upriv Version 2.7.0.7198 User Privilege Utility The upriv utility allows the addition or removal of privileges from user accounts. At this time, it is necessary to specify the exact Privilege or Right name, i.e. "SeInteractiveLogonRight". It appears that the string is NOT case-sensitive, however. A future version of this utility will allow you to specify a "short" name that will be internally translated into the appropriate value. License: -------- This is a free utility. It may be freely used and distributed as long as the copyright information in the program file remains intact. Warranty: --------- This utility is provided "as is". There is no warranty. Usage and Help Information: --------------------------- usage: upriv [-dhv?] [-m Machine] User [Privilege] Options: d - Disable the specified privilege. h - Help, (this). v - Verbose. ? - Usage. Machine - The Machine holding the User account. User - The User to update. Privilege - The Privilege to enable or disable. This is the name specified by the Win32 API. For example: "SeDebugPrivilege". If no privilege is specified, the Privileges currently held by the specified user are displayed. If there are no Privileges assigned to the user, then "Object Name not found" will be reported. The following Privileges, or Rights, are available: SeInteractiveLogonRight -> "Log on locally" SeNetworkLogonRight -> "Access this computer from network" SeBatchLogonRight -> "Log on as a batch job" SeServiceLogonRight -> "Log on as a service" SeCreateTokenPrivilege -> "Create a token object" SeAssignPrimaryTokenPrivilege -> "Replace a process level token" SeLockMemoryPrivilege -> "Lock pages in memory" SeIncreaseQuotaPrivilege -> "Increase quotas" SeMachineAccountPrivilege -> "Add workstations to domain" SeTcbPrivilege -> "Act as part of the operating system" SeSecurityPrivilege -> "Manage auditing and security log" SeTakeOwnershipPrivilege -> "Take ownership of files or other objects" SeLoadDriverPrivilege -> "Load and unload device drivers" SeSystemProfilePrivilege -> "Profile system performance" SeSystemtimePrivilege -> "Change the system time" SeProfileSingleProcessPrivilege -> "Profile single process" SeIncreaseBasePriorityPrivilege -> "Increase scheduling priority" SeCreatePagefilePrivilege -> "Create a pagefile" SeCreatePermanentPrivilege -> "Create permanent shared objects" SeBackupPrivilege -> "Back up files and directories" SeRestorePrivilege -> "Restore files and directories" SeShutdownPrivilege -> "Shut down the system" SeDebugPrivilege -> "Debug programs" SeAuditPrivilege -> "Generate security audits" SeSystemEnvironmentPrivilege -> "Modify firmware environment values" SeChangeNotifyPrivilege -> "Bypass traverse checking" SeRemoteShutdownPrivilege -> "Force shutdown from a remote system" Usage examples: --------------- upriv bill upriv -v pooh upriv bill sedebugprivilege upriv -d pooh seinteractivelogonright Installation: ------------- Installation is simple; just copy the executable file into a directory listed in the %Path% Environment variable. A Debug Symbols, .DBG, file is also included and should be copied into %SystemRoot%\Symbols\Exe, in order for ntsd, (or windbag, I guess), to find it. Note that the .DBG symbol file is needed only if you want to run the utility under a debugger such as ntsd. The file is not needed for any other reason than to make the internal symbols available to the debug program.