日期:2014-05-16  浏览次数:20819 次

Windows shell 创建用户,并将service启动用户设为该用户

最近改InstallAnyWhere脚本,其提供的action中可以调用系统的command或script,windows下就是CMD命令和BAT,有些实用命令记录一下。

?

创建用户test,密码为password:

net user test password /ADD

?

删除用户test:

net user test /delete

?

授权用户对某目录d:\Program Files\Applian的访问权限(full access):

cacls "d:\Program Files\Applian" /t /e /g test:f


windows command-line 命令授权账户的权限为Log On As A Service,
ntrights.exe +r SeServiceLogonRight -u domain\accountname

Granting SeServiceLogonRight to domain\accountname   ... successful

如果在CMD运行遇到以下错误,关闭wiNdows ?UAC功能或让CMD运行在admin用户下(run as admin)
Granting SeServiceLogonRight to domain\accountname?? OpenPolicy:

***Error*** OpenPolicy -1073741790

?

ntrights命令需要单独从微软网站下载,属于Resource Kit Tools包,主要功能就是给service授权,能授权的功能如下,该命令运行需要administrator权限:

?

 SeAssignPrimaryTokenPrivilege:  Replace a process level token

  SeAuditPrivilege:  Generate security audits

  SeBackupPrivilege:  Back up files and directories

  SeBatchLogonRight:  Log on as a batch job

  SeChangeNotifyPrivilege:  Bypass traverse checking

  SeCreatePagefilePrivilege:  Create a paging file

  SeCreatePermanentPrivilege:  Create permanent shared objects

  SeCreateTokenPrivilege:  Create a token object

  SeDebugPrivilege:  Debug programs

  SeIncreaseBasePriorityPrivilege:  Increase scheduling priority

  SeIncreaseQuotaPrivilege:  Increase quotas

  SeInteractiveLogonRight:  Log on locally

  SeLoadDriverPrivilege:  Load and unload device drivers

  SeLockMemoryPrivilege:  Lock pages in memory

  SeMachineAccountPrivilege:  Add workstations to domain

  SeNetworkLogonRight:  Access this computer from the network

  SeProfileSingleProcessPrivilege:  Profile single process

  SeRemoteShutdownPrivilege:  Force shutdown from a remote system

  SeRestorePrivilege:  Restore files and directories

  SeSecurityPrivilege:  Manage auditing and security log

  SeServiceLogonRight:  Log on as a service

  SeShutdownPrivilege:  Shut down the system

  SeSystemEnvironmentPrivilege:  Modify firmware environment values

  SeSystemProfilePrivilege:  Profile system performance

  SeSystemTimePrivilege:  Change the system time

  SeTakeOwnershipPrivilege:  Take ownership of files or other objects

  SeTcbPrivilege:  Act as part of the operating system

  SeUnsolicitedInputPrivilege:  Read unsolicited input from a terminal device

?

用管理员权限运行某些命令的方式为:

runas /user:administrator cmd.exe

相当于windows版的sudo,运行后需要手工输入管理员密码。

?

本文出自 “祝坤荣” 博客,请务必保留此出处