3.1.1.2.2 System Access Rights Data Model
The server MUST maintain a list of system access rights that it recognizes. A system access right is identified by a bit flag and a name. The name is a human-readable form of a system access right. The flag is a representation of the same system access right for data representation.
Fields:
Name
Flag
Two different system accesses MUST have different names and different bit flags.
The list of system access rights that MUST be supported are specified in section 2.2.1.2.<49>
The following table contains the string name that is associated with each system access right. The string name is used in methods that associate a system access with a particular account and that also specify the system access not by a POLICY_SYSTEM_ACCESS_MODE, but by the string specified in this table.
|
Name |
Flag |
|---|---|
|
SeInteractiveLogonRight |
POLICY_MODE_INTERACTIVE 0x00000001 |
|
SeNetworkLogonRight |
POLICY_MODE_NETWORK 0x00000002 |
|
SeBatchLogonRight |
POLICY_MODE_BATCH 0x00000004 |
|
SeServiceLogonRight |
POLICY_MODE_SERVICE 0x00000010 |
|
SeDenyInteractiveLogonRight |
POLICY_MODE_DENY_INTERACTIVE 0x00000040 |
|
SeDenyNetworkLogonRight |
POLICY_MODE_DENY_NETWORK 0x00000080 |
|
SeDenyBatchLogonRight |
POLICY_MODE_DENY_BATCH 0x00000100 |
|
SeDenyServiceLogonRight |
POLICY_MODE_DENY_SERVICE 0x00000200 |
|
SeRemoteInteractiveLogonRight |
POLICY_MODE_REMOTE_INTERACTIVE 0x00000400 |
|
SeDenyRemoteInteractiveLogonRight |
POLICY_MODE_DENY_REMOTE_INTERACTIVE 0x00000800 |