MCTS 70-680: Rights and elevating permissions. This video looks at Windows rights and how to run software as different users. Rights allow you to perform an action on a computer. These are either allow or deny. This video looks at how to configure these rights through group policy. In a lot of cases you should use different users rather then manually reconfigured rights on the computer. This video also looks at how you can run software on the computer as different users.
Rights on Windows override any permission or polices configured on the computer. For example, if you are an administrator you have the right to take ownership of a file regardless of what the permissions are set to. Rights are set to either allow or deny. For example if in order to logon to computer you need to the logon to computer right.
By default profiles are located in the c:\users directory. Each user will have their own folder. This folder contains all the users files and settings. These include but not limited to, desktop items, favourites and registry items.
Each profile on the computer will have a Sid or security Identifier associated with it. An Administrator user will have two Sid's associated with it. One general user Sid and one Administrator Sid. A Sid is a large number that is used to identifier that account and is used in other area of Windows to grant or deny access, for example in NTFS permissions
The group policy to change user rights can be found in
Computer Configuration\Security Settings\Local Polices\User Rights Assignment
If you run Local Security Polices from the start menu this will take you straight to Security Settings in the local group policy setting.
From here you can configure any right to a particular user or groups of users.
Running software as a different users
If you right click on an application you have the option to run the application as an administrator. It you hold the shift key down as well you also get the option to run the application as any user.
This can also be done from the command line using the runas command syntax below.
Runas /user:Username Exename /noprofile /savecred
The no profile switch (noprofile) will run the command without loading or creating the user profile for that user. This will mean the command will run faster but any environmental changes will not be saved and some program may have problems running without a profile.
The save credentials (savecred) will save the password entered into the credentials manager. This means that when the command is run again the saved password will be used. This means that runas can be used in batch job without the user being prompted for a password.
See http://YouTube.com/ITFreeTraining or http://itfreetraining.com for are always free training videos. This is only one video from the many free courses available on YouTube.
Tags: MCTS 70-680: Rights and elevating permissions, Rights, runas, elevation, 70-680, MCITP, MCTS, Windows 7, ITFreeTraining