NTRIGHTS.exe – Windows CMD Command

Edit user account privileges.

This utility does work under all recent versions of Windows, although (like all Resource Kit tools) it is unsupported.

Below are the Privileges that can be granted or revoked, all are Case-Sensitive.

The Se_Deny… rights will override the corresponding account rights.
A Se_Deny… right will override any logon rights that an account may inherit as a result of its group membership(s).

To run NTRIGHTS you need to be an administrator.
To change privileges remotely (-m option) you need to have administrator rights on the machine being changed.

It is often helpful to grant the privileges to a named group, e.g. grant SeServiceLogonRight to a group called ServiceAccounts, then add individual user accounts to that group.
The group policy editor can be used to view these privileges in a GUI.

On a Windows 2008 Server (or Vista), allowing logon through Terminal Services (SeRemoteInteractiveLogonRight) requires an extra step: Control Panel > System > ‘Remote Settings’ > ‘Select Users’ button, and then add users/groups.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *