Hi
Please download SWWhoAmI and save it to your Desktop.
Launch Notepad, and copy/paste the box below into a new text file. Save it as Export.bat and save it on your Desktop.
Locate Export.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the text here.swwhoami > Output.txt
notepad Output.txt
Last edited by Shaba; 2007-05-26 at 14:49.
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
Username: PHIL\PHIL
SID: S-1-5-21-1606980848-1547161642-1801674531
Days since last password change: 808
Privilege: 2 (USER_PRIV_ADMIN)
Home directory:
Comment: ''
Flags: 66049 (UF_SCRIPT, UF_NORMAL_ACCOUNT, UF_DONT_EXPIRE_PASSWD)
Script path:
Operator privilege: 0 ()
Full name:
User comment: ''
Parms: ''
Workstations:
Last logon time: 26 May 2007 07:37:05
Last logoff time: unknown
Account expires: never
Maximum discspace: unlimited
Units per week: 168
Logonhours: 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
Bad password count: 0
Total logins count: 2508
Logonserver: \\*
Countrycode: 0
Codepage: 0
User ID: 1003
Primary Group ID: 513
Profile path:
Home directory:
Password is not expired
Groups: ----------------------------------------------------------------------
PHIL\None (S-1-5-21-1606980848-1547161642-1801674531-513)
Everyone (S-1-1-0)
PHIL\Administrators (S-1-5-32-544)
PHIL\Users (S-1-5-32-545)
NT AUTHORITY\INTERACTIVE (S-1-5-4)
NT AUTHORITY\Authenticated Users (S-1-5-11)
<??> (S-1-5-5-0-51402)
LOCAL (S-1-2-0)
Privileges: ------------------------------------------------------------------
(0) SeTakeOwnershipPrivilege = Take ownership of files or other objects
(0) SeCreateTokenPrivilege = Create a token object
(0) SeAssignPrimaryTokenPrivilege = Replace a process level token
(0) SeLockMemoryPrivilege = Lock pages in memory
(0) SeIncreaseQuotaPrivilege = Adjust memory quotas for a process
(0) SeUnsolicitedInputPrivilege = SeUnsolicitedInputPrivilege
(0) SeMachineAccountPrivilege = Add workstations to domain
(0) SeTcbPrivilege = Act as part of the operating system
(0) SeSecurityPrivilege = Manage auditing and security log
(0) SeTakeOwnershipPrivilege = Take ownership of files or other objects
(X) SeLoadDriverPrivilege = Load and unload device drivers
(0) SeSystemProfilePrivilege = Profile system performance
(0) SeSystemtimePrivilege = Change the system time
(0) SeProfileSingleProcessPrivilege = Profile single process
(0) SeIncreaseBasePriorityPrivilege = Increase scheduling priority
(0) SeCreatePagefilePrivilege = Create a pagefile
(0) SeCreatePermanentPrivilege = Create permanent shared objects
(0) SeBackupPrivilege = Back up files and directories
(0) SeRestorePrivilege = Restore files and directories
(0) SeShutdownPrivilege = Shut down the system
(0) SeDebugPrivilege = Debug programs
(0) SeAuditPrivilege = Generate security audits
(0) SeSystemEnvironmentPrivilege = Modify firmware environment values
(X) SeChangeNotifyPrivilege = Bypass traverse checking
(0) SeRemoteShutdownPrivilege = Force shutdown from a remote system
(X) SeUndockPrivilege = Remove computer from docking station
(0) SeSyncAgentPrivilege = Synchronize directory service data
(0) SeEnableDelegationPrivilege = Enable computer and user accounts to be trusted for delegation
(0) SeManageVolumePrivilege = Perform volume maintenance tasks
(X) SeImpersonatePrivilege = Impersonate a client after authentication
(X) SeCreateGlobalPrivilege = Create global objects
Environment variables: -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\PHIL\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PHIL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\PHIL
LOGONSERVER=\\PHIL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;"C:\Program Files\Symantec\Norton Ghost 2003\"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PHIL\LOCALS~1\Temp
TMP=C:\DOCUME~1\PHIL\LOCALS~1\Temp
USERDOMAIN=PHIL
USERNAME=PHIL
USERPROFILE=C:\Documents and Settings\PHIL
windir=C:\WINDOWS
Hi
Yes, there are almost all priviledges missing so no wonder that kaspersky failed.
