Use NTRights To Grant Specific Privileges

Generally, you use the Security Policy Editor, aka "secpol.msc" to grant rights to accounts under Windows NT (NT, 2000, XP, Server 2003). There are two cases where you wouldn't do this, though.

• The Security Policy Editor won't run under Windows XP Home.
  
• You may wish to change the rights using a script.
  

In either of these cases, you'll want to use the NTRights utility.

NTRights is available, as a standalone component, from Dynawell, or as a component in the Windows 2003 Server Resource Kit Tools.

You can run NTRights depending upon how it was downloaded and installed.

• If you downloaded NTRights as a standalone component from Dynawell, and copied NTRights.exe into a folder in the Path, you can run NTRights directly from a command window.
  
• If you downloaded and installed the Server Resource Kit Tools, you run NTRights from a SRK command shell.
  
  
  
  • Hit Start.
    
  • Hit All Programs.
    
  • Hit Windows Resource Kit Tools.
    
  • Hit Command Shell.
    
  
  

NTRights is case and syntax sensitive, so you may want to look at the command help - type "ntrights /?" at the prompt. Or you can read How to Set Logon User Rights with the Ntrights.exe Utility. You may also find How to: Determine NTRIGHTS Names and Meanings informative.

As an example, to allow the Guest account to be used for network access, you grant the SeNetworkLogonRight. Enter precisely:

ntrights +r SeNetworkLogonRight -u Guest

Read the documentation carefully, and remember:

• Distinguish properly between "+r" and "-r".
  
• All rights names, such as "SeNetworkLogonRight", are case sensitive.
  
• There are 4 words (strings of non-blank characters) after "ntrights", in the above example. Each word must be preceded by a space.
  

>> Top