Sign in with
Sign up | Sign in
Your question

Local Security Policy / NTRights / Script

Last response: in Windows 2000/NT
Share
Anonymous
a b 8 Security
April 9, 2004 2:51:59 PM

Archived from groups: microsoft.public.win2000.group_policy,microsoft.public.scripting.wsh (More info?)

Does anyone know of any way to inspect a machine's local security policy
setting remotely and or programatically? Ideallym, this would be some sort
of WMI call.

Specifically, I know you can set a LSP with the NTRights.exe res kit
utility. BUT, this can't talk to a remote machine nor can it just dump the
current settings. Rather than set a LSP, I want to just look at it.

Even better would be some WMI way to get at a particular local security
policy like "log on locally" or "access this computer from the network",
etc.

TIA.
--> A.J. Fried
Anonymous
a b 8 Security
April 9, 2004 3:07:32 PM

Archived from groups: microsoft.public.win2000.group_policy,microsoft.public.scripting.wsh (More info?)

try Dumpsec (www.somarsoft.com). it is easy, free, and can be used remotely.
This will get almost everything from the local security policy list, just
not in the same format.

--
Derek Melber
BrainCore.Net
derekm@braincore.net
"A.J. Fried" <ajfried@yahoo.com> wrote in message
news:Xns94C67896111DDajfried@216.196.97.132...
> Does anyone know of any way to inspect a machine's local security policy
> setting remotely and or programatically? Ideallym, this would be some
sort
> of WMI call.
>
> Specifically, I know you can set a LSP with the NTRights.exe res kit
> utility. BUT, this can't talk to a remote machine nor can it just dump
the
> current settings. Rather than set a LSP, I want to just look at it.
>
> Even better would be some WMI way to get at a particular local security
> policy like "log on locally" or "access this computer from the network",
> etc.
>
> TIA.
> --> A.J. Fried
Anonymous
a b 8 Security
April 9, 2004 6:40:51 PM

Archived from groups: microsoft.public.win2000.group_policy,microsoft.public.scripting.wsh (More info?)

DumpSec ... what a good idea. BUT... It doesn't actually show all of
the rights and of course the ones I want are missing! Namely, deny
log on local and deny access to this computer from the network
(SeDenyInteractiveLogonRight and SeDenyNetworkLogonRight). Damn.

Alsom I really want to a way to script the dumping so I can automate.
DumpSec was a good idea though. Thanks.

"Derek Melber [MVP]" <derekm@braincore.net> wrote in message news:<O6DoD3lHEHA.3276@TK2MSFTNGP09.phx.gbl>...
> try Dumpsec (www.somarsoft.com). it is easy, free, and can be used remotely.
> This will get almost everything from the local security policy list, just
> not in the same format.
>
> --
> Derek Melber
> BrainCore.Net
> derekm@braincore.net
> "A.J. Fried" <ajfried@yahoo.com> wrote in message
> news:Xns94C67896111DDajfried@216.196.97.132...
> > Does anyone know of any way to inspect a machine's local security policy
> > setting remotely and or programatically? Ideallym, this would be some
> sort
> > of WMI call.
> >
> > Specifically, I know you can set a LSP with the NTRights.exe res kit
> > utility. BUT, this can't talk to a remote machine nor can it just dump
> the
> > current settings. Rather than set a LSP, I want to just look at it.
> >
> > Even better would be some WMI way to get at a particular local security
> > policy like "log on locally" or "access this computer from the network",
> > etc.
> >
> > TIA.
> > --> A.J. Fried
Related resources
Anonymous
a b 8 Security
April 9, 2004 6:47:57 PM

Archived from groups: microsoft.public.win2000.group_policy,microsoft.public.scripting.wsh (More info?)

A.J.-

have you attempted any WMI scripts? If you need help with the "syntax" or
the variables, go download scriptomatic from Microsoft.

