How to view user privileges using windows cmd?
Solution 1
I'd start with:
secedit /export /areas USER_RIGHTS /cfg OUTFILE.CFG
Then examine the line for the relevant privilege. However, the problem now is that the accounts are listed as SIDs, not usernames.
Solution 2
You can use the following commands:
whoami /priv
whoami /all
For more information, check whoami @ technet.
Solution 3
Mark Russinovich wrote a terrific tool called AccessChk that lets you get this information from the command line. No installation is necessary.
http://technet.microsoft.com/en-us/sysinternals/bb664922.aspx
For example:
accesschk.exe /accepteula -q -a SeServiceLogonRight
Returns this for me:
IIS APPPOOL\DefaultAppPool
IIS APPPOOL\Classic .NET AppPool
NT SERVICE\ALL SERVICES
By contrast, whoami /priv
and whoami /all
were missing some entries for me, like SeServiceLogonRight
.
AJINKYA
I am ardent web application security researcher! So playing with codes and finding bugs is my favorite pass time.
Updated on May 27, 2021Comments
-
AJINKYA almost 3 years
I am trying to view the user privileges using the command prompt in Windows. User account & User privileges such as:
SeBatchLogonRight SeDenyBatchLogonRight SeInteractiveLogonRight SeDenyInteractiveLogonRight SeServiceLogonRight SeDenyServiceLogonRight SeNetworkLogonRight SeDenyNetworkLogonRight
I tried using
ntrights
but it's not working. I can't use any tool as I am trying to create an automated script for an OS audit. -
Simon Catlin about 11 yearsWorth a mention... To find out which privs the current user has, use WHOAMI /PRIV.
-
not2qubit about 10 yearsMore details on secedit here.
-
not2qubit about 10 yearsWould be good if you could explain the details of this command better. I didn't get any sensible output from that on Win8.1.
-
Jeremy McGee over 9 yearsTremendous -- not least, allows verification of the right for another user without impersonation with RUNAS.
-
NikG about 9 yearsThis is pretty horrible to use but it works well. After exporting the template using Simon's command above, you can import it again using: Secedit /configure /db secedit.sdb /cfg outfile.cfg /quiet /areas USER_RIGHTS
-
ivan_pozdeev almost 9 yearsNote that it's only available out of the box since Vista. In XP, it's in the "Windows XP SP2 Support Tools" download.
-
Burt_Harris almost 7 yearsThis is the best answer. IMHO Anyone still using XP needs to upgrade
-
Roman R. almost 7 yearsYou should not duplicate existing answers, especially that there already is a more complete answer.
-
Harry Johnston almost 7 yearsYes,
whoami /priv
will only work for privileges, not rights, because it works by examining the current user token. Rights are only used at logon time, so there's no need for them to be kept in the token. -
Harry Johnston almost 7 yearsI'm not sure whether this will work for rights that are acquired indirectly, e.g., via group membership.
-
Harry Johnston almost 7 yearsNote that this will work for privileges but not for rights.