The following settings can be configured to determine which user accounts should be assigned to each user right assignment. The default values are based on the Microsoft user right assignment best practice guidelines.


13.01 Access Credential Manager as a trusted caller

The desired value for the Access Credential Manager as a trusted caller user right.


13.02 Access this computer from the network

The desired value for the Access this computer from the network user right.


13.03 Act as part of the operating system

The desired value for the Act as part of the operating system user right.


13.04 Add workstations to domain

The desired value for the Add workstations to domain user right. This setting only applies to domain controllers.


13.05 Adjust memory quotas for a process

The desired value for the Adjust memory quotas for a process user right.


13.06 Allow log on locally

The desired value for the Allow log on locally user right.


13.07 Allow log on through Remote Desktop Services

The desired value for the Allow log on through Remote Desktop Services user right.


13.08 Back up files and directories

The desired value for the Back up files and directories user right.


13.09 Bypass traverse checking

The desired value for the Bypass traverse checking user right.


13.10 Change the system time

The desired value for the Change the system time user right.


13.11 Change the time zone

The desired value for the Change the time zone user right.


13.12 Create a pagefile

The desired value for the Create a pagefile user right.


13.13 Create a token object

The desired value for the Create a token object user right.


13.14 Create global objects

The desired value for the Create global objects user right.


13.15 Create permanent shared objects

The desired value for the Create permanent shared objects user right.


13.16 Create symbolic links

The desired value for the Create symbolic links user right.


13.17 Debug programs

The desired value for the Debug programs user right.


13.18 Deny access to this computer from the network

The desired value for the Deny access to this computer from the network user right.


13.19 Deny log on as a batch job

The desired value for the Deny log on as a batch job user right.


13.20 Deny log on as a service

The desired value for the Deny log on as a service user right.


13.21 Deny log on locally

The desired value for the Deny log on locally user right.


13.22 Deny log on through Remote Desktop Services

The desired value for the Deny log on through Remote Desktop Services user right.


13.23 Enable computer and user accounts to be trusted for delegation

The desired value for the Enable computer and user accounts to be trusted for delegation user right.


13.24 Force shutdown from a remote system

The desired value for the Force shutdown from a remote system user right.


13.25 Generate security audits

The desired value for the Generate security audits user right.


13.26 Impersonate a client after authentication

The desired value for the Impersonate a client after authentication user right.


13.27 Increase a process working set

The desired value for the Increase a process working set user right.


13.28 Increase scheduling priority

The desired value for the Increase scheduling priority user right.


13.29 Load and unload device drivers

The desired value for the Load and unload device drivers user right.


13.30 Lock pages in memory

The desired value for the Lock pages in memory user right.


13.31 Log on as a batch job

The desired value for the Log on as a batch job user right.


13.32 Log on as a service

The desired value for the Log on as a service user right.


13.33 Manage auditing and security log

The desired value for the Manage auditing and security log user right.


13.34 Modify an object label

The desired value for the Modify an object label user right.


13.35 Modify firmware environment values

The desired value for the Modify firmware environment values user right.


13.36 Obtain an impersonation token for another user in the same session

The desired value for the Obtain an impersonation token for another user in the same session user right.


13.37 Perform volume maintenance tasks

The desired value for the Perform volume maintenance tasks user right.


13.38 Profile single process

The desired value for the Profile single process user right.


13.39 Profile system performance

The desired value for the Profile system performance user right.


13.40 Remove computer from docking station

The desired value for the Remove computer from docking station user right.


13.41 Replace a process level token

The desired value for the Replace a process level token user right.


13.42 Restore files and directories

The desired value for the Restore files and directories user right.


13.43 Shut down the system

The desired value for the Shut down the system user right.


13.44 Synchronize directory service data

The desired value for the Synchronize directory service data user right.


13.45 Take ownership of files or other objects

The desired value for the Take ownership of files or other objects user right.