Local Security Policy / NTRights / Script

Archived from groups: microsoft.public.win2000.group_policy,microsoft.public.scripting.wsh (More info?)

Does anyone know of any way to inspect a machine's local security policy
setting remotely and or programatically? Ideallym, this would be some sort
of WMI call.

Specifically, I know you can set a LSP with the NTRights.exe res kit
utility. BUT, this can't talk to a remote machine nor can it just dump the
current settings. Rather than set a LSP, I want to just look at it.

Even better would be some WMI way to get at a particular local security
policy like "log on locally" or "access this computer from the network",
etc.

TIA.
--> A.J. Fried
7 answers Last reply
More about local security policy ntrights script
  1. Archived from groups: microsoft.public.win2000.group_policy,microsoft.public.scripting.wsh (More info?)

    try Dumpsec (www.somarsoft.com). it is easy, free, and can be used remotely.
    This will get almost everything from the local security policy list, just
    not in the same format.

    --
    Derek Melber
    BrainCore.Net
    derekm@braincore.net
    "A.J. Fried" <ajfried@yahoo.com> wrote in message
    news:Xns94C67896111DDajfried@216.196.97.132...
    > Does anyone know of any way to inspect a machine's local security policy
    > setting remotely and or programatically? Ideallym, this would be some
    sort
    > of WMI call.
    >
    > Specifically, I know you can set a LSP with the NTRights.exe res kit
    > utility. BUT, this can't talk to a remote machine nor can it just dump
    the
    > current settings. Rather than set a LSP, I want to just look at it.
    >
    > Even better would be some WMI way to get at a particular local security
    > policy like "log on locally" or "access this computer from the network",
    > etc.
    >
    > TIA.
    > --> A.J. Fried
  2. Archived from groups: microsoft.public.win2000.group_policy,microsoft.public.scripting.wsh (More info?)

    DumpSec ... what a good idea. BUT... It doesn't actually show all of
    the rights and of course the ones I want are missing! Namely, deny
    log on local and deny access to this computer from the network
    (SeDenyInteractiveLogonRight and SeDenyNetworkLogonRight). Damn.

    Alsom I really want to a way to script the dumping so I can automate.
    DumpSec was a good idea though. Thanks.

    "Derek Melber [MVP]" <derekm@braincore.net> wrote in message news:<O6DoD3lHEHA.3276@TK2MSFTNGP09.phx.gbl>...
    > try Dumpsec (www.somarsoft.com). it is easy, free, and can be used remotely.
    > This will get almost everything from the local security policy list, just
    > not in the same format.
    >
    > --
    > Derek Melber
    > BrainCore.Net
    > derekm@braincore.net
    > "A.J. Fried" <ajfried@yahoo.com> wrote in message
    > news:Xns94C67896111DDajfried@216.196.97.132...
    > > Does anyone know of any way to inspect a machine's local security policy
    > > setting remotely and or programatically? Ideallym, this would be some
    > sort
    > > of WMI call.
    > >
    > > Specifically, I know you can set a LSP with the NTRights.exe res kit
    > > utility. BUT, this can't talk to a remote machine nor can it just dump
    > the
    > > current settings. Rather than set a LSP, I want to just look at it.
    > >
    > > Even better would be some WMI way to get at a particular local security
    > > policy like "log on locally" or "access this computer from the network",
    > > etc.
    > >
    > > TIA.
    > > --> A.J. Fried
  3. Archived from groups: microsoft.public.win2000.group_policy,microsoft.public.scripting.wsh (More info?)

    A.J.-

    have you attempted any WMI scripts? If you need help with the "syntax" or
    the variables, go download scriptomatic from Microsoft.

