In tip 1891, we introduced Whoami.
RIGHTS.BAT uses Whoami to set the RGHT environment variable with the 23 user rights.
You can store the Username and %RGHT% in a network share, for subsequent production of a rights report, or you can test for a right and take an action based upon its' state.
Example - To test if the user has the right to change the system time:
call right
if "%RGHT:~2,1%"
@echo off setlocal For /f "Tokens=1-2 Delims
" %%i in ('whoami /priv') do call :parse %%i %%j endlocal & set RGHT=%R01%%R02%%R03%%R04%%R05%%R06%%R07%%R08%%R09%%R10%%R11%%R12%%R13%%R14%%R15%%R16%%R17%%R18%%R19%%R20%%R21%%R22%%R23%&goto end :parse set onoff=%1 set onoff=%onoff:~1,1% if "%2"
"SeMachineAccountPrivilege" set R01=%onoff%&goto end if "%2"
"SeBackupPrivilege" set R02=%onoff%&goto end if "%2"
"SeSystemtimePrivilege" set R03=%onoff%&goto end if "%2"
"SeCreatePagefilePrivilege" set R04=%onoff%&goto end if "%2"
"SeCreatePermanentPrivilege" set R05=%onoff%&goto end if "%2"
"SeDebugPrivilege" set R06=%onoff%&goto end if "%2"
"SeRemoteShutdownPrivilege" set R07=%onoff%&goto end if "%2"
"SeAuditPrivilege" set R08=%onoff%&goto end if "%2"
"SeIncreaseQuotaPrivilege" set R09=%onoff%&goto end if "%2"
"SeIncreaseBasePriorityPrivilege" set R10=%onoff%&goto end if "%2"
"SeLoadDriverPrivilege" set R11=%onoff%&goto end if "%2"
"SeLockMemoryPrivilege" set R12=%onoff%&goto end if "%2"
"SeSecurityPrivilege" set R13=%onoff%&goto end if "%2"
"SeSystemEnvironmentPrivilege" set R14=%onoff%&goto end if "%2"
"SeProfileSingleProcessPrivilege" set R15=%onoff%&goto end if "%2"
"SeSystemProfilePrivilege" set R16=%onoff%&goto end if "%2"
"SeAssignPrimaryTokenPrivilege" set R17=%onoff%&goto end if "%2"
"SeRestorePrivilege" set R18=%onoff%&goto end if "%2"
"SeShutdownPrivilege" set R19=%onoff%&goto end if "%2"
"SeTakeOwnershipPrivilege" set R20=%onoff%&goto end if "%2"
"SeCreateTokenPrivilege" set R21=%onoff%&goto end if "%2"
"SeTcbPrivilege" set R22=%onoff%&goto end if "%2"=="SeChangeNotifyPrivilege" set R23=%onoff%&goto end goto end R01= Add workstations to domain R02= Back up files and directories R03= Change the system time R04= Create a pagefile R05= Create permanent shared objects R06= Debug programs R07= Force shutdown from a remote system R08= Generate security audits R09= Increase quotas R10= Increase scheduling priority R11= Load and unload device drivers R12= Lock pages in memory R13= Manage auditing and security log R14= Modify firmware environment values R15= Profile single process R16= Profile system performance R17= Replace a process level token R18= Restore files and directories R19= Shut down the system R20= Take ownership of files or other objects R21= Create a token object R22= Act as part of the operating system R23= Bypass traverse checking :end