David Lister from SQL Services ... Info on Breaking into SQL ;)
PSExec tool gives you an option to run a remote process or an application using System account, if SYSTEM account has permission on that application. Although there are many more features that are
For example, if SQL Server has NT AUTHORITY\SYSTEM as one of its logins, then you can use this account to login to SQL Server. However, you can’t use SQL Server Management Studio or sqlcmd to login to SQL Server using NT AUTHORITY\SYSTEM. Try it yourself!
However, PSExec gives you an opportunity to login to SQL Server using NT AUTHORITY\SYSTEM. Once you download PSExec tool bundle from http://technet.microsoft.com/en-us/sysinternals/bb897553.aspxuse command prompt and type following command:
D:\PSTools>psexec -i -s "C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\Ssms.exe"
–i allow the program to run so that it interacts with the desktop of the specified session on the remote system. If no session is specified the process runs in the console session.
-s runs the process in SYSTEM account.
The above command will launch SQL Server Management Studio and gives you a “Connect to Server” window and the User Name will be pre-populated with NT AUTHORITY\SYSTEM. If NT AUTHORITY\SYSTEM has a login authority to the server, you will be able to login to the SQL Server. If you do not use “–i” switch, you won’t be able to launch management studio! So, make sure you use –i and –s both!
However, if there is a deny to this login, for example because of Trigger etc., then you won’t be able to login to SQL Server using this technique.