Logon rights and user privileges are essential security mechanisms embedded in Microsoft Windows operating systems. Logon rights are designed to allow or limit the ability of accounts to use specific logon methods, such as Interactive logon or Network logon. User privileges control access to the most sensitive system operations, such as shutting down the system or managing the security event log.

In this chapter you will find detailed information about monitoring logon rights and user privileges policy changes, user privileges use, and use of backup and restore privileges.

Logon Rights

As you read in Chapter 4, multiple logon types exist in the Microsoft Windows world. If you review Figure 4-1, you will see that at Step 10 lsass.exe verifies user logon rights. Logon rights verification is also performed for other logon types, such as the RemoteInteractive and Network logon types. To allow or deny a specific logon type for an account, there's a set of security group policy settings available on Windows systems for configuration. These settings are located in the Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Right Assignments group policy path. Table 11-1 contains a list of group policy settings related to user rights and the corresponding logon types for each group policy setting.