The Windows 2000 Server Resource Kit Supplement One contains Showpriv.exe, a new
command-line tool that displays the users and group that have been granted a specified privilege.
The tool, which must be run locally, works on Windows 2000 and Windows NT 4.0.
The syntax is:
showpriv privilege
where privilege is one of the following case sensitive parameters:
SeTcbPrivilege SeMachineAccountPrivilege SeBackupPrivilege SeChangeNotifyPrivilege SeSystemTimePrivilege SeCreatePagefilePrivilege SeCreateTokenPrivilege SeCreatePermanentPrivilege SeDebugPrivilege SeEnableDelegationPrivilege SeRemoteShutdownPrivilege SeAuditPrivilege SeIncreaseQuotaPrivilege SeIncreaseBasePriorityPrivilege SeLoadDriverPrivilege SeLockMemoryPrivilege SeSystemEnvironmentPrivilege SeProfileSingleProcessPrivilege SeSystemProfilePrivilege SeUndockPrivilege SeAssignPrimaryTokenPrivilege SeRestorePrivilege SeShutdownPrivilege SeSyncAgentPrivilege SeTakeOwnershipPrivilege SeSecurityPrivilegeSince this tool is privilege based, I have scripted a report to show ALL the privileges assigned to users and groups. ShowRights.bat has no parameters, and will generate a report file, ShowRights.txt, in the current folder. The report will look similar to the following:
Account Privilege
----------------------------------------------------------------------
BUILTIN\Administrators SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeBackupPrivilege
...
SeTcbPrivilege
SeUndockPrivilege
----------------------------------------------------------------------
BUILTIN\Backup Operators SeBackupPrivilege
SeRestorePrivilege
----------------------------------------------------------------------
Everyone SeChangeNotifyPrivilege
----------------------------------------------------------------------
JSI005\Jerry SeBackupPrivilege
----------------------------------------------------------------------
ShowRights.bat contains:
@echo off
setlocal
if exist %TEMP%\ShowRights.tmp del /q %TEMP%\ShowRights.tmp
if exist %TEMP%\ShowRights.tmp1 del /q %TEMP%\ShowRights.tmp1
for /f "Tokens=*" %%i in ('showpriv SeTcbPrivilege') do call :parse "%%i"
for /f "Tokens=*" %%i in ('showpriv SeMachineAccountPrivilege') do call :parse "%%i"
for /f "Tokens=*" %%i in ('showpriv SeBackupPrivilege') do call :parse "%%i"
for /f "Tokens=*" %%i in ('showpriv SeChangeNotifyPrivilege') do call :parse "%%i"
for /f "Tokens=*" %%i in ('showpriv SeSystemTimePrivilege') do call :parse "%%i"
for /f "Tokens=*" %%i in ('showpriv SeCreatePagefilePrivilege') do call :parse "%%i"
for /f "Tokens=*" %%i in ('showpriv SeCreateTokenPrivilege') do call :parse "%%i"
for /f "Tokens=*" %%i in ('showpriv SeCreatePermanentPrivilege') do call :parse "%%i"
for /f "Tokens=*" %%i in ('showpriv SeDebugPrivilege') do call :parse "%%i"
for /f "Tokens=*" %%i in ('showpriv SeEnableDelegationPrivilege') do call :parse "%%i"
for /f "Tokens=*" %%i in ('showpriv SeRemoteShutdownPrivilege') do call :parse "%%i"
for /f "Tokens=*" %%i in ('showpriv SeAuditPrivilege') do call :parse "%%i"
for /f "Tokens=*" %%i in ('showpriv SeIncreaseQuotaPrivilege') do call :parse "%%i"
for /f "Tokens=*" %%i in ('showpriv SeIncreaseBasePriorityPrivilege') do call :parse "%%i"
for /f "Tokens=*" %%i in ('showpriv SeLoadDriverPrivilege') do call :parse "%%i"
for /f "Tokens=*" %%i in ('showpriv SeLockMemoryPrivilege') do call :parse "%%i"
for /f "Tokens=*" %%i in ('showpriv SeSystemEnvironmentPrivilege') do call :parse "%%i"
for /f "Tokens=*" %%i in ('showpriv SeProfileSingleProcessPrivilege') do call :parse "%%i"
for /f "Tokens=*" %%i in ('showpriv SeSystemProfilePrivilege') do call :parse "%%i"
for /f "Tokens=*" %%i in ('showpriv SeUndockPrivilege') do call :parse "%%i"
for /f "Tokens=*" %%i in ('showpriv SeAssignPrimaryTokenPrivilege') do call :parse "%%i"
for /f "Tokens=*" %%i in ('showpriv SeRestorePrivilege') do call :parse "%%i"
for /f "Tokens=*" %%i in ('showpriv SeShutdownPrivilege') do call :parse "%%i"
for /f "Tokens=*" %%i in ('showpriv SeSyncAgentPrivilege') do call :parse "%%i"
for /f "Tokens=*" %%i in ('showpriv SeTakeOwnershipPrivilege') do call :parse "%%i"
for /f "Tokens=*" %%i in ('showpriv SeSecurityPrivilege') do call :parse "%%i"
sort %TEMP%\ShowRights.tmp /O %TEMP%\ShowRights.tmp1
del /q %TEMP%\ShowRights.tmp
set prevacct= ##
set prevacct=%prevacct:~0,40%
set blank=%prevacct%
set under=----------------------------------------------------------------------
@echo Account Privilege>ShowRights.txt
for /f "Tokens=*" %%i in (%TEMP%\ShowRights.tmp1) do call :parse1 "%%i"
del /q %TEMP%\ShowRights.tmp1
endlocal
goto end
:parse
set line=%1
set line=%line:"=%
set line=%line:)=%
if "%line:~0,23%" EQU "All accounts enumerated" goto end
if "%line:~0,38%" EQU "The specified privilege does not exist" goto end
if "%line:~0,1%" GTR "9" goto acct
if "%line:~0,1%" EQU "\" set line=%line:\=%&goto acct
if "%line:~0,1%" EQU "0" goto end
for /f "Tokens=5" %%j in ('@echo %line%') do set priv=%%j
set priv=%priv% ##
goto end
:acct
set line=%line% ##
set account=%line:~0,40%
set privs=%priv:~0,32%
@echo %account%%privs%>>%temp%\ShowRights.tmp
goto end
:parse1
set line=%1
set line=%line:"=%
set account=%line:~0,40%
set privs=%line:~40,32%
if "%prevacct%" EQU "%account%" goto prtb
@echo %under%>>ShowRights.txt
@echo %account%%privs%>>ShowRights.txt
set prevacct=%account%
goto end
:prtb
@echo %blank%%privs%>>ShowRights.txt
:end
0 comments
Hide comments
