BleepingComputer.com: Edit Local Security Policies Using Command Line

Page 1 of 1

You cannot start a new topic
You cannot reply to this topic

Edit Local Security Policies Using Command Line

#1 DVaD

Member

Group: Members
Posts: 59
Joined: 15-October 09

Posted 06 May 2010 - 03:00 PM

Hi all,

I'm trying to make a batch file to edit a local security policy on XP Pro Machines. Basically what I want to do is edit the run as service policy and add one user to it. so maybe if there is a command that would look something like this

ntsecurity set SeRunAsServiceRight /add Domain\Username

Otherwise if that's not possible, can I edit the registry to do something like that. Like add a Registry entry like

HKEY_LOCAL_MACHINE\Software\Test
"TestValue"="domain\username"

Any help would be amazing.

#2 cryptodan

Bleepin Madman

Group: BC Advisor
Posts: 18,343
Joined: 08-September 08
Gender:Male
Location:Catonsville, Md

Posted 07 May 2010 - 01:03 PM

What would be the end result of such editing?

My work schedule is as follows: Mon and Tues 1800 to 0600, Friday - Sunday 1800EST to 0600, and Wednesday to Thursday 1800est to 0600. So if I do not respond right away I am at work.
----------------
If I am helping you, then Please Send Me a Message!with your thread link in it. This is only if I haven't replied back to you within 24 to 48 hours.
----------------
My Main Site || My Backup Site || steam://friends/add/cryptodan Add me to your Steam Friends.

#3 DVaD

Member

Group: Members
Posts: 59
Joined: 15-October 09

Posted 07 May 2010 - 01:21 PM

Basically I want the script to add a domain user to the local security policy setting on an XP Pro machine. So domain\user added to the Logon as Service local policy. I just need one user added. I need the user added for an application to run properly and I don't want to have to manually do it on a 50 PCs.

#4 cryptodan

Bleepin Madman

Group: BC Advisor
Posts: 18,343
Joined: 08-September 08
Gender:Male
Location:Catonsville, Md

Posted 07 May 2010 - 01:36 PM

I cant find any information on what ntsecurity does, and when i run it on my system I get a file not found error.

#5 DVaD

Member

Group: Members
Posts: 59
Joined: 15-October 09

Posted 07 May 2010 - 01:46 PM

That's because I was just using it as an example. There is NTRIGHTS command in server software that allows you to modify the domain settings I believe, unfortunately that doesn't work on windows xp. At least it doesn't exist on these machines.

#6 cryptodan

Bleepin Madman

Group: BC Advisor
Posts: 18,343
Joined: 08-September 08
Gender:Male
Location:Catonsville, Md

Posted 07 May 2010 - 02:04 PM

Maybe one of these tools: http://www.microsoft.com/downloads/details...;displaylang=en will be able to provide you with the assistance you need?

Pay attention to this one: Srvany.exe: Applications as Services Utility

#7 DVaD

Member

Group: Members
Posts: 59
Joined: 15-October 09

Posted 07 May 2010 - 02:30 PM

The application already runs as a service. What I need is to add a user to the local security policy. The application is setup to use a certain domain user account to access files on the network and write files as well. What I need is for that user to have run as service rights. You can do it manually by opening local security policies. Start > Settings > Control Panel > Administrative Tools > Local Security Policy
Then the setting is located within that by going to Security Settings > Local Policies > User Rights Assignment > Log On As A Service.

The srvany.exe looks more like its creating a service. I already have a service, I need a user to logon to execute the service.

#8 DVaD

Member

Group: Members
Posts: 59
Joined: 15-October 09

Posted 10 May 2010 - 09:33 AM

By the way I looked at that link again and it did have the NTRIGHTS command in it. The only thing I don't like about this is I have to do it all from my PC. Which I guess isn't all that bad. I just would have liked to do it all from the PC locally using a batch file. What ever though this works. Thanks for the help.