TOC & Recently Viewed

Recently Viewed Topics

USER_RIGHTS_POLICY

This policy item checks for the following value defined in “Security Settings -> Local Policies -> User Rights Assignment”. The check is performed by calling the function LsaEnumerateAccountsWithUserRight on the LSA policy handle.

Usage

<custom_item>

type: USER_RIGHTS_POLICY

description: ["description"]

value_type: [value type]

value_data: [value]

(optional) check_type: [value]

right_type: [right]

</custom_item>

The right_type field corresponds to the right to test. Allowed values are:

right_type: RIGHT

Where RIGHT can be:

SeAssignPrimaryTokenPrivilege

SeAuditPrivilege

SeBackupPrivilege

SeBatchLogonRight

SeChangeNotifyPrivilege

SeCreateGlobalPrivilege

SeCreatePagefilePrivilege

SeCreatePermanentPrivilege

SeCreateTokenPrivilege

SeDenyBatchLogonRight

SeDenyInteractiveLogonRight

SeDenyNetworkLogonRight

SeDenyRemoteInteractiveLogonRight

SeDenyServiceLogonRight

SeDebugPrivilege

SeEnableDelegationPrivilege

SeImpersonatePrivilege

SeIncreaseBasePriorityPrivilege

SeIncreaseWorkingSetPrivilege

SeIncreaseQuotaPrivilege

SeInteractiveLogonRight

SeLoadDriverPrivilege

SeLockMemoryPrivilege

SeMachineAccountPrivilege

SeManageVolumePrivilege

SeNetworkLogonRight

SeProfileSingleProcessPrivilege

SeRemoteShutdownPrivilege

SeRemoteInteractiveLogonRight

SeRelabelPrivilege

SeRestorePrivilege

SeSecurityPrivilege

SeServiceLogonRight

SeShutdownPrivilege

SeSyncAgentPrivilege

SeSystemEnvironmentPrivilege

SeSystemProfilePrivilege

SeSystemTimePrivilege

SeTakeOwnershipPrivilege

SeTcbPrivilege

SeTimeZonePrivilege

SeUndockPrivilege

SeUnsolicitedInputPrivilege

The allowed type is:

value_type: USER_RIGHT

value_data: "user1" && "user2" && "group1" && ... && "groupn"

Note: User rights tests perform many requests against the domain controller. These tests must be included in a separate policy file and only launched against the Domain Controller and ONE system of the domain.

Note: There must be no quotes around the right type as it is parsed as a token.

Example

<custom_item>

type: USER_RIGHTS_POLICY

description: "Create a token object"

value_type: USER_RIGHT

value_data: "Administrators" && "Backup Operators"

right_type: SeCreateTokenPrivilege

</custom_item>

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.