    --
    Derek Melber
    BrainCore.Net
    derekm@braincore.net
    "A.J. Fried" <ajfried@yahoo.com> wrote in message
    news:234832c6.0404091340.222fe5ec@posting.google.com...
    > DumpSec ... what a good idea. BUT... It doesn't actually show all of
    > the rights and of course the ones I want are missing! Namely, deny
    > log on local and deny access to this computer from the network
    > (SeDenyInteractiveLogonRight and SeDenyNetworkLogonRight). Damn.
    >
    > Alsom I really want to a way to script the dumping so I can automate.
    > DumpSec was a good idea though. Thanks.
    >
    > "Derek Melber [MVP]" <derekm@braincore.net> wrote in message
    news:<O6DoD3lHEHA.3276@TK2MSFTNGP09.phx.gbl>...
    > > try Dumpsec (www.somarsoft.com). it is easy, free, and can be used
    remotely.
    > > This will get almost everything from the local security policy list,
    just
    > > not in the same format.
    > >
    > > --
    > > Derek Melber
    > > BrainCore.Net
    > > derekm@braincore.net
    > > "A.J. Fried" <ajfried@yahoo.com> wrote in message
    > > news:Xns94C67896111DDajfried@216.196.97.132...
    > > > Does anyone know of any way to inspect a machine's local security
    policy
    > > > setting remotely and or programatically? Ideallym, this would be some
    > > sort
    > > > of WMI call.
    > > >
    > > > Specifically, I know you can set a LSP with the NTRights.exe res kit
    > > > utility. BUT, this can't talk to a remote machine nor can it just
    dump
    > > the
    > > > current settings. Rather than set a LSP, I want to just look at it.
    > > >
    > > > Even better would be some WMI way to get at a particular local
    security
    > > > policy like "log on locally" or "access this computer from the
    network",
    > > > etc.
    > > >
    > > > TIA.
    > > > --> A.J. Fried
  4. Archived from groups: microsoft.public.win2000.group_policy,microsoft.public.scripting.wsh (More info?)

    I have not been able to find anyhting in WMI that will return the info
    I want - specifically, the values of local security policies (like
    "deny log on locally", etc.). If you can point me to the right place,
    that would be excellent! Thanks. --> A.J. Fried


    "Derek Melber [MVP]" <derekm@braincore.net> wrote in message news:<evFGB1nHEHA.3820@tk2msftngp13.phx.gbl>...
    > A.J.-
    >
    > have you attempted any WMI scripts? If you need help with the "syntax" or
    > the variables, go download scriptomatic from Microsoft.
    >
    > --
    > Derek Melber
    > BrainCore.Net
    > derekm@braincore.net
    > "A.J. Fried" <ajfried@yahoo.com> wrote in message
    > news:234832c6.0404091340.222fe5ec@posting.google.com...
    > > DumpSec ... what a good idea. BUT... It doesn't actually show all of
    > > the rights and of course the ones I want are missing! Namely, deny
    > > log on local and deny access to this computer from the network
    > > (SeDenyInteractiveLogonRight and SeDenyNetworkLogonRight). Damn.
    > >
    > > Alsom I really want to a way to script the dumping so I can automate.
    > > DumpSec was a good idea though. Thanks.
    > >
    > > "Derek Melber [MVP]" <derekm@braincore.net> wrote in message
    > news:<O6DoD3lHEHA.3276@TK2MSFTNGP09.phx.gbl>...
    > > > try Dumpsec (www.somarsoft.com). it is easy, free, and can be used
    > remotely.
    > > > This will get almost everything from the local security policy list,
    > just
    > > > not in the same format.
    > > >
    > > > --
    > > > Derek Melber
    > > > BrainCore.Net
    > > > derekm@braincore.net
    > > > "A.J. Fried" <ajfried@yahoo.com> wrote in message
    > > > news:Xns94C67896111DDajfried@216.196.97.132...
    > > > > Does anyone know of any way to inspect a machine's local security
    > policy
    > > > > setting remotely and or programatically? Ideallym, this would be some
    > sort
    > > > > of WMI call.
    > > > >
    > > > > Specifically, I know you can set a LSP with the NTRights.exe res kit
    > > > > utility. BUT, this can't talk to a remote machine nor can it just
    > dump
    > the
    > > > > current settings. Rather than set a LSP, I want to just look at it.
    > > > >
    > > > > Even better would be some WMI way to get at a particular local
    > security
    > > > > policy like "log on locally" or "access this computer from the
    > network",
    > > > > etc.
    > > > >
    > > > > TIA.
    > > > > --> A.J. Fried
  5. Archived from groups: microsoft.public.win2000.group_policy,microsoft.public.scripting.wsh (More info?)

