Table C.1 provides a complete list of Windows NT user rights and the rights that are defined as advanced are indicated with an X.
Table C.1 The Windows NT user rights.
|
| Right
| Advanced Right
| Description
|
|
| Access this computer
| -
| Allows users to log on or establish network connections to this computer.
|
| Act as part of the operating system
| X
| Operations can be performed as part of the operating system. Currently used by some of the Windows NT subsystems.
|
| Add workstations to domain
| -
| Permits non-Administrator accounts to add workstations to the domain. This right is not currently implemented.
|
| Back up files and directories
| -
| Permits users to back up files and folders that they don’t have direct access to (overrides the file and folder permissions).
|
| Bypass traverse checking
| X
| Allows users to access files and folders contained in a parent folder that they have been denied access to. This right needs to be removed from users who require POSIX compliance.
|
| Change the system time
| -
| Allows the time of the Windows NT computer to be changed.
|
| Create a pagefile
| X
| Allows a pagefile to be created. This right is not currently implemented.
|
| Create a permanent shared object
| X
| Used internally with Windows NT to create special permanent objects.
|
| Create a token object
| X
| Used by the Local Security Authority to create the user Security Access Token on logon.
|
| Debug programs
| X
| Permits the user to debug low-level objects.
|
| Force shutdown from a remote system
| -
| Permits computer to be shut down from a remote system. This right is not currently implemented.
|
| Generate security audits
| X
| Permits security audit log entries to be generated.
|
| Increase quotas
| X
| Allows object quotas to be increased. This right is not currently implemented.
|
| Increase scheduling priority
| X
| Permits the scheduling priority of a process to be increased.
|
| Load and unload device drivers
| -
| Permits device drivers to be installed and removed.
|
| Lock pages in memory
| X
| Permits pages to be locked into memory. Locked pages will not be paged out from main memory to the pagefile.
|
| Log on as a batch job
| X
| Permits jobs to be logged on as batch processes. This right is not currently implemented.
|
| Log on as a service
| X
| Permits a process to be run as a service.
|
| Log on locally
| -
| Permits local logon using the workstation keyboard.
|
| Manage auditing and security log
| -
| Permits the events that are to be audited on an object to be defined. Also allows the security event log to be managed.
|
| Modify firmware environment values
| X
| Allows the modification of system variables contained in nonvolatile RAM. Only used with computers with necessary hardware.
|
| Profile single process
| X
| Permits the performance sampling of a single process.
|
| Profile system performance
| X
| Permits the performance sampling of the system.
|
| Replace a process level token
| X
| A right used only by the operating system to modify a process’ security access token.
|
| Restore files and directories
| -
| Permits users to restore files and folders that they do not have direct access to.
|
| Shut down the system
| -
| Permits the system to be shut down.
|
| Take ownership of files or other objects
| -
| Permits ownership of objects to be taken, overriding the assigned permissions.
|
|
FEEDBACK
