You can manage a server named SRV-01 remotely.
: Deny access to this computer from the network. SeShutdownPrivilege : Shut down the system. Practical Examples of ntrights.exe 1. Granting "Log on as a Service" ntrights exe
Local machine or remote machine ( -m \\\\computername ). You can manage a server named SRV-01 remotely
| Method | Command/Path | Use Case | |--------|-------------|-----------| | | gpmc.msc → Computer Config → Windows Settings → Security Settings → User Rights Assignment | Centralized, auditable, and reversible management for domain-joined systems. | | Local Security Policy | secpol.msc | GUI for local machines. | | secedit.exe | secedit /export /cfg policy.inf then modify and secedit /configure | Scriptable export/modify/import of entire security templates. | | PowerShell (Windows 8+/2012+) | Get-UserRight , Grant-UserRight , Revoke-UserRight (from Carbon or NTFSSecurity modules) or directly via Invoke-Command and LSA wrappers. | Modern, scriptable, secure automation. | | Windows API (C++/C#) | LsaAddAccountRights / LsaRemoveAccountRights | Programmatic control for custom tools. | Practical Examples of ntrights
The ntrights.exe utility, a command-line tool introduced in the Windows NT 4.0 Resource Kit, served as an early mechanism for programmatically managing user rights and privileges on a Windows system. Unlike permissions on files or registry keys, user rights (e.g., "SeInteractiveLogonRight", "SeBackupPrivilege") govern system-wide capabilities. This paper examines the architecture of ntrights.exe , its interaction with the Local Security Authority (LSA), common use cases in legacy enterprise environments, and the significant security risks posed by its misuse. Finally, it discusses modern alternatives, including secedit.exe , Group Policy Management Console (GPMC) , and PowerShell cmdlets such as Get-UserRight and Grant-UserRight .