Please download NTrights.zip.
http://koti.mbnet.fi/illukka/NTrights.zip
Save it on your desktop.
Unzip/extract it.
Open the NTrights-folder
Copy text below to Notepad and save it as addperms.bat (save it as all files, *.* and to Ntrights-folder you previously extracted)
@ECHO OFF
ntrights +r SeDebugPrivilege -u Phil >>log.txt
ntrights +r SeTakeOwnershipPrivilege -u Phil >>log.txt
ntrights +r SeCreateTokenPrivilege -u Phil >>log.txt
ntrights +r SeAssignPrimaryTokenPrivilege -u Phil >>log.txt
ntrights +r SeIncreaseQuotaPrivilege -u Phil >>log.txt
ntrights +r SeLockMemoryPrivilege -u Phil >>log.txt
ntrights +r SeUnsolicitedInputPrivilege -u Phil >>log.txt
ntrights +r SeMachineAccountPrivilege -u Phil >>log.txt
ntrights +r SeTcbPrivilege -u Phil >>log.txt
ntrights +r SeSecurityPrivilege -u Phil >>log.txt
ntrights +r SeSystemProfilePrivilege -u Phil >>log.txt
ntrights +r SeSystemtimePrivilege -u Phil >>log.txt
ntrights +r SeProfileSingleProcessPrivilege -u Phil >>log.txt
ntrights +r SeIncreaseBasePriorityPrivilege -u Phil >>log.txt
ntrights +r SeCreatePagefilePrivilege -u Phil >>log.txt
ntrights +r SeCreatePermanentPrivilege -u Phil >>log.txt
ntrights +r SeBackupPrivilege -u Phil >>log.txt
ntrights +r SeRestorePrivilege -u Phil >>log.txt
ntrights +r SeShutdownPrivilege -u Phil >>log.txt
ntrights +r SeAuditPrivilege -u Phil >>log.txt
ntrights +r SeSystemEnvironmentPrivilege -u Phil >>log.txt
ntrights +r SeRemoteShutdownPrivilege -u Phil >>log.txt
ntrights +r SeSyncAgentPrivilege -u Phil >>log.txt
ntrights +r SeEnableDelegationPrivilege -u Phil >>log.txt
ntrights +r SeManageVolumePrivilege -u Phil >>log.txt
now done >>log.txt
@echo.
@echo.
@echo.
start log.txt
It should look like this ->
Double click on the addperms.bat file to run it, follow any prompts it asks.
REBOOT
Doubleclick the addperms.bat again after reboot.
It will create a log.
If the log says:
"Granting SeDebugPrivilege to Administrators ... successful" etc. things should be ok.
Re-run export.bat and post its contents here, please
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
Username: PHIL\PHIL
SID: S-1-5-21-1606980848-1547161642-1801674531
Days since last password change: 810
Privilege: 2 (USER_PRIV_ADMIN)
Home directory:
Comment: ''
Flags: 66049 (UF_SCRIPT, UF_NORMAL_ACCOUNT, UF_DONT_EXPIRE_PASSWD)
Script path:
Operator privilege: 0 ()
Full name:
User comment: ''
Parms: ''
Workstations:
Last logon time: 28 May 2007 12:24:06
Last logoff time: unknown
Account expires: never
Maximum discspace: unlimited
Units per week: 168
Logonhours: 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
Bad password count: 0
Total logins count: 2516
Logonserver: \\*
Countrycode: 0
Codepage: 0
User ID: 1003
Primary Group ID: 513
Profile path:
Home directory:
Password is not expired
Groups: ----------------------------------------------------------------------
PHIL\None (S-1-5-21-1606980848-1547161642-1801674531-513)
Everyone (S-1-1-0)
PHIL\Administrators (S-1-5-32-544)
PHIL\Users (S-1-5-32-545)
NT AUTHORITY\INTERACTIVE (S-1-5-4)
NT AUTHORITY\Authenticated Users (S-1-5-11)
<??> (S-1-5-5-0-51492)
LOCAL (S-1-2-0)
Privileges: ------------------------------------------------------------------
(0) SeTakeOwnershipPrivilege = Take ownership of files or other objects
(0) SeCreateTokenPrivilege = Create a token object
(0) SeAssignPrimaryTokenPrivilege = Replace a process level token
(0) SeLockMemoryPrivilege = Lock pages in memory
(0) SeIncreaseQuotaPrivilege = Adjust memory quotas for a process
(0) SeUnsolicitedInputPrivilege = SeUnsolicitedInputPrivilege
(0) SeMachineAccountPrivilege = Add workstations to domain
