I'm working on a project where I want to switch from a normal account to a non-logged in admin account from the command line, and the best I've managed is a psexec chain to get an NT AUTHORITY\SYSTEM shell, using tscon to switch to a logged-in admin account:
PsExec64.exe -u administrator -p xxxxxxx
PsExec64.exe -s tscon 3 /dest:console
- Using one
psexecdoesn't work for some reason, as I getaccess deniedwhen using-sright away
Is there a simple way to create a new session with a logged-in administrator account (for which I know the password) or at least open a new explorer.exe instance; if not possible, could someone explain why?
- The best I got was 2s of an admin
explorer.exe, then it restarts in the normal user
To clarify, what I want to do is a simple .exe / command line that locks me out of the current user and logs me in to the admin one without any other interaction. (This would then be used in conjunction with some other software to allow admin access under certain conditions)
@Cpt.Whale suggested an RDP to 127.0.0.2 which I've seen while doing some research, but he is right in that you can't have more than one active user (Just tested)
I can't really add much as to why I want this, but the end goal would be giving someone a token that allows to then switch to admin without the admin password, the token would be then invalidated giving access only once. I need to have the full desktop because the user given permission would have to start other programs and browse the filesystem as admin
