| delorie.com/archives/browse.cgi | search |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sources.redhat.com/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Message-ID: | <3F66EC0E.1EB2422B@dessent.net> |
| Date: | Tue, 16 Sep 2003 03:55:10 -0700 |
| From: | Brian Dessent <brian AT dessent DOT net> |
| Organization: | My own little world... |
| X-Accept-Language: | en,en-US |
| MIME-Version: | 1.0 |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: Manipulating user privileges (was Re: SSHD, Cygwin and Windows 2003) |
| References: | <1063654188 DOT 1917 DOT 126 DOT camel AT localhost> <20030916101310 DOT GP9981 AT cygbert DOT vinschen DOT de> |
| Note-from-DJ: | This may be spam |
Corinna Vinschen wrote:
> Btw., the ssh-host-config already creates the sshd account, that's easy
> from the command line. But creating a useful sshdproc account as above
> requires to be able to set user privileges like the famous "Create a
> token object" privilege. Does anybody know a way how to do this on the
> command line which would allow ssh-host-config to do the above more or
> less automagically? If such a command line tool doesn't exist as part
> of NT/2K/XP/03, would anybody be willing to create a simple command line
> tool for inclusion in Cygwin? It would be sufficient if that tool could
> manipulate the above user privileges of an already existing user account.
The Resource Kit from MS contains the tool "Ntrights.exe" which looks
like it can do this:
$ ./Ntrights.exe
NTRights.Exe - Beta Version by Georg Zanzen
Grants/Revokes NT-Rights to a user/group
usage: -u xxx User/Group
-m \\xxx machine to perform the operation on (default local
machine)
-e xxxxx Add xxxxx to the event log
-r xxx revokes the xxx right
+r xxx grants the xxx right
valid NTRights are:
SeCreateTokenPrivilege
SeAssignPrimaryTokenPrivilege
SeLockMemoryPrivilege
SeIncreaseQuotaPrivilege
SeUnsolicitedInputPrivilege
SeMachineAccountPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeSystemProfilePrivilege
SeSystemtimePrivilege
SeProfileSingleProcessPrivilege
SeIncreaseBasePriorityPrivilege
SeCreatePagefilePrivilege
SeCreatePermanentPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeShutdownPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeChangeNotifyPrivilege
SeRemoteShutdownPrivilege
I don't know exactly what the license or distribution policy is for
resource kit tools. Microsoft wants you to buy their "Admin Pack" or
whatever it's called with all the tools on CD. They offer some of them
on their site for download at
<http://www.microsoft.com/windows2000/techinfo/reskit/tools/default.asp>,
however you can find the the omitted ones like Ntrights.exe at other
places like <http://www.petri.co.il/download_free_reskit_tools.htm>. As
far as inclusion with Cygwin, I have no idea if that would be legit or
not.
Brian
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |