What is "Local System account" in Windows?

Question

And how do I run something as this account ?

I am in the administrators group for a server in a Active Directory organization. It is mainly a file server and in the interest of security, all non AD accounts have been removed from NTFS permissions for most of the lettered, local connected drives. I have tried running scheduler jobs as "NETWORK SERVICE" and "NT AUTHORITY/ SYSTEM", and as my AD account and none of them have permissions to anything on the server.

I expressed suspicion about this to a fellow coworker (is backup admin, I trust) said, don't worry; the backup agent is running as the local system account and that can see everything no matter what. Sure enough, I checked the services and they are running as "Local System account". Is there a way to run something as this account in the scheduler ?

I am trying to run a powershell command:

Get-ChildItem $dir -Recurse -ErrorAction "SilentlyContinue"
-errorvariable +errorlog | select Directory, Name, Length, Extension, LastAccessTime

The error is:

Get-ChildItem : Access to the path 'E:\FUP\parallel_ions' is denied. At C:\scripts\filelist.ps1:9 char:18
+     Get-ChildItem <<<<  $dir -Recurse -ErrorAction "SilentlyContinue" -errorvariable +errorlog | select Directory, Na me, Length, Extension, LastAccessTime | Where-Object {$_.Length -gt 1000MB} 
    + CategoryInfo          : PermissionDenied: (E:\FUP\parallel_ions:String) [Get-ChildItem], UnauthorizedAccessException
    + FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

Answer 1

The easiest way to run some commands as SYSTEM is to use psexec

in an elevated PowerShell session:

psexec -s -i -accepteula powershell.exe

This should open a new PowerShell window that runs as system

whoami

shows:

nt authority\system