(0) SeTcbPrivilege = Act as part of the operating system
(0) SeSecurityPrivilege = Manage auditing and security log
(0) SeTakeOwnershipPrivilege = Take ownership of files or other objects
(X) SeLoadDriverPrivilege = Load and unload device drivers
(0) SeSystemProfilePrivilege = Profile system performance
(0) SeSystemtimePrivilege = Change the system time
(0) SeProfileSingleProcessPrivilege = Profile single process
(0) SeIncreaseBasePriorityPrivilege = Increase scheduling priority
(0) SeCreatePagefilePrivilege = Create a pagefile
(0) SeCreatePermanentPrivilege = Create permanent shared objects
(0) SeBackupPrivilege = Back up files and directories
(0) SeRestorePrivilege = Restore files and directories
(0) SeShutdownPrivilege = Shut down the system
(0) SeDebugPrivilege = Debug programs
(0) SeAuditPrivilege = Generate security audits
(0) SeSystemEnvironmentPrivilege = Modify firmware environment values
(X) SeChangeNotifyPrivilege = Bypass traverse checking
(0) SeRemoteShutdownPrivilege = Force shutdown from a remote system
(X) SeUndockPrivilege = Remove computer from docking station
(0) SeSyncAgentPrivilege = Synchronize directory service data
(0) SeEnableDelegationPrivilege = Enable computer and user accounts to be trusted for delegation
(0) SeManageVolumePrivilege = Perform volume maintenance tasks
(X) SeImpersonatePrivilege = Impersonate a client after authentication
(X) SeCreateGlobalPrivilege = Create global objects
Environment variables: -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\PHIL\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PHIL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\PHIL
LOGONSERVER=\\PHIL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;"C:\Program Files\Symantec\Norton Ghost 2003\"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PHIL\LOCALS~1\Temp
TMP=C:\DOCUME~1\PHIL\LOCALS~1\Temp
USERDOMAIN=PHIL
USERNAME=PHIL
USERPROFILE=C:\Documents and Settings\PHIL
windir=C:\WINDOWS
Hi
Ok, let's modify bat a bit:
Please download NTrights.zip.
http://koti.mbnet.fi/illukka/NTrights.zip
Save it on your desktop.
Unzip/extract it.
Open the NTrights-folder
Copy text below to Notepad and save it as addperms.bat (save it as all files, *.* and to Ntrights-folder you previously extracted)
@ECHO OFF
ntrights +r SeDebugPrivilege -u PHIL >>log.txt
ntrights +r SeTakeOwnershipPrivilege -u PHIL >>log.txt
ntrights +r SeCreateTokenPrivilege -u PHIL >>log.txt
ntrights +r SeAssignPrimaryTokenPrivilege -u PHIL >>log.txt
ntrights +r SeIncreaseQuotaPrivilege -u PHIL >>log.txt
ntrights +r SeLockMemoryPrivilege -u PHIL >>log.txt
ntrights +r SeUnsolicitedInputPrivilege -u PHIL >>log.txt
ntrights +r SeMachineAccountPrivilege -u PHIL >>log.txt
ntrights +r SeTcbPrivilege -u PHIL >>log.txt
ntrights +r SeSecurityPrivilege -u PHIL >>log.txt
ntrights +r SeSystemProfilePrivilege -u PHIL >>log.txt
ntrights +r SeSystemtimePrivilege -u PHIL >>log.txt
ntrights +r SeProfileSingleProcessPrivilege -u PHIL >>log.txt
ntrights +r SeIncreaseBasePriorityPrivilege -u PHIL >>log.txt
ntrights +r SeCreatePagefilePrivilege -u PHIL >>log.txt
ntrights +r SeCreatePermanentPrivilege -u PHILl >>log.txt
ntrights +r SeBackupPrivilege -u PHIL >>log.txt
ntrights +r SeRestorePrivilege -u PHIL >>log.txt
ntrights +r SeShutdownPrivilege -u PHIL >>log.txt
ntrights +r SeAuditPrivilege -u PHIL >>log.txt
ntrights +r SeSystemEnvironmentPrivilege -u PHIL >>log.txt
ntrights +r SeRemoteShutdownPrivilege -u PHIL >>log.txt
ntrights +r SeSyncAgentPrivilege -u PHIL >>log.txt
ntrights +r SeEnableDelegationPrivilege -u PHIL >>log.txt
ntrights +r SeManageVolumePrivilege -u PHIL >>log.txt
now done >>log.txt
@echo.
