I am trying to view the user privileges using the command prompt in Windows.
User account & User privileges such as:
SeBatchLogonRight
SeDenyBatchLogonRight
SeInteractiveLogonRight
SeDenyInteractiveLogonRight
SeServiceLogonRight
SeDenyServiceLogonRight
SeNetworkLogonRight
SeDenyNetworkLogonRight
I tried using ntrights but it's not working. I can't use any tool as I am trying to create an automated script for an OS audit.
You can use the following commands:
whoami /priv
whoami /all
For more information, check whoami # technet.
Mark Russinovich wrote a terrific tool called AccessChk that lets you get this information from the command line. No installation is necessary.
http://technet.microsoft.com/en-us/sysinternals/bb664922.aspx
For example:
accesschk.exe /accepteula -q -a SeServiceLogonRight
Returns this for me:
IIS APPPOOL\DefaultAppPool
IIS APPPOOL\Classic .NET AppPool
NT SERVICE\ALL SERVICES
By contrast, whoami /priv and whoami /all were missing some entries for me, like SeServiceLogonRight.
I'd start with:
secedit /export /areas USER_RIGHTS /cfg OUTFILE.CFG
Then examine the line for the relevant privilege. However, the problem now is that the accounts are listed as SIDs, not usernames.
Go to command prompt and enter the command,
net user <username>
Will show your local group memberships.
If you're on a domain, use localgroup instead:
net localgroup Administrators or net localgroup [Admin group name]
Check the list of local groups with localgroup on its own.
net localgroup
Use whoami /priv command to list all the user privileges.
Related
I have a Python code that finally generates a file and it should automatically run that file as admin. I did search and found that I should use runas program, but it requires admin password.
Since I have not set any administrator password, so it should not ask for password in order to work.
The script is route add -p IP to change routing table.
There are multiple PCs in the office and all PCs have one user like saeed, david, etc. and administrator of course which has not been used yet.
The command I use is the following that asks for admin password:
C:\Users\Saeed\Desktop> Runas /profile /user:administrator ips.cmd
Enter the password for administrator:
Attempting to start new-ips.cmd as user "DESKTOP-9PR0R3P\administrator" ...
RUNAS ERROR: Unable to run - new-ips.cmd
1326: The user name or password is incorrect.
Is that possible to run run as passwordless?
I should mention that if with my current PC, I right click on ips.cmd and Run As Administrator, it does not prompt any password and runs the file.
Using this command works for me:
powershell.exe "Start-Process powershell -verb runAs"
I have a batch file that creates another user using this code:
net user /add TheAccount passWORD
net localgroup administrators TheAccount /add
And I did this so that my program would later run commands elevated without the UAC popping up, because it could use its own account...
But I hit a roadblock when I noticed that RunAs doesn't allow elevation.
I really need to be able to run a program elevated without any third-party tools that I would have to include.
Thanks in advance.
Thanks for all the help, but I found an answer with Microsoft Psexec.exe with the -h option or the
-s option.
I made an admin account using the following command on the cmd:
net localgroup administrators [username] /add
But now whenever I try to access the cmd it says that either the file has not been found or I don't have permission to access the file.
could you clarify?
Are you:
1) Saying you can't run cmd.exe after logging in as a new user?
(IF so, that sounds like an issue for serverfault)
2) saying that you can't add the User you already created to the local group from the CMD?
(If so, have you Tried right clicking and running the CMD as an administrator?)
3) Saying you are trying to create a user and add it using only this one command?
(If so, you cannot do this. You Must create a user first before you can add it to a group. to create a user at the CMD Prompt, you can use the "Net User" Command such as this:
NET USER [UserName] [password] /ADD
NET Localgroup [GroupName] [UserName] /ADD
e.g. Assuming the user you want to add is named "Joe", and you want the password to be "Abcd1234!" you would use the following:
NET USER Joe Abcd1234! /ADD
NET Localgroup Administrators Joe /ADD
)
4) Some other option?
If one through three the above responses should help.
I'm trying to run this from my win7 CMD (as Admin):
psexec IpAddress -u domain\user -p pword c:\Autobatch\ClientJobSender.exe http://reportserver.net:8070/JobExecutor.asmx c:\AutoBatch\backup\trigger.xml
but am getting a "the system cannot find the file specified" error.
I've also tried it this way:
psexec IpAddress -u domain\user -p pword c:\Autobatch\ClientJobSender.exe http://reportserver.net:8070/JobExecutor.asmx c:\AutoBatch\backup\trigger.xml
but get a unknown user or bad password.
What's weird is that I can connect via Remote desktop with the same IP address and user/pass.
Make sure the server has the settings below:
a) Admin share is enabled: run services.msc and check the Service "Server" is enabled
b) Add the key for the share in the registry and restart:
reg add "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" /v AutoShareServer /t REG_DWORD /d 1
And then use:
psexec \\IpAddress -u domain\user -p pword -w "c:\Autobatch" "ClientJobSender.exe http://reportserver.net:8070/JobExecutor.asmx c:\AutoBatch\backup\trigger.xml"
Actually, I don't see a difference between your 2 command lines. However, the error from the first command is because your syntax is incorrect. You must use
PsExec \\a.b.c.d ...
instead of
PsExec a.b.c.d ...
I got it to work by elevating the local batch file to execute with administrator privileges, that is to say, the terminal window was operating with administrator privileges.
If you're trying to use automation services, you can use the ClientJobSender.exe on the local machine (or on the machine where you set up the scheduling). Just copy the ClientJobSender.exe and the related config file from the install pack to the scheduler server and refer it locally.
You might have the directory path wrong. Try change the .exe path into cmd.exe and cd into your intended path to see if it is actually the correct path.
Is there any single line command for Run As Different User in Windows 7.
I am using following command but then it ask for password
runas /user:USER-NAME "C:\full\path\of\Program.exe"
Is there any way to supply password also in above line ? Actually i am launching application from other application so I don't want any user interaction But in above command it ask user for PASSWORD
PsExec in the MS SysInternals suite:
psexec -user Administrator -p Passwd "xcopy a.xml \\server_over_there\c$\A.xml"
In case the local user is NOT what you need and a specific DOMAIN user is, use:
/user Username in form USER#DOMAIN or DOMAIN\USER
(USER#DOMAIN is not compatible with /netonly)