    Try to look in scriptomatic from Microsoft. it will show you all of the
    variables you can query with WMI (or at least a good percentage of the
    overall list). Let me know if you find it in there.

    --
    Derek Melber
    BrainCore.Net
    derekm@braincore.net
    "A.J. Fried" <ajfried@yahoo.com> wrote in message
    news:234832c6.0404140852.7e40bdea@posting.google.com...
    > I have not been able to find anyhting in WMI that will return the info
    > I want - specifically, the values of local security policies (like
    > "deny log on locally", etc.). If you can point me to the right place,
    > that would be excellent! Thanks. --> A.J. Fried
    >
    >
    > "Derek Melber [MVP]" <derekm@braincore.net> wrote in message
    news:<evFGB1nHEHA.3820@tk2msftngp13.phx.gbl>...
    > > A.J.-
    > >
    > > have you attempted any WMI scripts? If you need help with the "syntax"
    or
    > > the variables, go download scriptomatic from Microsoft.
    > >
    > > --
    > > Derek Melber
    > > BrainCore.Net
    > > derekm@braincore.net
    > > "A.J. Fried" <ajfried@yahoo.com> wrote in message
    > > news:234832c6.0404091340.222fe5ec@posting.google.com...
    > > > DumpSec ... what a good idea. BUT... It doesn't actually show all of
    > > > the rights and of course the ones I want are missing! Namely, deny
    > > > log on local and deny access to this computer from the network
    > > > (SeDenyInteractiveLogonRight and SeDenyNetworkLogonRight). Damn.
    > > >
    > > > Alsom I really want to a way to script the dumping so I can automate.
    > > > DumpSec was a good idea though. Thanks.
    > > >
    > > > "Derek Melber [MVP]" <derekm@braincore.net> wrote in message
    > > news:<O6DoD3lHEHA.3276@TK2MSFTNGP09.phx.gbl>...
    > > > > try Dumpsec (www.somarsoft.com). it is easy, free, and can be used
    > > remotely.
    > > > > This will get almost everything from the local security policy list,
    > > just
    > > > > not in the same format.
    > > > >
    > > > > --
    > > > > Derek Melber
    > > > > BrainCore.Net
    > > > > derekm@braincore.net
    > > > > "A.J. Fried" <ajfried@yahoo.com> wrote in message
    > > > > news:Xns94C67896111DDajfried@216.196.97.132...
    > > > > > Does anyone know of any way to inspect a machine's local security
    > > policy
    > > > > > setting remotely and or programatically? Ideallym, this would be
    some
    > > sort
    > > > > > of WMI call.
    > > > > >
    > > > > > Specifically, I know you can set a LSP with the NTRights.exe res
    kit
    > > > > > utility. BUT, this can't talk to a remote machine nor can it just
    > > dump
    > > the
    > > > > > current settings. Rather than set a LSP, I want to just look at
    it.
    > > > > >
    > > > > > Even better would be some WMI way to get at a particular local
    > > security
    > > > > > policy like "log on locally" or "access this computer from the
    > > network",
    > > > > > etc.
    > > > > >
    > > > > > TIA.
    > > > > > --> A.J. Fried
  6. Archived from groups: microsoft.public.win2000.group_policy,microsoft.public.scripting.wsh (More info?)

    I looked at scriptomatic. It doesnt have anything about local
    security policies. Any other ideas?