@echo.
@echo.
start log.txt
It should look like this ->
Double click on the addperms.bat file to run it, follow any prompts it asks.
REBOOT
Doubleclick the addperms.bat again after reboot.
It will create a log.
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
Hi.
Wasn't sure which log you wanted to see. This is the addperms log.
Granting SeDebugPrivilege to Phil ... successful
Granting SeTakeOwnershipPrivilege to Phil ... successful
Granting SeCreateTokenPrivilege to Phil ... successful
Granting SeAssignPrimaryTokenPrivilege to Phil ... successful
Granting SeIncreaseQuotaPrivilege to Phil ... successful
Granting SeLockMemoryPrivilege to Phil ... successful
Granting SeUnsolicitedInputPrivilege to Phil ... failed
AddUserRightToAccount:
***Error*** AddUserRightToAccount -1073741728
Granting SeMachineAccountPrivilege to Phil ... successful
Granting SeTcbPrivilege to Phil ... successful
Granting SeSecurityPrivilege to Phil ... successful
Granting SeSystemProfilePrivilege to Phil ... successful
Granting SeSystemtimePrivilege to Phil ... successful
Granting SeProfileSingleProcessPrivilege to Phil ... successful
Granting SeIncreaseBasePriorityPrivilege to Phil ... successful
Granting SeCreatePagefilePrivilege to Phil ... successful
Granting SeCreatePermanentPrivilege to Phil ... successful
Granting SeBackupPrivilege to Phil ... successful
Granting SeRestorePrivilege to Phil ... successful
Granting SeShutdownPrivilege to Phil ... successful
Granting SeAuditPrivilege to Phil ... successful
Granting SeSystemEnvironmentPrivilege to Phil ... successful
Granting SeRemoteShutdownPrivilege to Phil ... successful
Granting SeSyncAgentPrivilege to Phil ... successful
Granting SeEnableDelegationPrivilege to Phil ... successful
Granting SeManageVolumePrivilege to Phil ... successful
Mon May 28 13:22:23 2007 -- done
Granting SeDebugPrivilege to Phil ... successful
Granting SeTakeOwnershipPrivilege to Phil ... successful
Granting SeCreateTokenPrivilege to Phil ... successful
Granting SeAssignPrimaryTokenPrivilege to Phil ... successful
Granting SeIncreaseQuotaPrivilege to Phil ... successful
Granting SeLockMemoryPrivilege to Phil ... successful
Granting SeUnsolicitedInputPrivilege to Phil ... failed
AddUserRightToAccount:
***Error*** AddUserRightToAccount -1073741728
Granting SeMachineAccountPrivilege to Phil ... successful
Granting SeTcbPrivilege to Phil ... successful
Granting SeSecurityPrivilege to Phil ... successful
Granting SeSystemProfilePrivilege to Phil ... successful
Granting SeSystemtimePrivilege to Phil ... successful
Granting SeProfileSingleProcessPrivilege to Phil ... successful
Granting SeIncreaseBasePriorityPrivilege to Phil ... successful
Granting SeCreatePagefilePrivilege to Phil ... successful
Granting SeCreatePermanentPrivilege to Phil ... successful
Granting SeBackupPrivilege to Phil ... successful
Granting SeRestorePrivilege to Phil ... successful
Granting SeShutdownPrivilege to Phil ... successful
Granting SeAuditPrivilege to Phil ... successful
Granting SeSystemEnvironmentPrivilege to Phil ... successful
Granting SeRemoteShutdownPrivilege to Phil ... successful
Granting SeSyncAgentPrivilege to Phil ... successful
Granting SeEnableDelegationPrivilege to Phil ... successful
