Have you ever wanted to run something in the secure desktop controlled by winlogon - the desktop you see when nobody is logged on?
I have, and recently realised that psexec supports this - with the '-x' command. For example, if you run the following command and then press ctrl+alt+del or logoff, you’ll still have a console with the ability to start other commands:
- psexec /x /d /s cmd
This only works on the local machine, but of course psexec allows you to run things remotely! The following command therefore uses psexec to remotely run cmd to start psexec locally to run cmd in the local winlogon desktop of the remote computer:
- psexec /s \\%computer% cmd /c psexec /accepteula /x /d /s cmd
This was done using psexec.exe v1.94 and the second command assumes that psexec.exe is available in the path on the remote computer.
Unlocking XP/2003 without passwords