Re: WMI privilege enumeration
From: Torgeir Bakken \(MVP\) (Torgeir.Bakken-spam_at_hydro.com)
Date: 10/09/05
- Previous message: Steven L Umbach: "Re: Local Security rights Windows Server 2003"
- Maybe in reply to: Torgeir Bakken \(MVP\): "Re: WMI privilege enumeration"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 09 Oct 2005 16:38:28 +0200
AndyL wrote:
> Yes of course, but the rsop wmi classes return only paramters which are
> defined in the group policy of the Active directory container, it doesn't
> return local values or parameters which are not defined in the GP :-(
>
> I think they only way to enumerate local settings is to use the native C
> LSA-API. Or does anyone has a another idea?
>
Hi,
Instead of programming your own utility using the LSA-API, you can use
the free DumpSec utility (formerly known as DumpAcl):
From: "Ato Bisda" <atobi...@gmail.com>
Subject: Re: Local Group Policy
Date: Mon, 20 Jun 2005 08:36:57 -0400
Message-ID: <us#JETZdFHA.3492@TK2MSFTNGP14.phx.gbl>
Newsgroups: microsoft.public.windows.server.scripting
<quote>
Hello,
I use an external program called DUMPACL (www.somarsoft.com) for this
purpose.
DUMPACL can be invoked from a command line to generate a CSV file of
user rights.
The syntax looks something like the following:
dumpacl /rpt=rights /saveas=csv /outfile=rights.csv /computer=hostname
You can run dumpacl from either a RUN or EXEC shell in VBScript and
then parse the resulting CSV file. The "Log On Locally" privilege will
show up as "SeInteractiveLogonRight".
HTH,
Ato
</quote>
-- torgeir, Microsoft MVP Scripting, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/scriptcenter/default.mspx
- Previous message: Steven L Umbach: "Re: Local Security rights Windows Server 2003"
- Maybe in reply to: Torgeir Bakken \(MVP\): "Re: WMI privilege enumeration"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
