How to Start Windows 2003 DNS Client in Context of SYSTEM?

[Guest Will]

I am trying to work around a temporary situation on a Windows 2003 server

where group policy was misapplied. NETWORK SERVICE and LOCAL SERVICE

accounts no longer have impersonate privileges and start service privilege

so I need to temporarily start up services in security context of SYSTEM,

get group policy working, then patch up services to run in their original

contexts.

 

I have done this before we success, but this time I'm thrown for a loop by

DNS Client service, which is not able to start in NETWORK SERVICE security

context. In the registry location:

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache

 

there are two values:

 

ImagePath %SystemRoot%\system32\svchost.exe -k NetworkService

ObjectName NT AUTHORITY\NetworkService

 

My question is how do I modify ImagePath to start up in the security context

of SYSTEM? It's clear enough how to modify ObjectName to LocalSystem

context, but when you then try to start DNS Client it immediately objects

that the security contexts do not match up. There is some way to get

ImagePath to launch svchost in the security context of system, but how do I

do this?

 

--

Will