Change User Rights Assignment Security Policy Settings in Windows 10  

    Change User Rights Assignment Security Policy Settings in Windows 10

    Change User Rights Assignment Security Policy Settings in Windows 10

    How to Change User Rights Assignment Security Policy Settings in Windows 10
    Published by Category: User Accounts
    26 Feb 2021
    Designer Media Ltd


    How to Change User Rights Assignment Security Policy Settings in Windows 10


    User Rights Assignment policies govern the methods by which a user can log on to a system. User rights are applied at the local device level, and they allow users to perform tasks on a device or in a domain. User rights include logon rights and permissions. Logon rights control who is authorized to log on to a device and how they can log on. User rights permissions control access to computer and domain resources, and they can override permissions that have been set on specific objects.

    Each group in Windows has its own default rights and permissions. When a user is a member of a group, the user will be assigned the rights and permissions of the group.

    This tutorial will show you how to change User Rights Assignment security policy settings to control users and groups ability to perform tasks in Windows 10.

    You must be signed in as an administrator to change User Rights Assignment.

    If you remove a user or group from a user right policy, then that user or group will no longer be able to perform the policy on the local PC.

    If you add a user or group to a user right policy, then that user or group will now be able to perform the actions of the policy on the local PC.



    Contents

    • Option One: To Add Users and Groups for User Rights Assignment in Local Security Policy
    • Option Two: To Remove Users and Groups for User Rights Assignment in Local Security Policy
    • Option Three: To Add and Remove Users and Groups for User Rights Assignment in Command Prompt






    OPTION ONE

    To Add Users and Groups for User Rights Assignment in Local Security Policy


    Local Security Policy is only available in the Windows 10 Pro, Enterprise, and Education editions.

    All editions can use Option Three below.


    1 Press the Win + R keys to open Run, type secpol.msc into Run, and click/tap on OK to open Local Security Policy.

    2 Expand open Local Policies in the left pane of Local Security Policy, and click/tap on User Rights Assignment. (see screenshot below step 3)

    3 In the right pane of User Rights Assignment, double click/tap on the policy (ex: "Shut down the system") you want to add users and/or groups to. (see screenshot below)

    Change User Rights Assignment Security Policy Settings in Windows 10-user_rights_assignment_in_local_users_and_groups-1.png

    4 Click/tap on the Add User or Group button. (see screenshot below)

    Change User Rights Assignment Security Policy Settings in Windows 10-user_rights_assignment_in_local_users_and_groups-2.png

    5 Click/tap on the Object Types button. (see screenshot below)

    Change User Rights Assignment Security Policy Settings in Windows 10-user_rights_assignment_in_local_users_and_groups-3.png

    6 Check all the boxes for Object types, and click/tap on the OK. (see screenshot below)

    Change User Rights Assignment Security Policy Settings in Windows 10-user_rights_assignment_in_local_users_and_groups-4.png

    7 Click/tap on the Advanced button. (see screenshot below)

    Change User Rights Assignment Security Policy Settings in Windows 10-user_rights_assignment_in_local_users_and_groups-5.png

    8 Click/tap on the Find Now button, select the name of the user or group (ex: "Everyone") you want to add, and click/tap on OK. (see screenshot below)

    If you like, you can press and hold the Ctrl key to select more than one user and/or group.

    Change User Rights Assignment Security Policy Settings in Windows 10-user_rights_assignment_in_local_users_and_groups-6.jpg

    9 Click/tap on OK. (see screenshot below)

    Change User Rights Assignment Security Policy Settings in Windows 10-user_rights_assignment_in_local_users_and_groups-7.png

    10 Click/tap on OK. (see screenshot below)

    Change User Rights Assignment Security Policy Settings in Windows 10-user_rights_assignment_in_local_users_and_groups-8.png

    11 When finished, you can close Local Users and Groups if you like.






    OPTION TWO

    To Remove Users and Groups for User Rights Assignment in Local Security Policy


    Local Security Policy is only available in the Windows 10 Pro, Enterprise, and Education editions.

    All editions can use Option Three below.


    1 Press the Win + R keys to open Run, type secpol.msc into Run, and click/tap on OK to open Local Security Policy.

    2 Expand open Local Policies in the left pane of Local Security Policy, and click/tap on User Rights Assignment. (see screenshot below step 3)

    3 In the right pane of User Rights Assignment, double click/tap on the policy (ex: "Shut down the system") you want to remove users and/or groups from. (see screenshot below)

    Change User Rights Assignment Security Policy Settings in Windows 10-user_rights_assignment_in_local_users_and_groups-1.png

    4 Select the user or group (ex: "Everyone") you want to remove, and click/tap on the Remove button. (see screenshot below)

    If you like, you can press and hold the Ctrl key to select more than one user and/or group.

    Change User Rights Assignment Security Policy Settings in Windows 10-user_rights_assignment_in_local_users_and_groups-9.png

    5 Click/tap on OK. (see screenshot below)

    Change User Rights Assignment Security Policy Settings in Windows 10-user_rights_assignment_in_local_users_and_groups-10.png

    6 When finished, you can close Local Security Policy if you like.






    OPTION THREE

    To Add and Remove Users and Groups for User Rights Assignment in Command Prompt


    1 If you haven't already, you will need to do the following below before continuing on to step 2 below.

    A) Download the ntrights.exe file below from the Windows Server 2003 Resource Kit Tools.
    B) Save the ntrights.zip file to your desktop, and unblock it.

