Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

SeInteractiveLogonRight and SeNetworkLogonRight

Posted on 2013-12-02
3
Medium Priority
?
1,590 Views
Last Modified: 2013-12-02
I am trying to risk assess which users can login to a windows server through RDP (mstsc.exe). I have a list of user righrs assignmentS for the servers local groups, two of them are called "SeInteractiveLogonRight and SeNetworkLogonRight" - are these the rights that allow users to remote onto the server using mstsc.exe? If not - what exactly are they?
0
Comment
Question by:pma111
  • 2
3 Comments
 
LVL 3

Author Comment

by:pma111
ID: 39689693
Think I have found my own answer, i.e. SeRemoteInteractiveLogonRight is what you need to use RDP software.

What does "Access this Computer from the Network" actually mean? i.e. if every user in your network has this URA on say a windows 2003 file server, whats the risk?
0
 
LVL 58

Accepted Solution

by:
McKnife earned 2000 total points
ID: 39689834
Hi.

By default, no user may logon to a server via RDP, neither via interactive logon.
The privileges needed are SeRemoteInteractiveLogonRight  as you found out yourself ...together with SeInteractiveLogonRight however... can't be only one.

"Access this Computer from the Network" is held by every authenticated domain user by default. It is the same as SeNetworkLogonRight.
The logon type is called network logon and is used for accessing shares or other types of remote access like administrative things as we do remotely with the mmc.
0
 
LVL 58

Expert Comment

by:McKnife
ID: 39689837
About the risk: all dangerous things you can do remotely need remote administrative access in addition to that privilege. What can be done without admin rights is simply enumerating things that should not be of great concern. List shares, for example (not to be confused with listing the contents of the shares).
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question