CHAPTER 11Logon Rights and User Privileges
Logon rights and user privileges are essential security mechanisms embedded in Microsoft Windows operating systems. Logon rights are designed to allow or limit the ability of accounts to use specific logon methods, such as Interactive logon or Network logon. User privileges control access to the most sensitive system operations, such as shutting down the system or managing the security event log.
In this chapter you will find detailed information about monitoring logon rights and user privileges policy changes, user privileges use, and use of backup and restore privileges.
Logon Rights
As you read in Chapter 4, multiple logon types exist in the Microsoft Windows world. If you review Figure 4-1, you will see that at Step 10
verifies user logon rights. Logon rights verification is also performed for other logon types, such as the RemoteInteractive and Network logon types. To allow or deny a specific logon type for an account, there's a set of security group policy settings available on Windows systems for configuration. These settings are located in the lsass.exe
group policy path. Table 11-1 contains a list of group policy settings related to user rights and the corresponding logon types for each group policy setting.Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Right Assignments
Table 11-1: Logon Rights and Related Logon Types
GROUP POLICY SETTING NAME | LOGON RIGHT NAME ... |
Get Windows Security Monitoring now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.