    C) Open the ntrights.zip file, copy or move the ntrights.exe file into your C:\Windows\System32 folder, and click/tap on Continue to approve.

    2 Open an elevated command prompt.

    3 Type the command below you want to use into the elevated command prompt, and press Enter. (see screenshots below)

    (Add user or group to user rights policy)
    ntrights +r ConstantName -u "User or Group"

    OR

    (Remove user or group from user rights policy)
    ntrights -r ConstantName -u "User or Group"

    Substitute ConstantName in the command above with the actual constant name (ex: "SeShutdownPrivilege") from the table below for the user rights assignment security policy (ex: "Shut down the system") you want to add or remove a user or group.

    Substitute User or Group in the command above with the actual name of the user or group (ex: "Everyone") you want to add or remove for the policy.

    For example: ntrights -r SeShutdownPrivilege -u "Everyone"


    Policy Constant Name
    Access Credential Manager as a trusted caller SeTrustedCredManAccessPrivilege
    Access this computer from the network SeNetworkLogonRight
    Act as part of the operating system SeTcbPrivilege
    Add workstations to domain SeMachineAccountPrivilege
    Adjust memory quotas for a process SeIncreaseQuotaPrivilege
    Allow log on locally SeInteractiveLogonRight
    Allow log on through Remote Desktop Services SeRemoteInteractiveLogonRight
    Back up files and directories SeBackupPrivilege
    Bypass traverse checking SeChangeNotifyPrivilege
    Change the system time SeSystemtimePrivilege
    Change the time zone SeTimeZonePrivilege
    Create a pagefile SeCreatePagefilePrivilege
    Create a token object SeCreateTokenPrivilege
    Create global objects SeCreateGlobalPrivilege
    Create permanent shared objects SeCreatePermanentPrivilege
    Create symbolic links SeCreateSymbolicLinkPrivilege
    Debug programs SeDebugPrivilege
    Deny access to this computer from the network SeDenyNetworkLogonRight
    Deny log on as a batch job SeDenyBatchLogonRight
    Deny log on as a service SeDenyServiceLogonRight
    Deny log on locally SeDenyInteractiveLogonRight
    Deny log on through Remote Desktop Services SeDenyRemoteInteractiveLogonRight
    Enable computer and user accounts to be trusted for delegation SeEnableDelegationPrivilege
    Force shutdown from a remote system SeRemoteShutdownPrivilege
    Generate security audits SeAuditPrivilege
    Impersonate a client after authentication SeImpersonatePrivilege
    Increase a process working set SeIncreaseWorkingSetPrivilege
    Increase scheduling priority SeIncreaseBasePriorityPrivilege
    Load and unload device drivers SeLoadDriverPrivilege
    Lock pages in memory SeLockMemoryPrivilege
    Log on as a batch job SeBatchLogonRight
    Log on as a service SeServiceLogonRight
    Manage auditing and security log SeSecurityPrivilege
    Modify an object label SeRelabelPrivilege
    Modify firmware environment values SeSystemEnvironmentPrivilege
    Perform volume maintenance tasks SeManageVolumePrivilege
    Profile single process SeProfileSingleProcessPrivilege
    Profile system performance SeSystemProfilePrivilege
    Remove computer from docking station SeUndockPrivilege
    Replace a process level token SeAssignPrimaryTokenPrivilege
    Restore files and directories SeRestorePrivilege
    Shut down the system SeShutdownPrivilege
    Synchronize directory service data SeSyncAgentPrivilege
    Take ownership of files or other objects SeTakeOwnershipPrivilege

    4 When finished, you can close the elevated command prompt if you like.

    Change User Rights Assignment Security Policy Settings in Windows 10-add_user_rights_assignment_command.jpg
    Change User Rights Assignment Security Policy Settings in Windows 10-remove_user_rights_assignment_command.jpg


    That's it,
    Shawn





  1. Posts : 264
    Windows 10 Home 64 bit
       #1

    Using Windows Server 2003 Resource Kit Tools What command would you use for lockpagesinmemory and increase scheduling priority ?

    - - - Updated - - -

    Sorry Brink I understand. If I would have read your tutorial instead of skimming I wouldn't of asked that question. Thanks again Brink
      My Computers


  2. Posts : 62,303
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #2

    smirk24 said:
    Using Windows Server 2003 Resource Kit Tools What command would you use for lockpagesinmemory and increase scheduling priority ?

    - - - Updated - - -

    Sorry Brink I understand. If I would have read your tutorial instead of skimming I wouldn't of asked that question. Thanks again Brink
    No worries mate.

      My Computers


 

Tutorial Categories

Change User Rights Assignment Security Policy Settings in Windows 10 Tutorial Index Network & Sharing Instalation and Upgrade Browsers and Email General Tips Gaming Customization Apps and Features Virtualization BSOD System Security User Accounts Hardware and Drivers Updates and Activation Backup and Restore Performance and Maintenance Mixed Reality Phone


  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 20:29.
Find Us




Windows 10 Forums