JSI Tip 0252 - Grant or revoke user rights in batch.


contains NTRIGHTS.EXE.

This command-line tool, requiring Administrative privledges, can grant or revoke a Windows NT right to or from a user or group of users.

Notes: Names of Windows NT rights are case-sensitive.


To grant the right to change the system time to the local user group, run:

ntrights +r SeSystemtimePrivilege -u Users

To revoke the right of the group Everyone to access this computer from the network, run:

ntrights -r SeNetworkLogonRight -u Everyone

NTRIGHTS can also operate on remote computers. To grant the right to log on as a service on computer JSI001 in domain JSI for the user Jerry, run:

ntrights +r SeServiceLogonRight -u JSI\Jerry -m \\JSI001

The Windows NT rights that can be granted or revoked are:

Windows NT right Permits user to
SeAssignPrimaryTokenPrivilege Replace a process level token.
SeAuditPrivilege Generate security audits.
SeBackupPrivilege Back up files and directories.
SeBatchLogonRight Logon as a batch job.
SeChangeNotifyPrivilege Bypass traverse checking.
SeCreatePagefilePrivilege Create a pagefile.
SeCreatePermanentPrivilege Create permanent shared objects.
SeCreateTokenPrivilege Create a token object.
SeDebugPrivilege Debug programs.
SeIncreaseBasePriorityPrivilege Increase scheduling priority.
SeIncreaseQuotaPrivilege Increase quotas.
SeInteractiveLogonRight Log on locally.
SeLoadDriverPrivilege Load and unload device drivers.
SeLockMemoryPrivilege Lock pages in memory.
SeMachineAccountPrivilege Add workstations to domain.
SeNetworkLogonRight Access this computer from the network.
SeProfileSingleProcessPrivilege Profile single process.
SeRemoteShutdownPrivilege Force shutdown from a remote system.
SeRestorePrivilege Restore files and directories.
SeSecurityPrivilege Manage auditing and security log.
SeServiceLogonRight Log on as a service.
SeShutdownPrivilege Shut down the system.
SeSystemEnvironmentPrivilege Modify firmware environment values.
SeSystemProfilePrivilege Profile system performance.
SeSystemtimePrivilege Change the system time.
SeTakeOwnershipPrivilege Take ownership of files or other objects.
SeTcbPrivilege Act as part of the operating system.
SeUnsolicitedInputPrivilege Read unsolicited input from a terminal device.

Windows NT Deny Rights

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.