How would I query AD to compile a list of users with a particular right (e.g. SeTcbPrivilege, SeBackupPrivilege, SeDebugPrivilege, etc.) using Powershell? RRS feed

  • Question

  • Hello TechNet Community,

    I am currently using the UserRights.psm1 powershell module to try and compile a list of accounts that have the following rights:

    Act as part of the OS

    – SeTcbPrivilege

    Back up files and directories

    – SeBackupPrivilege

    Restore files and directories

    – SeRestorePrivilege

    Create a token object

    – SeCreateTokenPrivilege

    Debug programs

    – SeDebugPrivilege

    Impersonate a client

    – SeImpersonatePrivilege

    Manage auditing

    – SeAuditPrivilege

    Replace a process level token

    – SeAssignPrimaryTokenPrivilege

    Take ownership

    – SeTakeOwnershipPrivilege

    I have tried using this powershell script to compile the results but I'm unable to get an output  "Get-AccountsWithUserRight -Right InsertPrivilegeNameHere." If I could be given insight on how to accomplish this task I would be very grateful.  

    Thanks Again,


    • Edited by Zook93 Monday, February 11, 2019 4:04 PM
    • Moved by Bill_Stewart Friday, March 15, 2019 7:29 PM This is not support forum for gallery scripts
    Monday, February 11, 2019 4:01 PM

All replies

  • For questions related to gallery scripts or modules you should ask the author in the Q and A section.

    Live long and prosper!


    Monday, February 11, 2019 4:16 PM
  • User rights are not stored in AD.


    Monday, February 11, 2019 8:13 PM
  • I also suggest you read the help for the command to learn how to use it,

    help  Get-AccountsWithUserRight -ShowWindow

    help  Get-AccountsWithUserRight -parameter Right


    Monday, February 11, 2019 8:23 PM