Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Edit Local Security Policies Using Command Line


  • Please log in to reply
7 replies to this topic

#1 DVaD

DVaD

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 06 May 2010 - 03:00 PM

Hi all,

I'm trying to make a batch file to edit a local security policy on XP Pro Machines. Basically what I want to do is edit the run as service policy and add one user to it. so maybe if there is a command that would look something like this

[codebox]ntsecurity set SeRunAsServiceRight /add Domain\Username[/codebox]

Otherwise if that's not possible, can I edit the registry to do something like that. Like add a Registry entry like

[codebox]HKEY_LOCAL_MACHINE\Software\Test
"TestValue"="domain\username"[/codebox]

Any help would be amazing.

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:05 PM

Posted 07 May 2010 - 01:03 PM

What would be the end result of such editing?

#3 DVaD

DVaD
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 07 May 2010 - 01:21 PM

Basically I want the script to add a domain user to the local security policy setting on an XP Pro machine. So domain\user added to the Logon as Service local policy. I just need one user added. I need the user added for an application to run properly and I don't want to have to manually do it on a 50 PCs.

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:05 PM

Posted 07 May 2010 - 01:36 PM

I cant find any information on what ntsecurity does, and when i run it on my system I get a file not found error.

#5 DVaD

DVaD
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 07 May 2010 - 01:46 PM

That's because I was just using it as an example. There is NTRIGHTS command in server software that allows you to modify the domain settings I believe, unfortunately that doesn't work on windows xp. At least it doesn't exist on these machines.

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:05 PM

Posted 07 May 2010 - 02:04 PM

Maybe one of these tools: http://www.microsoft.com/downloads/details...;displaylang=en will be able to provide you with the assistance you need?

Pay attention to this one: Srvany.exe: Applications as Services Utility

#7 DVaD

DVaD
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 07 May 2010 - 02:30 PM

The application already runs as a service. What I need is to add a user to the local security policy. The application is setup to use a certain domain user account to access files on the network and write files as well. What I need is for that user to have run as service rights. You can do it manually by opening local security policies. Start > Settings > Control Panel > Administrative Tools > Local Security Policy
Then the setting is located within that by going to Security Settings > Local Policies > User Rights Assignment > Log On As A Service.

The srvany.exe looks more like its creating a service. I already have a service, I need a user to logon to execute the service.

#8 DVaD

DVaD
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 10 May 2010 - 09:33 AM

By the way I looked at that link again and it did have the NTRIGHTS command in it. The only thing I don't like about this is I have to do it all from my PC. Which I guess isn't all that bad. I just would have liked to do it all from the PC locally using a batch file. What ever though this works. Thanks for the help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users