SQL SERVER – How to Connect Using NT AUTHORITY \ SYSTEM Account?

Sometimes it is needed to connect to SQL Server using System account. Don’t literally ask me if this is a valid scenario in first place. Someone just pinged to say – they want to do it. I was personally not sure why, but they had their own internal requirement to do the same. Let us learn about in this blog post about how to connect using NT AUTHORITY \ SYSTEM Account?

It is not possible to provide windows credential in SSMS and they are always grayed out. My exploration is always to keep trying to find a solution to such typical use cases. I was able to find that PSExec can be used to achieve this.  I am a big fan of some of the tools from sysinternals. These are handy and quite small footprint of the servers. One of the tools I have day-in day-out is ZoomIt while doing presentations.

Step 1: Download PSTools from

Step 2: Extract and open command prompt to the extracted location.

Step 3: Provide below command

psexec -i -s ssms.exe

-i parameter allow the program to run so that it interacts with the desktop of the specified session on the remote system.

-s parameter launches the process using SYSTEM account.

Here is what we would see on the command prompt.

SQL SERVER - How to Connect Using NT AUTHORITY \ SYSTEM Account? NtAuth-01

And it would launch SSMS program with User name populated as “NT AUTHORITY\SYSTEM”

SQL SERVER - How to Connect Using NT AUTHORITY \ SYSTEM Account? NtAuth-02

When I disable that account, I was getting below error in ERRORLOG

2016-02-03 15:31:07.560 Logon        Error: 18470, Severity: 14, State: 1.
2016-02-03 15:31:07.560 Logon        Login failed for user ‘WORKGROUP\SQLSERVER2016$’. Reason: The account is disabled. [CLIENT: <local machine>]

Notice that we do not see NT AUTHORITY\SYSTEM in Errorlog. We are seeing machine name followed by a dollar symbol. Since my machine is in a Workgroup called “WORKGROUP” and machine name is SQLSERVER2016, we are seeing WORKGROUP\SQLSERVER2016$

Have you ever used any such tool to troubleshoot anytime in your environment? What use cases were you able to use these tools in the past? Do let me know via comments.

Reference: Pinal Dave (https://blog.sqlauthority.com)

Command Line, SQL Server, SQL Server Security
Previous Post
MySQL – How to Generate Random Number
Next Post
SQL SERVER 2016: Creating Simple Temporal Table

Related Posts

3 Comments. Leave new

  • I did this once when an employee left the company and their account was deleted and nobody else could log in. It worked in sql server 2008, but later when I tried it again on a sql server 2012 server, it did not work for me.

  • Hey don. it is working for sql server 2012. i have tried.

  • Thank Doyen. Sorted my problem. Client migrating to new ERP; current vendor playing rough and took over SA.


Leave a Reply