Wednesday, 14 March 2012

Audit and document Security User Rights Assignment using C#



For more information on the Windows Server documentation abilities of XIA Configuration please see the following


We've recently been asked about the auditing of User Rights Assignment as seen in the Local Group Policy Editor.



Having looked into this issue it is apparent that this cannot be done with any high level API such as WMI and requires the use of P/Invoke and the Win32 method LsaEnumerateAccountsWithUserRight.

I've seen many posts on the Internet on the topic but I haven't seen a simplified example of this in use so have writen a quick C# sample application to enumerate the various rights and privileges and display the users assigned to that right in a grouped listview as per the screenshot below.


This can be downloaded from our web site in Visual Studio 2010 format
http://www.centrel-solutions.com/support/tools.aspx?feature=auditrights

The sample supports the following

  • Privileges and user rights
  • Ignoring privileges that are not supported on the target operating system
  • Privileges with no users assigned
  • SIDs that cannot be resolved to account names

 The capabilities of this sample application will be added into XIA Configuration Server Version 4.2 as well as the additional ability to determine where the policy setting was defined (locally or via Group Policy).

For more information on the Windows Server documentation abilities of XIA Configuration please see the following

Document and Audit User Rights Assignment with XIA Configurationhttp://www.centrel-solutions.com/xiaconfiguration

No comments:

Post a Comment