The local security authority (LSA) on each machine ultimately decides what privileges will be granted to a user when she logs in. The most direct way of affecting that decision is to open the local security policy of the machine and edit the privilege grants there. You can get to the local security policy either by running secpol.msc from an administrative command prompt (Item 9) or by looking on the Start menu for an administrative tool called “Local Security Policy.” From there, drill down into “Local Policies” and select “User Rights Assignment.” I show a picture of this editor in Item 21, Figure 21.1.

In a domain environment it's also possible to set privileges (and all other ...