Granting SeManageVolumePrivilege to Phil ... successful
Mon May 28 13:26:54 2007 -- done
Granting SeDebugPrivilege to PHIL ... successful
Granting SeTakeOwnershipPrivilege to PHIL ... successful
Granting SeCreateTokenPrivilege to PHIL ... successful
Granting SeAssignPrimaryTokenPrivilege to PHIL ... successful
Granting SeIncreaseQuotaPrivilege to PHIL ... successful
Granting SeLockMemoryPrivilege to PHIL ... successful
Granting SeUnsolicitedInputPrivilege to PHIL ... failed
AddUserRightToAccount:
***Error*** AddUserRightToAccount -1073741728
Granting SeMachineAccountPrivilege to PHIL ... successful
Granting SeTcbPrivilege to PHIL ... successful
Granting SeSecurityPrivilege to PHIL ... successful
Granting SeSystemProfilePrivilege to PHIL ... successful
Granting SeSystemtimePrivilege to PHIL ... successful
Granting SeProfileSingleProcessPrivilege to PHIL ... successful
Granting SeIncreaseBasePriorityPrivilege to PHIL ... successful
Granting SeCreatePagefilePrivilege to PHIL ... successful
Granting SeCreatePermanentPrivilege to PHILl ... failed (GetAccountSid(PHILl)=1332
Granting SeBackupPrivilege to PHIL ... successful
Granting SeRestorePrivilege to PHIL ... successful
Granting SeShutdownPrivilege to PHIL ... successful
Granting SeAuditPrivilege to PHIL ... successful
Granting SeSystemEnvironmentPrivilege to PHIL ... successful
Granting SeRemoteShutdownPrivilege to PHIL ... successful
Granting SeSyncAgentPrivilege to PHIL ... successful
Granting SeEnableDelegationPrivilege to PHIL ... successful
Granting SeManageVolumePrivilege to PHIL ... successful
Mon May 28 19:59:02 2007 -- done
Granting SeDebugPrivilege to PHIL ... successful
Granting SeTakeOwnershipPrivilege to PHIL ... successful
Granting SeCreateTokenPrivilege to PHIL ... successful
Granting SeAssignPrimaryTokenPrivilege to PHIL ... successful
Granting SeIncreaseQuotaPrivilege to PHIL ... successful
Granting SeLockMemoryPrivilege to PHIL ... successful
Granting SeUnsolicitedInputPrivilege to PHIL ... failed
AddUserRightToAccount:
***Error*** AddUserRightToAccount -1073741728
Granting SeMachineAccountPrivilege to PHIL ... successful
Granting SeTcbPrivilege to PHIL ... successful
Granting SeSecurityPrivilege to PHIL ... successful
Granting SeSystemProfilePrivilege to PHIL ... successful
Granting SeSystemtimePrivilege to PHIL ... successful
Granting SeProfileSingleProcessPrivilege to PHIL ... successful
Granting SeIncreaseBasePriorityPrivilege to PHIL ... successful
Granting SeCreatePagefilePrivilege to PHIL ... successful
Granting SeCreatePermanentPrivilege to PHILl ... failed (GetAccountSid(PHILl)=1332
Granting SeBackupPrivilege to PHIL ... successful
Granting SeRestorePrivilege to PHIL ... successful
Granting SeShutdownPrivilege to PHIL ... successful
Granting SeAuditPrivilege to PHIL ... successful
Granting SeSystemEnvironmentPrivilege to PHIL ... successful
Granting SeRemoteShutdownPrivilege to PHIL ... successful
Granting SeSyncAgentPrivilege to PHIL ... successful
Granting SeEnableDelegationPrivilege to PHIL ... successful
Granting SeManageVolumePrivilege to PHIL ... successful
Mon May 28 20:01:03 2007 -- done
Hi
I want you to re-run SWWhoami and post its log here
That log you posted looks good.
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
Is this the one?
