Privilege Escalation to SYSTEM in Vista

[onetwenty8k]

There is a pesky problem with partially uninstalled Cisco VPN clients that we've been getting lately. The problem is, there is the Languages folder that is left and no user except for SYSTEM has access to it. Long story short, it takes about 20-30 minutes to change the permissions for each last file and folder so I need a way to access CMD.exe with SYSTEM to delete the files manually. The only thing is, "at xx:xx /interactive cmd.exe" as you know, doesn't work on vista so if anyone of you have a way, please share it. Thanks.

 

[zacdl]

You are individually altering the security of everything under it???

Can't you just have it overwrite security on all the subfolder objects?

It's in the Advanced security settings edit.

 

[onetwenty8k]

Oh believe me, I've exhausted almost every option. I've been through this 20+ times. Access denied has been ingrained in my head.

 

[Catweazle]

Have you tried this:

http://www.hardforum.com/showthread.php?p=1031313326&highlight=vista+ownership#post1031313326

The registry edit mentioned in that post will add a right-click context menu item to Explorer which enables you to easily 'Take Ownership' of folders and their contents.

 

[onetwenty8k]

Have you tried this:

http://www.hardforum.com/showthread.php?p=1031313326&highlight=vista+ownership#post1031313326

The registry edit mentioned in that post will add a right-click context menu item to Explorer which enables you to easily 'Take Ownership' of folders and their contents.

Yep, that was an access denied, too. Spare me all the possible loopholes, I need a way to SYSTEM, does anyone have one?

 

[Demon10000]

Hrm... I'm not sure you can run a command prompt as system.

What if you wrote a VB script to change the permissions and then set it up as a scheduled task to run as system?

 

[onetwenty8k]

You could do it with XP with the at command but in vista, the user isn't in the same session as the SYSTEM. Stupid vista.

 

[RedShark]

I don't have the answer--I've used the "at" trick in XP before and also discovered not-too-long-ago that it doesn't work on Vista. In my case, just logging in as "administrator" was sufficient to fix the problem, though. Just posting for the thread subscription

 

[onetwenty8k]

Unfortunately, logging is administrator does not work. This VPN permission thing is probably one of the most frustrated thing that I have worked on in a while.

 

[Demon10000]

This guy started a command prompt by making CMD a service. Probably a decent temporary fix if it works. I just skimmed the article, but I didn't see what OS it was geared towards.

 

[onetwenty8k]

From the looks of it, it's geared toward XP based systems.

 

[zacdl]

From the looks of it, it's geared toward XP based systems.

Did you try it though?

 

[zeplar]

Sorry, don't know any SYSTEM escalation tips. But just making sure, have you tried running takeown from an administrator-escalated command prompt? It's been successful for me where the registry edit wouldn't work.