1

So when we click the "Run as administrator" in any program it doesn't ask for a password? so what user is performing operations there?

Here is what I'm trying to do - I'm trying to edit /etc/hosts and currently I'm logged in as a administrator, I tried this in terminal

runas /user:MACHINE_NAME\username notepad <path_to_etc_hosts>

It opens, shows me the content of drivers/etc/hosts files but when I try to save it I get an alert saying that I dont have permission to save this file ?

Now when I DIR /q inside /divers/etc/hosts I find that its owned by AUTHORITY\SYSTEM not by the user my_logged_in_user

so now I have two questions, the might sound very silly (sorry) -

  1. How do I edit the file
  2. How "run as an administrator" (GUI actually works? which user is being used to open the file.
Improve this question

1 Answer 1

Reset to default
1

AUTHORITY\SYSTEM is a reserved pseudo account that is used by Windows. Administrator permissions are not enough to edit such a file.

You should use the psexec utility by Mark Russinovich, to execute commands under the SYSTEM account. Be very careful in this mode to only update the file and get out of it when finished.

Run a Command Prompt (cmd) as Administrator and enter the following command:

psexec -i -d -s C:\Windows\notepad.exe C:\Windows\System32\drivers\etc\hosts

The argument -s means "Run the remote process in the System account".

For more information see my answer in the post
Is "NT AUTHORITY\SYSTEM" a user or a group?

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .