Is there a way to check if a user has specific rights?

Question

In my application I'm using ntrights.exe, that is part of Windows Resource Kit, to grant and revoke a specific user right.

For example to grant a user "Log on as a server" right, I execute using shell object following command:

ntrights -u User +r SeServiceLogonRight

However ntrights doesn't allow you to check if a user has a specific right.

Can you tell me how I can check if a user has a specific right?

Update The question is posted here because it's part of .NET application I'm writing. If any one knows, how to do it using code, please post it here.

Is this part of a program you're writing? If not, it should go to Super User. — David Thornley, Mar 22 '10 at 17:56
It's part of .NET application. I would appreciate if anyone can show me how do it in .NET code. — Vadim, Mar 22 '10 at 17:58

score 2 · Accepted Answer · answered Mar 22 '10 at 18:14

2

Short answer: LsaEnumerateAccountRights

I don't know if .NET provides a wrapper class, though.

answered Mar 22 '10 at 18:14

Luke

11,211
2
27
38

score 1 · Answer 2 · answered Mar 22 '10 at 18:23

1

I think you'll need LsaEnumerateAccountRights(). That isn't exposed in .NET but is being used. Use Reflector and take a look at the private ServiceProcessInstaller.AccountHasRight method.

answered Mar 22 '10 at 18:23

Hans Passant

922,412
146
1,693
2,536

score 0 · Answer 3 · answered Mar 22 '10 at 18:15

0

If you're on an Active Directory domain, you can administer this through System.DirectoryServices.

System.DirectoryServices Namespace

Other things you might look up are ADSI and LDAP.

answered Mar 22 '10 at 18:15

Marcus Adams

53,009
9
91
143

Is there a way to check if a user has specific rights?

3 Answers3