How can I edit local security policy from a batch file?

windows group-policy batch-file vbscript security
40,201

Solution 1

You can use the ntrights utility to edit account privileges.

The user right "SeDenyInteractiveLogonRight" is what you want to edit, likely as part of the computer's logon.

The following command would deny jscott interactive logon:

ntrights -u jscott +r SeDenyInteractiveLogonRight

http://support.microsoft.com/kb/315276

http://ss64.com/nt/ntrights.html

Solution 2

you could export a template using the GUI

make desired changes on reference PC,

SECPOL.MSC > Actions > export Policy > secpol.inf

then use

SECEDIT.exe /IMPORT

wrap it in your favorite scripting language (Batch, PS, VBScript)

and it will overwrite the current policy

only concern would be if there are issues with overwriting the current policy

I've never done it with security policy, but have before with power profiles, and the process looks almost identical, similar to the NET.exe command.

Solution 3

I looked for so long too. I figured out the answer!

To check the current state :

auditpol /get /subcategory:"Process Creation"

This next line will make the change. It will set the process creation to Enabled.

auditpol /set /subcategory:"Process Creation"

Check the state again and you'll see the change.

Alternatively, you could change all of the "detail tracking" policies, as "process creation" is a subcategory of "detail tracking". Like this:

auditpol /set /category:"Detailed Tracking"
Share:
40,201

Related videos on Youtube

Stephen Jennings
Author by

Stephen Jennings

Updated on September 17, 2022

Comments

  • Stephen Jennings
    Stephen Jennings over 1 year

    I am trying to write a utility as a batch file that, among other things, adds a user to the "Deny logon locally" local security policy. This batch file will be used on hundreds of independent computers (not on a domain and aren't even on the same network).

    I assumed one of the following were my options, but perhaps there's one I haven't thought of.

    1. A command line utility similar to net.exe which can modify local security policy.

    2. A VBScript sample to do the same.

    3. Write my own using some WMI or Win32 calls. I'd rather not do this one if I don't have to.

  • Stephen Jennings
    Stephen Jennings about 14 years
    A-ha, this works for what I need. Thanks!
  • klaus triendl
    klaus triendl about 4 years
    Helps bringing back accidentally deleted "Log on as a service" right to 'all services'! ntrights -u "NT SERVICE\ALL SERVICES" +r SeServiceLogonRight

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Windows: Open program in specific screen location
Windows: File Monitoring Script (Batch/VBS)
VBS or Bat - Determine OS and Office Version
VBS How to make a Custom Option Button?
Can't edit Local Security Policy
Launch a bat file without a command window as administrator?
Is there anyway to remove denied permissions from a group for a folder if I dont have access?
How can I edit local Group Policy settings using command line?
Delete all files from a folder and its sub folders
Disable remote desktop through CMD or script in Windows 2008