Welcome to this installment of “Learn Windows XP Professional in 15 minutes a week,” the 23rd in this series. In this article we will look at User
Rights/User Privileges under Windows XP Professional.
Managing user rights and privileges is key to the security and health of any system. Continuing his series, Jason Zandri helps prospective administrators understand how it all comes together in Windows XP Professional.
User Rights – PART 1 – User Privileges category
Windows XP Professional allows for rights to be configured to both individual users as
well as to groups of users. Right are best described as permitted actions that are allowed to those users or groups on a specific system or allowed
actions within the domain.
[NOTES FROM THE FIELD] – For the 70-270 exam it is probably not
critical that the different rights mentioned below be specifically memorized, however, you should have a good overview and understanding of each.
You may also see these terms listed in some text books as User Privileges and sometimes as Logon Rights. The terms are totally
interchangeable and merely denote what can be done by users or groups on a given system, however, they are often split into the two
This article will focus on the ones that are normally segmented under the User Privileges category.
On a stand alone Windows XP Professional system you can view the Rights Assignments for users by using the Local Security Policy MMC.
You could also do this for a domain member as well, but in most cases in a managed environment you may find that many settings are affecting the
local system via Group Policies enabled through links at the domain level and possibly at the OU levels.
[NOTES FROM THE FIELD] – For more information on Group Policy and how it works you can check out my Active Directory Group Policy article.
You can see in the image below that both “Deny logon as a service” and “Force Shutdown from a remote system” have a different image from the
rest of the rights in the User Rights Assignment section of the Local Security Policy.
This is because those two settings are being forced onto the local system via a Group Policy Object that is linked to the domain. This Windows
XP Professional system is a member of that domain and thus affected by that GPO.