I need to be able to check for all of these user rights and privileges.
I have attempted using a token to access these, but this only accomplishes the list of privileges. I've checked this library and also this one but am unable to find a solution. Is the only way to accomplish this testing each specified right / privilege independently? Or I may just be clueless.
Any help in the right direction would be appreciated!
I believe the only way to do this is to use either LsaEnumerateAccountsWithUserRight or LsaEnumerateAccountRights to query the LSA policy.
Since rights need not be assigned directly (i.e., they could be assigned to a group, or to a security primitive such as Everyone or INTERACTIVE USERS) you'll need to enumerate the SIDs in the user's token and cross-reference this with the LSA policy.
来源:https://stackoverflow.com/questions/21252677/how-to-get-user-rights-and-privileges-of-a-windows-user-account