--
Derek Melber
BrainCore.Net
derekm@braincore.net
"A.J. Fried" <ajfried@yahoo.com> wrote in message
news:234832c6.0404091340.222fe5ec@posting.google.com...
> DumpSec ... what a good idea. BUT... It doesn't actually show all of
> the rights and of course the ones I want are missing! Namely, deny
> log on local and deny access to this computer from the network
> (SeDenyInteractiveLogonRight and SeDenyNetworkLogonRight). Damn.
>
> Alsom I really want to a way to script the dumping so I can automate.
> DumpSec was a good idea though. Thanks.
>
> "Derek Melber [MVP]" <derekm@braincore.net> wrote in message
news:<O6DoD3lHEHA.3276@TK2MSFTNGP09.phx.gbl>...
> > try Dumpsec (www.somarsoft.com). it is easy, free, and can be used
remotely.
> > This will get almost everything from the local security policy list,
just
> > not in the same format.
> >
> > --
> > Derek Melber
> > BrainCore.Net
> > derekm@braincore.net
> > "A.J. Fried" <ajfried@yahoo.com> wrote in message
> > news:Xns94C67896111DDajfried@216.196.97.132...
> > > Does anyone know of any way to inspect a machine's local security
policy
> > > setting remotely and or programatically? Ideallym, this would be some
> > sort
> > > of WMI call.
> > >
> > > Specifically, I know you can set a LSP with the NTRights.exe res kit
> > > utility. BUT, this can't talk to a remote machine nor can it just
dump
> > the
> > > current settings. Rather than set a LSP, I want to just look at it.
> > >
> > > Even better would be some WMI way to get at a particular local
security
> > > policy like "log on locally" or "access this computer from the
network",
> > > etc.
> > >
> > > TIA.
> > > --> A.J. Fried
Anonymous
a b 8 Security
April 14, 2004 1:52:55 PM

Archived from groups: microsoft.public.win2000.group_policy,microsoft.public.scripting.wsh (More info?)

I have not been able to find anyhting in WMI that will return the info
I want - specifically, the values of local security policies (like
"deny log on locally", etc.). If you can point me to the right place,
that would be excellent! Thanks. --> A.J. Fried


"Derek Melber [MVP]" <derekm@braincore.net> wrote in message news:<evFGB1nHEHA.3820@tk2msftngp13.phx.gbl>...
> A.J.-
>
> have you attempted any WMI scripts? If you need help with the "syntax" or
> the variables, go download scriptomatic from Microsoft.
>
> --
> Derek Melber
> BrainCore.Net
> derekm@braincore.net
> "A.J. Fried" <ajfried@yahoo.com> wrote in message
> news:234832c6.0404091340.222fe5ec@posting.google.com...
> > DumpSec ... what a good idea. BUT... It doesn't actually show all of
> > the rights and of course the ones I want are missing! Namely, deny
> > log on local and deny access to this computer from the network
> > (SeDenyInteractiveLogonRight and SeDenyNetworkLogonRight). Damn.
> >
> > Alsom I really want to a way to script the dumping so I can automate.
> > DumpSec was a good idea though. Thanks.
> >
> > "Derek Melber [MVP]" <derekm@braincore.net> wrote in message
> news:<O6DoD3lHEHA.3276@TK2MSFTNGP09.phx.gbl>...
> > > try Dumpsec (www.somarsoft.com). it is easy, free, and can be used
> remotely.
> > > This will get almost everything from the local security policy list,
> just
> > > not in the same format.
> > >
> > > --
> > > Derek Melber
> > > BrainCore.Net
> > > derekm@braincore.net
> > > "A.J. Fried" <ajfried@yahoo.com> wrote in message
> > > news:Xns94C67896111DDajfried@216.196.97.132...
> > > > Does anyone know of any way to inspect a machine's local security
> policy
> > > > setting remotely and or programatically? Ideallym, this would be some
> sort
> > > > of WMI call.
> > > >
> > > > Specifically, I know you can set a LSP with the NTRights.exe res kit
> > > > utility. BUT, this can't talk to a remote machine nor can it just
> dump
> the
> > > > current settings. Rather than set a LSP, I want to just look at it.
> > > >
> > > > Even better would be some WMI way to get at a particular local
> security
> > > > policy like "log on locally" or "access this computer from the
> network",
> > > > etc.
> > > >
> > > > TIA.
> > > > --> A.J. Fried
Anonymous
a b 8 Security
April 14, 2004 3:46:38 PM

Archived from groups: microsoft.public.win2000.group_policy,microsoft.public.scripting.wsh (More info?)

Try to look in scriptomatic from Microsoft. it will show you all of the
variables you can query with WMI (or at least a good percentage of the
overall list). Let me know if you find it in there.

