administrator for it to work effectively. The speaker explains the need to specify the ‘-I’ switch to make the program interact with the desktop, highlighting the concept of session IDs in Task Manager. Finally, they show how to run the program with the necessary switches to elevate privileges to the system level.

00:06:00

In this segment of the video, the speaker demonstrates how to access elevated permissions by running a process as the system account. By utilizing the PSExec tool with specific flags, the speaker is able to execute commands with elevated privileges. The demonstration includes running a CMD prompt as the system account, which provides increased permissions though caution is advised. The speaker also explains how the system account may have limitations, such as not recognizing certain commands due to differences in paths. By exploring the path variable, the speaker shows the impact of different context on command execution, highlighting the importance of understanding system paths for effective command execution.

00:09:00

In this segment of the video, the speaker discusses the search path for ‘winget’ and demonstrates how the system searches for the file. It is shown that the ‘winget’ file found in the system is actually a pointer to the real file located in ‘program filesWindowsAppsMicrosoft.DesktopAppInstaller’. The video also mentions using the ‘FSUtil’ tool to query the file’s location. The speaker explains that the system cannot natively use ‘winget’ but provides a workaround by using a script to provide the full path. The segment concludes with an example of installing putty from the command prompt.

00:12:00

In this segment of the video, the speaker demonstrates how a system account can be used to access a user session without knowing the user’s password. They show how to open Task Manager as a system user, locate the desired user session, and connect to it without the need for the user’s password. This showcases the power of the system account in accessing user sessions. The speaker advises against abusing this method for security reasons and emphasizes its value for testing and system administration.

00:15:00

In this part of the video, the speaker mentions that the previous method used will not work. They show that accessing as a local admin is required, which can be seen as ‘administrator’ on the screen. The speaker hints that this is a cool trick but emphasizes it’s for admins only. They thank the viewers for watching and sign off.

Scroll to Top