.png?width=100&auto=webp&quality=80&disable=upscale "Picture of John Savill")
.png?width=400&auto=webp&quality=80&disable=upscale "John Savill")
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
How can I grant User Rights from the command line?
John Savill
March 4, 1999
1 Min Read
A. A. Usually user rights, such as Logon Locally, are grant by starting User Manager and selecting User Rights from the Policies menu. If you want to grant rights from the command line, for use with account generation scripts etc., the Windows NT Resource Kit Supplement Two includes a new utility called NTRIGHTS.EXE which grants user rights from the command line.
The program uses a series of codewords for each user right:
Code Word | User Right |
|---|---|
SeNetworkLogonRight | Access this computer from the network. |
SeTcbPrivilege | Act as part of the operating system. |
SeMachineAccountPrivilege | Add workstations to domain. |
SeBackupPrivilege | Back up files and directories. |
SeChangeNotifyPrivilege | Bypass traverse checking. |
SeSystemtimePrivilege | Change the system time. |
SeCreatePagefilePrivilege | Create a pagefile. |
SeCreateTokenPrivilege | Create a token object. |
SeCreatePermanentPrivilege | Create permanent shared objects. |
SeDebugPrivilege | Debug programs. |
SeRemoteShutdownPrivilege | Force shutdown from a remote system. |
SeAuditPrivilege | Generate security audits. |
SeIncreaseQuotaPrivilege | Increase quotas. |
SeIncreaseBasePriorityPrivilege | Increase scheduling priority. |
SeLoadDriverPrivilege | Load and unload device drivers. |
SeLockMemoryPrivilege | Lock pages in memory. |
SeBatchLogonRight | Logon as a batch job. |
SeServiceLogonRight | Log on as a service. |
SeInteractiveLogonRight | Log on locally. |
SeSecurityPrivilege | Manage auditing and security log. |
SeSystemEnvironmentPrivilege | Modify firmware environment values. |
SeProfileSingleProcessPrivilege | Profile single process. |
SeSystemProfilePrivilege | Profile system performance. |
SeUnsolicitedInputPrivilege | Read unsolicited input from a terminal device. |
SeAssignPrimaryTokenPrivilege | Replace a process level token. |
SeRestorePrivilege | Restore files and directories. |
SeShutdownPrivilege | Shut down the system. |
SeTakeOwnershipPrivilege | Take ownership of files or other objects. |
To grant a user right perform the following
ntrights +r SeInteractiveLogonRight -u SavillTechsavillj
This would grant savillj of the SavillTech domain the right to log on locally. To grant the right on a remote machine use the -m switch
ntrights +r SeInteractiveLogonRight -u SavillTechsavillj -m \
About the Author
You May Also Like
.png?width=700&auto=webp&quality=80&disable=upscale)