Windows shell 创建用户,并将service启动用户设为该用户
windows command-line 命令授权账户的权限为Log On As A Service,
ntrights.exe +r SeServiceLogonRight -u domain\accountname
Granting SeServiceLogonRight to domain\accountname ... successful如果在CMD运行遇到以下错误,关闭wiNdows ?UAC功能或让CMD运行在admin用户下(run as admin)
Granting SeServiceLogonRight to domain\accountname?? OpenPolicy:
***Error*** OpenPolicy -1073741790
?
ntrights命令需要单独从微软网站下载,属于Resource Kit Tools包,主要功能就是给service授权,能授权的功能如下,该命令运行需要administrator权限:
?
SeAssignPrimaryTokenPrivilege: Replace a process level token SeAuditPrivilege: Generate security audits SeBackupPrivilege: Back up files and directories SeBatchLogonRight: Log on as a batch job SeChangeNotifyPrivilege: Bypass traverse checking SeCreatePagefilePrivilege: Create a paging file SeCreatePermanentPrivilege: Create permanent shared objects SeCreateTokenPrivilege: Create a token object SeDebugPrivilege: Debug programs SeIncreaseBasePriorityPrivilege: Increase scheduling priority SeIncreaseQuotaPrivilege: Increase quotas SeInteractiveLogonRight: Log on locally SeLoadDriverPrivilege: Load and unload device drivers SeLockMemoryPrivilege: Lock pages in memory SeMachineAccountPrivilege: Add workstations to domain SeNetworkLogonRight: Access this computer from the network SeProfileSingleProcessPrivilege: Profile single process SeRemoteShutdownPrivilege: Force shutdown from a remote system SeRestorePrivilege: Restore files and directories SeSecurityPrivilege: Manage auditing and security log SeServiceLogonRight: Log on as a service SeShutdownPrivilege: Shut down the system SeSystemEnvironmentPrivilege: Modify firmware environment values SeSystemProfilePrivilege: Profile system performance SeSystemTimePrivilege: Change the system time SeTakeOwnershipPrivilege: Take ownership of files or other objects SeTcbPrivilege: Act as part of the operating system SeUnsolicitedInputPrivilege: Read unsolicited input from a terminal device
?
用管理员权限运行某些命令的方式为:
runas /user:administrator cmd.exe
相当于windows版的sudo,运行后需要手工输入管理员密码。
?
本文出自 “祝坤荣” 博客,请务必保留此出处