--
Derek Melber
BrainCore.Net
derekm@braincore.net
"A.J. Fried" <ajfried@yahoo.com> wrote in message
news:234832c6.0404140852.7e40bdea@posting.google.com...
> I have not been able to find anyhting in WMI that will return the info
> I want - specifically, the values of local security policies (like
> "deny log on locally", etc.). If you can point me to the right place,
> that would be excellent! Thanks. --> A.J. Fried
>
>
> "Derek Melber [MVP]" <derekm@braincore.net> wrote in message
news:<evFGB1nHEHA.3820@tk2msftngp13.phx.gbl>...
> > A.J.-
> >
> > have you attempted any WMI scripts? If you need help with the "syntax"
or
> > the variables, go download scriptomatic from Microsoft.
> >
> > --
> > Derek Melber
> > BrainCore.Net
> > derekm@braincore.net
> > "A.J. Fried" <ajfried@yahoo.com> wrote in message
> > news:234832c6.0404091340.222fe5ec@posting.google.com...
> > > DumpSec ... what a good idea. BUT... It doesn't actually show all of
> > > the rights and of course the ones I want are missing! Namely, deny
> > > log on local and deny access to this computer from the network
> > > (SeDenyInteractiveLogonRight and SeDenyNetworkLogonRight). Damn.
> > >
> > > Alsom I really want to a way to script the dumping so I can automate.
> > > DumpSec was a good idea though. Thanks.
> > >
> > > "Derek Melber [MVP]" <derekm@braincore.net> wrote in message
> > news:<O6DoD3lHEHA.3276@TK2MSFTNGP09.phx.gbl>...
> > > > try Dumpsec (www.somarsoft.com). it is easy, free, and can be used
> > remotely.
> > > > This will get almost everything from the local security policy list,
> > just
> > > > not in the same format.
> > > >
> > > > --
> > > > Derek Melber
> > > > BrainCore.Net
> > > > derekm@braincore.net
> > > > "A.J. Fried" <ajfried@yahoo.com> wrote in message
> > > > news:Xns94C67896111DDajfried@216.196.97.132...
> > > > > Does anyone know of any way to inspect a machine's local security
> > policy
> > > > > setting remotely and or programatically? Ideallym, this would be
some
> > sort
> > > > > of WMI call.
> > > > >
> > > > > Specifically, I know you can set a LSP with the NTRights.exe res
kit
> > > > > utility. BUT, this can't talk to a remote machine nor can it just
> > dump
> > the
> > > > > current settings. Rather than set a LSP, I want to just look at
it.
> > > > >
> > > > > Even better would be some WMI way to get at a particular local
> > security
> > > > > policy like "log on locally" or "access this computer from the
> > network",
> > > > > etc.
> > > > >
> > > > > TIA.
> > > > > --> A.J. Fried
Anonymous
a b 8 Security
April 15, 2004 2:44:05 PM

Archived from groups: microsoft.public.win2000.group_policy,microsoft.public.scripting.wsh (More info?)

I looked at scriptomatic. It doesnt have anything about local
security policies. Any other ideas?

"Derek Melber [MVP]" <derekm@braincore.net> wrote in message news:<u$RY9ElIEHA.3720@tk2msftngp13.phx.gbl>...
> Try to look in scriptomatic from Microsoft. it will show you all of the
> variables you can query with WMI (or at least a good percentage of the
> overall list). Let me know if you find it in there.
>
> --
> Derek Melber
> BrainCore.Net
> derekm@braincore.net
> "A.J. Fried" <ajfried@yahoo.com> wrote in message
> news:234832c6.0404140852.7e40bdea@posting.google.com...
> > I have not been able to find anyhting in WMI that will return the info
> > I want - specifically, the values of local security policies (like
> > "deny log on locally", etc.). If you can point me to the right place,
> > that would be excellent! Thanks. --> A.J. Fried
> >
> >
> > "Derek Melber [MVP]" <derekm@braincore.net> wrote in message
> news:<evFGB1nHEHA.3820@tk2msftngp13.phx.gbl>...
> > > A.J.-
> > >
> > > have you attempted any WMI scripts? If you need help with the "syntax"
> or
> > > the variables, go download scriptomatic from Microsoft.
> > >
> > > --
> > > Derek Melber
> > > BrainCore.Net
> > > derekm@braincore.net
> > > "A.J. Fried" <ajfried@yahoo.com> wrote in message
> > > news:234832c6.0404091340.222fe5ec@posting.google.com...
> > > > DumpSec ... what a good idea. BUT... It doesn't actually show all of
> > > > the rights and of course the ones I want are missing! Namely, deny
> > > > log on local and deny access to this computer from the network
> > > > (SeDenyInteractiveLogonRight and SeDenyNetworkLogonRight). Damn.
> > > >
> > > > Alsom I really want to a way to script the dumping so I can automate.
> > > > DumpSec was a good idea though. Thanks.
> > > >
> > > > "Derek Melber [MVP]" <derekm@braincore.net> wrote in message
> news:<O6DoD3lHEHA.3276@TK2MSFTNGP09.phx.gbl>...
> > > > > try Dumpsec (www.somarsoft.com). it is easy, free, and can be used
> remotely.
> > > > > This will get almost everything from the local security policy list,
> just
> > > > > not in the same format.
> > > > >
> > > > > --
> > > > > Derek Melber
> > > > > BrainCore.Net
> > > > > derekm@braincore.net
> > > > > "A.J. Fried" <ajfried@yahoo.com> wrote in message
> > > > > news:Xns94C67896111DDajfried@216.196.97.132...
> > > > > > Does anyone know of any way to inspect a machine's local security
> policy
> > > > > > setting remotely and or programatically? Ideallym, this would be
> some
> sort
> > > > > > of WMI call.
> > > > > >
> > > > > > Specifically, I know you can set a LSP with the NTRights.exe res
> kit
> > > > > > utility. BUT, this can't talk to a remote machine nor can it just
> > > dump
> > > the
> > > > > > current settings. Rather than set a LSP, I want to just look at
> it.
> > > > > >
> > > > > > Even better would be some WMI way to get at a particular local
> security
> > > > > > policy like "log on locally" or "access this computer from the
> network",
> > > > > > etc.
> > > > > >
> > > > > > TIA.
> > > > > > --> A.J. Fried
Anonymous
a b 8 Security
April 15, 2004 11:56:08 PM

