Does anyone have some VBScript that will allow you to add a user or a group to a setting within Secpol.mcs? I need to to manipulate the Local Policy\User Rights Assignment.

Thanks.
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
you could use secedit to import a template..
Answered 04/10/2009 by: Tone
Second Degree Blue Belt

Please log in to comment
0
If I import a template will it not get overwritten the next time a user logs in and gets a new policy from AD?
Answered 04/10/2009 by: mhsl808
Fifth Degree Brown Belt

Please log in to comment
0
there is a tool in the resource kit called NTRIGHTS.EXE

it will do what you want.
Answered 04/11/2009 by: jmcfadyen
Fifth Degree Black Belt

Please log in to comment
0
Thank you but NTRIGHS.TXT does not seem to handle adding a "domain group" to "Impersonate a Client After Authentication"
Answered 04/13/2009 by: mhsl808
Fifth Degree Brown Belt

Please log in to comment
0
ORIGINAL: mhsl808

If I import a template will it not get overwritten the next time a user logs in and gets a new policy from AD?


not a 100% sure as I have never used it to apply User Rights Assignment, but should only take 10 minutes to test.
Answered 04/13/2009 by: Tone
Second Degree Blue Belt

Please log in to comment
0
i have never had issues with this tool adding domain groups.

does not seem to handle adding a "domain group" to "Impersonate a Client After Authentication"


you never mentioned this in the first post nor does it make alot of sense to me ? what exactly are you trying to say here ?

after client auth could be interesting as your client will already have a token etc.

whos logging on, who needs auth ? what right are you trying to assign ? when does this need to be done ?

more detail please
Answered 04/13/2009 by: jmcfadyen
Fifth Degree Black Belt

Please log in to comment
0
Hi. We have an application that requires "Domain\Domain Users" to be added to the "Impersonate a Client After Authentication" within the Secpol.msc. That is why I am asking for help on this and the sooner the better :-)

Thanks.
Answered 04/14/2009 by: mhsl808
Fifth Degree Brown Belt

Please log in to comment
0
Ntrights.txt does work for this privliage. I was running this on a remove machine and it did not work. As it turns out I did not have proper rights on the remove machine (although I was told I did). When I ran this on my local machine(s) it seems to work. I will test this some more.
Answered 04/14/2009 by: mhsl808
Fifth Degree Brown Belt

Please log in to comment
Answer this question or Comment on this question for clarity