Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Adding security setting via cmd line

Status
Not open for further replies.
dporrelli

dporrelli

Programmer
Dec 18, 2002
43
GB
Hi All,

I am trying to create a batch file which will prompt a user to enter 3 user names (i.e. domain\user) and then add the user to the Administrators group and the following user rights assignments:
Act as part of the operating system
Bypass traverse checking
create a token object
Log on as a batch job
Log on as a service
managing auditing and security log
Replace a process level token

Any help would be brilliant

Thanks

Del
 
Sort by date Sort by votes
Got it working manually by copying the ntrights.exe from the 2003 kit and doing this:
net localgroup Administrators domain\servicesuser /ADD
net localgroup Administrators domain\sqluser /ADD
net localgroup Administrators domain\adminuser /ADD

ntrights.exe -u "domain\servicesuser" +r SeTcbPrivilege
ntrights.exe -u "domain\sqluser" +r SeTcbPrivilege
ntrights.exe -u "domain\adminuser" +r SeTcbPrivilege

ntrights.exe -u "domain\servicesuser" +r SeBatchLogonRight
ntrights.exe -u "domain\sqluser" +r SeBatchLogonRight
ntrights.exe -u "domain\adminuser" +r SeBatchLogonRight

ntrights.exe -u "domain\servicesuser" +r SeServiceLogonRight
ntrights.exe -u "domain\sqluser" +r SeServiceLogonRight
ntrights.exe -u "domain\adminuser" +r SeServiceLogonRight

ntrights.exe -u "domain\servicesuser" +r SeCreateTokenPrivilege
ntrights.exe -u "domain\sqluser" +r SeCreateTokenPrivilege
ntrights.exe -u "domain\adminuser" +r SeCreateTokenPrivilege

ntrights.exe -u "domain\servicesuser" +r SeChangeNotifyPrivilege
ntrights.exe -u "domain\sqluser" +r SeChangeNotifyPrivilege
ntrights.exe -u "domain\adminuser" +r SeChangeNotifyPrivilege

ntrights.exe -u "domain\servicesuser" +r SeCreateTokenPrivilege
ntrights.exe -u "domain\sqluser" +r SeCreateTokenPrivilege
ntrights.exe -u "domain\adminuser" +r SeCreateTokenPrivilege

ntrights.exe -u "domain\servicesuser" +r SeSecurityPrivilege
ntrights.exe -u "domain\sqluser" +r SeSecurityPrivilege
ntrights.exe -u "domain\adminuser" +r SeSecurityPrivilege

ntrights.exe -u "domain\servicesuser" +r SeAssignPrimaryTokenPrivilege
ntrights.exe -u "domain\sqluser" +r SeAssignPrimaryTokenPrivilege
ntrights.exe -u "domain\adminuser" +r SeAssignPrimaryTokenPrivilege

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
197
DTGMI
DTGMI
Scparks
  • Locked
  • Question
Trouble with setting up a SMTP Relay to Office 365
Replies
0
Views
93
Scparks
Scparks
Dave60608
  • Locked
  • Question
Accessing shared folders via a network
Replies
5
Views
233
strongm
strongm
jamescpp
  • Locked
  • Question
Adding an attribute to ADLDS
Replies
1
Views
122
jamescpp
jamescpp
ADB100
  • Locked
  • Question
Single Windows 7 Ultimate workstation not applying Registry, Drive Map or Printers GPO settings
Replies
1
Views
144
technome
technome

Part and Inventory Search

Sponsor

Back
Top