    "Derek Melber [MVP]" <derekm@braincore.net> wrote in message news:<u$RY9ElIEHA.3720@tk2msftngp13.phx.gbl>...
    > Try to look in scriptomatic from Microsoft. it will show you all of the
    > variables you can query with WMI (or at least a good percentage of the
    > overall list). Let me know if you find it in there.
    >
    > --
    > Derek Melber
    > BrainCore.Net
    > derekm@braincore.net
    > "A.J. Fried" <ajfried@yahoo.com> wrote in message
    > news:234832c6.0404140852.7e40bdea@posting.google.com...
    > > I have not been able to find anyhting in WMI that will return the info
    > > I want - specifically, the values of local security policies (like
    > > "deny log on locally", etc.). If you can point me to the right place,
    > > that would be excellent! Thanks. --> A.J. Fried
    > >
    > >
    > > "Derek Melber [MVP]" <derekm@braincore.net> wrote in message
    > news:<evFGB1nHEHA.3820@tk2msftngp13.phx.gbl>...
    > > > A.J.-
    > > >
    > > > have you attempted any WMI scripts? If you need help with the "syntax"
    > or
    > > > the variables, go download scriptomatic from Microsoft.
    > > >
    > > > --
    > > > Derek Melber
    > > > BrainCore.Net
    > > > derekm@braincore.net
    > > > "A.J. Fried" <ajfried@yahoo.com> wrote in message
    > > > news:234832c6.0404091340.222fe5ec@posting.google.com...
    > > > > DumpSec ... what a good idea. BUT... It doesn't actually show all of
    > > > > the rights and of course the ones I want are missing! Namely, deny
    > > > > log on local and deny access to this computer from the network
    > > > > (SeDenyInteractiveLogonRight and SeDenyNetworkLogonRight). Damn.
    > > > >
    > > > > Alsom I really want to a way to script the dumping so I can automate.
    > > > > DumpSec was a good idea though. Thanks.
    > > > >
    > > > > "Derek Melber [MVP]" <derekm@braincore.net> wrote in message
    > news:<O6DoD3lHEHA.3276@TK2MSFTNGP09.phx.gbl>...
    > > > > > try Dumpsec (www.somarsoft.com). it is easy, free, and can be used
    > remotely.
    > > > > > This will get almost everything from the local security policy list,
    > just
    > > > > > not in the same format.
    > > > > >
    > > > > > --
    > > > > > Derek Melber
    > > > > > BrainCore.Net
    > > > > > derekm@braincore.net
    > > > > > "A.J. Fried" <ajfried@yahoo.com> wrote in message
    > > > > > news:Xns94C67896111DDajfried@216.196.97.132...
    > > > > > > Does anyone know of any way to inspect a machine's local security
    > policy
    > > > > > > setting remotely and or programatically? Ideallym, this would be
    > some
    > sort
    > > > > > > of WMI call.
    > > > > > >
    > > > > > > Specifically, I know you can set a LSP with the NTRights.exe res
    > kit
    > > > > > > utility. BUT, this can't talk to a remote machine nor can it just
    > > > dump
    > > > the
    > > > > > > current settings. Rather than set a LSP, I want to just look at
    > it.
    > > > > > >
    > > > > > > Even better would be some WMI way to get at a particular local
    > security
    > > > > > > policy like "log on locally" or "access this computer from the
    > network",
    > > > > > > etc.
    > > > > > >
    > > > > > > TIA.
    > > > > > > --> A.J. Fried
  7. Archived from groups: microsoft.public.win2000.group_policy,microsoft.public.scripting.wsh (More info?)

    have you tried to use the secedit command with the /analyze switch?

