Re: WMI privilege enumeration

From: Torgeir Bakken \(MVP\) (Torgeir.Bakken-spam_at_hydro.com)
Date: 10/07/05

• Next message: S. Pidgorny : "Re: ldap security"
• Previous message: John_2001: "Updating Ad-Aware SE Personal i SpyBot S&D from command line?"
• Next in thread: Peter: "Re: WMI privilege enumeration"
• Maybe reply: Peter: "Re: WMI privilege enumeration"
• Maybe reply: Roger Abell [MVP]: "Re: WMI privilege enumeration"
• Maybe reply: Torgeir Bakken \(MVP\): "Re: WMI privilege enumeration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 07 Oct 2005 10:53:49 +0200

AndyL wrote:
> Hi,
> has anyone a idea, how to enumerate the effective user
> privileges of a system?
Hi,

If you mean user privileges like "Log On Locally" etc., you cannot
obtain this information with WMI.

The free DumpSec utility (formerly known as DumpAcl) is an option:

From: "Ato Bisda" <atobi...@gmail.com>
Subject: Re: Local Group Policy
Date: Mon, 20 Jun 2005 08:36:57 -0400
Message-ID: <us#JETZdFHA.3492@TK2MSFTNGP14.phx.gbl>
Newsgroups: microsoft.public.windows.server.scripting

<quote>
Hello,

I use an external program called DUMPACL (www.somarsoft.com) for this
purpose.

DUMPACL can be invoked from a command line to generate a CSV file of
user rights.

The syntax looks something like the following:

    dumpacl /rpt=rights /saveas=csv /outfile=rights.csv /computer=hostname

You can run dumpacl from either a RUN or EXEC shell in VBScript and
then parse the resulting CSV file. The "Log On Locally" privilege will
show up as "SeInteractiveLogonRight".

HTH,
Ato

</quote>

-- 
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx

---

• Next message: S. Pidgorny : "Re: ldap security"
• Previous message: John_2001: "Updating Ad-Aware SE Personal i SpyBot S&D from command line?"
• Next in thread: Peter: "Re: WMI privilege enumeration"
• Maybe reply: Peter: "Re: WMI privilege enumeration"
• Maybe reply: Roger Abell [MVP]: "Re: WMI privilege enumeration"
• Maybe reply: Torgeir Bakken \(MVP\): "Re: WMI privilege enumeration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Enumerating LSA ... logon as a batch job ... I use an external program called DUMPACL for this ... then parse the resulting CSV file. ... torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway ... (microsoft.public.windowsxp.wmi) Re: Local Group Policy ... DUMPACL can be invoked from a command line to generate a CSV file of user rights. ... You can run dumpacl from either a RUN or EXEC shell in VBScript and then parse the ... torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway ... (microsoft.public.windows.server.scripting) Re: Venting on .NET ... > I consider the fact that these technologies execute with the privileges of the logged-in ... > on, if not already into, the level of criminal irresponsibility. ... Sites that use client-side scripting should be thought of as being ... > MVP Tips: http://www.flounder.com/mvp_tips.htm ... (microsoft.public.vc.mfc) Re: WMI privilege enumeration ... > I think they only way to enumerate local settings is to use the native C ... Subject: Local Group Policy ... I use an external program called DUMPACL for this ... -- torgeir, Microsoft MVP Scripting, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: ... (microsoft.public.security) Re: User Rights and Privileges ... how about scripting the whole database with userpermissions selected? ... > I am trying to get all users into appropriate groups to avoid having ... > many users with same privileges or many groups which basically have ... > Is there an easy way or a script to collect all database users and the ... (microsoft.public.sqlserver.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)