Archived from groups: microsoft.public.win2000.group_policy,microsoft.public.scripting.wsh (More info?)

have you tried to use the secedit command with the /analyze switch?

--
Derek Melber
BrainCore.Net
derekm@braincore.net
"A.J. Fried" <ajfried@yahoo.com> wrote in message
news:234832c6.0404150944.4f412865@posting.google.com...
> I looked at scriptomatic. It doesnt have anything about local
> security policies. Any other ideas?
>
> "Derek Melber [MVP]" <derekm@braincore.net> wrote in message
news:<u$RY9ElIEHA.3720@tk2msftngp13.phx.gbl>...
> > Try to look in scriptomatic from Microsoft. it will show you all of the
> > variables you can query with WMI (or at least a good percentage of the
> > overall list). Let me know if you find it in there.
> >
> > --
> > Derek Melber
> > BrainCore.Net
> > derekm@braincore.net
> > "A.J. Fried" <ajfried@yahoo.com> wrote in message
> > news:234832c6.0404140852.7e40bdea@posting.google.com...
> > > I have not been able to find anyhting in WMI that will return the info
> > > I want - specifically, the values of local security policies (like
> > > "deny log on locally", etc.). If you can point me to the right place,
> > > that would be excellent! Thanks. --> A.J. Fried
> > >
> > >
> > > "Derek Melber [MVP]" <derekm@braincore.net> wrote in message
> > news:<evFGB1nHEHA.3820@tk2msftngp13.phx.gbl>...
> > > > A.J.-
> > > >
> > > > have you attempted any WMI scripts? If you need help with the
"syntax"
> > or
> > > > the variables, go download scriptomatic from Microsoft.
> > > >
> > > > --
> > > > Derek Melber
> > > > BrainCore.Net
> > > > derekm@braincore.net
> > > > "A.J. Fried" <ajfried@yahoo.com> wrote in message
> > > > news:234832c6.0404091340.222fe5ec@posting.google.com...
> > > > > DumpSec ... what a good idea. BUT... It doesn't actually show all
of
> > > > > the rights and of course the ones I want are missing! Namely,
deny
> > > > > log on local and deny access to this computer from the network
> > > > > (SeDenyInteractiveLogonRight and SeDenyNetworkLogonRight). Damn.
> > > > >
> > > > > Alsom I really want to a way to script the dumping so I can
automate.
> > > > > DumpSec was a good idea though. Thanks.
> > > > >
> > > > > "Derek Melber [MVP]" <derekm@braincore.net> wrote in message
> > news:<O6DoD3lHEHA.3276@TK2MSFTNGP09.phx.gbl>...
> > > > > > try Dumpsec (www.somarsoft.com). it is easy, free, and can be
used
> > remotely.
> > > > > > This will get almost everything from the local security policy
list,
> > just
> > > > > > not in the same format.
> > > > > >
> > > > > > --
> > > > > > Derek Melber
> > > > > > BrainCore.Net
> > > > > > derekm@braincore.net
> > > > > > "A.J. Fried" <ajfried@yahoo.com> wrote in message
> > > > > > news:Xns94C67896111DDajfried@216.196.97.132...
> > > > > > > Does anyone know of any way to inspect a machine's local
security
> > policy
> > > > > > > setting remotely and or programatically? Ideallym, this would
be
> > some
> > sort
> > > > > > > of WMI call.
> > > > > > >
> > > > > > > Specifically, I know you can set a LSP with the NTRights.exe
res
> > kit
> > > > > > > utility. BUT, this can't talk to a remote machine nor can it
just
> > > > dump
> > > > the
> > > > > > > current settings. Rather than set a LSP, I want to just look
at
> > it.
> > > > > > >
> > > > > > > Even better would be some WMI way to get at a particular local
> > security
> > > > > > > policy like "log on locally" or "access this computer from the
> > network",
> > > > > > > etc.
> > > > > > >
> > > > > > > TIA.
> > > > > > > --> A.J. Fried
!