    --
    Derek Melber
    BrainCore.Net
    derekm@braincore.net
    "A.J. Fried" <ajfried@yahoo.com> wrote in message
    news:234832c6.0404150944.4f412865@posting.google.com...
    > I looked at scriptomatic. It doesnt have anything about local
    > security policies. Any other ideas?
    >
    > "Derek Melber [MVP]" <derekm@braincore.net> wrote in message
    news:<u$RY9ElIEHA.3720@tk2msftngp13.phx.gbl>...
    > > Try to look in scriptomatic from Microsoft. it will show you all of the
    > > variables you can query with WMI (or at least a good percentage of the
    > > overall list). Let me know if you find it in there.
    > >
    > > --
    > > Derek Melber
    > > BrainCore.Net
    > > derekm@braincore.net
    > > "A.J. Fried" <ajfried@yahoo.com> wrote in message
    > > news:234832c6.0404140852.7e40bdea@posting.google.com...
    > > > I have not been able to find anyhting in WMI that will return the info
    > > > I want - specifically, the values of local security policies (like
    > > > "deny log on locally", etc.). If you can point me to the right place,
    > > > that would be excellent! Thanks. --> A.J. Fried
    > > >
    > > >
    > > > "Derek Melber [MVP]" <derekm@braincore.net> wrote in message
    > > news:<evFGB1nHEHA.3820@tk2msftngp13.phx.gbl>...
    > > > > A.J.-
    > > > >
    > > > > have you attempted any WMI scripts? If you need help with the
    "syntax"
    > > or
    > > > > the variables, go download scriptomatic from Microsoft.
    > > > >
    > > > > --
    > > > > Derek Melber
    > > > > BrainCore.Net
    > > > > derekm@braincore.net
    > > > > "A.J. Fried" <ajfried@yahoo.com> wrote in message
    > > > > news:234832c6.0404091340.222fe5ec@posting.google.com...
    > > > > > DumpSec ... what a good idea. BUT... It doesn't actually show all
    of
    > > > > > the rights and of course the ones I want are missing! Namely,
    deny
    > > > > > log on local and deny access to this computer from the network
    > > > > > (SeDenyInteractiveLogonRight and SeDenyNetworkLogonRight). Damn.
    > > > > >
    > > > > > Alsom I really want to a way to script the dumping so I can
    automate.
    > > > > > DumpSec was a good idea though. Thanks.
    > > > > >
    > > > > > "Derek Melber [MVP]" <derekm@braincore.net> wrote in message
    > > news:<O6DoD3lHEHA.3276@TK2MSFTNGP09.phx.gbl>...
    > > > > > > try Dumpsec (www.somarsoft.com). it is easy, free, and can be
    used
    > > remotely.
    > > > > > > This will get almost everything from the local security policy
    list,
    > > just
    > > > > > > not in the same format.
    > > > > > >
    > > > > > > --
    > > > > > > Derek Melber
    > > > > > > BrainCore.Net
    > > > > > > derekm@braincore.net
    > > > > > > "A.J. Fried" <ajfried@yahoo.com> wrote in message
    > > > > > > news:Xns94C67896111DDajfried@216.196.97.132...
    > > > > > > > Does anyone know of any way to inspect a machine's local
    security
    > > policy
    > > > > > > > setting remotely and or programatically? Ideallym, this would
    be
    > > some
    > > sort
    > > > > > > > of WMI call.
    > > > > > > >
    > > > > > > > Specifically, I know you can set a LSP with the NTRights.exe
    res
    > > kit
    > > > > > > > utility. BUT, this can't talk to a remote machine nor can it
    just
    > > > > dump
    > > > > the
    > > > > > > > current settings. Rather than set a LSP, I want to just look
    at
    > > it.
    > > > > > > >
    > > > > > > > Even better would be some WMI way to get at a particular local
    > > security
    > > > > > > > policy like "log on locally" or "access this computer from the
    > > network",
    > > > > > > > etc.
    > > > > > > >
    > > > > > > > TIA.
    > > > > > > > --> A.J. Fried
Ask a new question

Read More

Policy Security Microsoft Windows