JSI Tip 1895. Enumerate user rights in a logon script.


In tip 1891, we introduced Whoami.

RIGHTS.BAT uses Whoami to set the RGHT environment variable with the 23 user rights.

You can store the Username and %RGHT% in a network share, for subsequent production of a rights report, or you can test for a right and take an action based upon its' state.

Example - To test if the user has the right to change the system time:

call right
if "%RGHT:~2,1%"

"O" @echo Yes

NOTE: We can see from the script that the right to change system time is R03.
The general form of the expression is %RGHT:~(Rnn - 1),1%.

RIGHT.BAT contains:

@echo off
setlocal
For /f "Tokens=1-2 Delims

" %%i in ('whoami /priv') do call :parse %%i %%j endlocal & set RGHT=%R01%%R02%%R03%%R04%%R05%%R06%%R07%%R08%%R09%%R10%%R11%%R12%%R13%%R14%%R15%%R16%%R17%%R18%%R19%%R20%%R21%%R22%%R23%&goto end :parse set onoff=%1 set onoff=%onoff:~1,1% if "%2"

"SeMachineAccountPrivilege" set R01=%onoff%&goto end if "%2"

"SeBackupPrivilege" set R02=%onoff%&goto end if "%2"

"SeSystemtimePrivilege" set R03=%onoff%&goto end if "%2"

"SeCreatePagefilePrivilege" set R04=%onoff%&goto end if "%2"

"SeCreatePermanentPrivilege" set R05=%onoff%&goto end if "%2"

"SeDebugPrivilege" set R06=%onoff%&goto end if "%2"

"SeRemoteShutdownPrivilege" set R07=%onoff%&goto end if "%2"

"SeAuditPrivilege" set R08=%onoff%&goto end if "%2"

"SeIncreaseQuotaPrivilege" set R09=%onoff%&goto end if "%2"

"SeIncreaseBasePriorityPrivilege" set R10=%onoff%&goto end if "%2"

"SeLoadDriverPrivilege" set R11=%onoff%&goto end if "%2"

"SeLockMemoryPrivilege" set R12=%onoff%&goto end if "%2"

"SeSecurityPrivilege" set R13=%onoff%&goto end if "%2"

"SeSystemEnvironmentPrivilege" set R14=%onoff%&goto end if "%2"

"SeProfileSingleProcessPrivilege" set R15=%onoff%&goto end if "%2"

"SeSystemProfilePrivilege" set R16=%onoff%&goto end if "%2"

"SeAssignPrimaryTokenPrivilege" set R17=%onoff%&goto end if "%2"

"SeRestorePrivilege" set R18=%onoff%&goto end if "%2"

"SeShutdownPrivilege" set R19=%onoff%&goto end if "%2"

"SeTakeOwnershipPrivilege" set R20=%onoff%&goto end if "%2"

"SeCreateTokenPrivilege" set R21=%onoff%&goto end if "%2"

"SeTcbPrivilege" set R22=%onoff%&goto end if "%2"=="SeChangeNotifyPrivilege" set R23=%onoff%&goto end goto end R01= Add workstations to domain R02= Back up files and directories R03= Change the system time R04= Create a pagefile R05= Create permanent shared objects R06= Debug programs R07= Force shutdown from a remote system R08= Generate security audits R09= Increase quotas R10= Increase scheduling priority R11= Load and unload device drivers R12= Lock pages in memory R13= Manage auditing and security log R14= Modify firmware environment values R15= Profile single process R16= Profile system performance R17= Replace a process level token R18= Restore files and directories R19= Shut down the system R20= Take ownership of files or other objects R21= Create a token object R22= Act as part of the operating system R23= Bypass traverse checking :end
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish