Solved

SeInteractiveLogonRight and SeNetworkLogonRight

Posted on 2013-12-02
3
1,362 Views
Last Modified: 2013-12-02
I am trying to risk assess which users can login to a windows server through RDP (mstsc.exe). I have a list of user righrs assignmentS for the servers local groups, two of them are called "SeInteractiveLogonRight and SeNetworkLogonRight" - are these the rights that allow users to remote onto the server using mstsc.exe? If not - what exactly are they?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 3

Author Comment

by:pma111
ID: 39689693
Think I have found my own answer, i.e. SeRemoteInteractiveLogonRight is what you need to use RDP software.

What does "Access this Computer from the Network" actually mean? i.e. if every user in your network has this URA on say a windows 2003 file server, whats the risk?
0
 
LVL 54

Accepted Solution

by:
McKnife earned 500 total points
ID: 39689834
Hi.

By default, no user may logon to a server via RDP, neither via interactive logon.
The privileges needed are SeRemoteInteractiveLogonRight  as you found out yourself ...together with SeInteractiveLogonRight however... can't be only one.

"Access this Computer from the Network" is held by every authenticated domain user by default. It is the same as SeNetworkLogonRight.
The logon type is called network logon and is used for accessing shares or other types of remote access like administrative things as we do remotely with the mmc.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39689837
About the risk: all dangerous things you can do remotely need remote administrative access in addition to that privilege. What can be done without admin rights is simply enumerating things that should not be of great concern. List shares, for example (not to be confused with listing the contents of the shares).
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows Server Backup for Exchange incremental 15 99
Server Backup on 2016 Essentials Box 1 65
Unable to hit site 2 30
Removing local admin rights 4 10
Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question