gsass1
commented
5 years ago You can run NTop "as Administrator" and it should work. Do you mean that NTop should call the UAC prompt to gain admin rights?
Open tlsalex opened 5 years ago
gsass1
commented
5 years ago You can run NTop "as Administrator" and it should work. Do you mean that NTop should call the UAC prompt to gain admin rights?
tlsalex
commented
5 years ago Sorry , maybe it's a little complicate thing about this system account. To my knowledge , that is system account can refer to "NT Authority\System" or "LocalSystem".
it's the most power user ,and the administrator is the second one.
in short. NT Authority\System = Local System = SYSTEM = S-1-5-18
Some examples:
tlsalex
commented
5 years ago also
gsass1
commented
5 years ago At least on my machine it's possible to end SYSTEM processes when running as administrator with the exception of some service processes which apparently just can't be shut down.
tlsalex
commented
5 years ago 2536 SYSTEM 8 00.0% 39.1 MB 120 0.0 MB/s 11:19:03:38 |- ccSvcHst.exe
11280 xxxx.xx 8 00.0% 6.6 MB 21 0.0 MB/s 08:01:46:02 | | - ccSvcHst.exe
Above is the symantec endpoint protection process runs on my laptop. I tried to kill them ,but seems no way to do that , as my account is not a system account , I think if ntop run under system account , then ntop can kill it without problem. so I hope ntop have the ability to elevate the current account to system account (or we can say switch to the most power user account)
dd86k
commented
4 years ago Did you try running psexec with the -u switch? Or do you have an example program that provides this functionality?
The "Run As..." dialog exists for about the same reason for "sudo" or "doas" existing -- running a process as another user is the OS' job, not the program themself. I don't recall functions permitting that, because once you're in the CLI, you're already within the program, unless a new process is spawned to spawn another instance of ntop.
As we know , the system account in windows is like the root account in Linux -- the most power user.
There are many process or services run as system user, include windows itself service and 3rd software like antivirus software - more detail ,let's say it's symantec endpoint protection
Sometimes antivirus software just do some shitty things , I just want to kill it to continue my job.
Let's say we have bellow scenario: ntop is running under my account: xxx.xx , and my account is in the local administrators group, will it possible to elevate current account to system account by ntop itself, in order to kill the process run as system account.