Username: PHIL\PHIL
SID: S-1-5-21-1606980848-1547161642-1801674531
Days since last password change: 811
Privilege: 2 (USER_PRIV_ADMIN)
Home directory:
Comment: ''
Flags: 66049 (UF_SCRIPT, UF_NORMAL_ACCOUNT, UF_DONT_EXPIRE_PASSWD)
Script path:
Operator privilege: 0 ()
Full name:
User comment: ''
Parms: ''
Workstations:
Last logon time: 29 May 2007 07:01:04
Last logoff time: unknown
Account expires: never
Maximum discspace: unlimited
Units per week: 168
Logonhours: 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
Bad password count: 0
Total logins count: 2520
Logonserver: \\*
Countrycode: 0
Codepage: 0
User ID: 1003
Primary Group ID: 513
Profile path:
Home directory:
Password is not expired
Groups: ----------------------------------------------------------------------
PHIL\None (S-1-5-21-1606980848-1547161642-1801674531-513)
Everyone (S-1-1-0)
PHIL\Administrators (S-1-5-32-544)
PHIL\Users (S-1-5-32-545)
NT AUTHORITY\INTERACTIVE (S-1-5-4)
NT AUTHORITY\Authenticated Users (S-1-5-11)
<??> (S-1-5-5-0-51320)
LOCAL (S-1-2-0)
Privileges: ------------------------------------------------------------------
(0) SeTakeOwnershipPrivilege = Take ownership of files or other objects
(0) SeCreateTokenPrivilege = Create a token object
(0) SeAssignPrimaryTokenPrivilege = Replace a process level token
(0) SeLockMemoryPrivilege = Lock pages in memory
(0) SeIncreaseQuotaPrivilege = Adjust memory quotas for a process
(0) SeUnsolicitedInputPrivilege = SeUnsolicitedInputPrivilege
(0) SeMachineAccountPrivilege = Add workstations to domain
(0) SeTcbPrivilege = Act as part of the operating system
(0) SeSecurityPrivilege = Manage auditing and security log
(0) SeTakeOwnershipPrivilege = Take ownership of files or other objects
(X) SeLoadDriverPrivilege = Load and unload device drivers
(0) SeSystemProfilePrivilege = Profile system performance
(0) SeSystemtimePrivilege = Change the system time
(0) SeProfileSingleProcessPrivilege = Profile single process
(0) SeIncreaseBasePriorityPrivilege = Increase scheduling priority
(0) SeCreatePagefilePrivilege = Create a pagefile
(0) SeCreatePermanentPrivilege = Create permanent shared objects
(0) SeBackupPrivilege = Back up files and directories
(0) SeRestorePrivilege = Restore files and directories
(0) SeShutdownPrivilege = Shut down the system
(0) SeDebugPrivilege = Debug programs
(0) SeAuditPrivilege = Generate security audits
(0) SeSystemEnvironmentPrivilege = Modify firmware environment values
(X) SeChangeNotifyPrivilege = Bypass traverse checking
(0) SeRemoteShutdownPrivilege = Force shutdown from a remote system
(X) SeUndockPrivilege = Remove computer from docking station
(0) SeSyncAgentPrivilege = Synchronize directory service data
(0) SeEnableDelegationPrivilege = Enable computer and user accounts to be trusted for delegation
(0) SeManageVolumePrivilege = Perform volume maintenance tasks
(X) SeImpersonatePrivilege = Impersonate a client after authentication
(X) SeCreateGlobalPrivilege = Create global objects
Environment variables: -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\PHIL\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PHIL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\PHIL
LOGONSERVER=\\PHIL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;"C:\Program Files\Symantec\Norton Ghost 2003\"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PHIL\LOCALS~1\Temp
TMP=C:\DOCUME~1\PHIL\LOCALS~1\Temp
USERDOMAIN=PHIL
USERNAME=PHIL
USERPROFILE=C:\Documents and Settings\PHIL
windir=C:\WINDOWS
Hi
Yes, that's the one.
No success however.
Copy text below to Notepad and save it as addperms2.bat (save it as all files, *.*, and to Ntrights-folder you previously extracted)
@ECHO OFF
ntrights +r SeDebugPrivilege -u Administrators >>log.txt
ntrights +r SeTakeOwnershipPrivilege -u Administrators >>log.txt
ntrights +r SeCreateTokenPrivilege -u Administrators >>log.txt
ntrights +r SeAssignPrimaryTokenPrivilege -u Administrators >>log.txt
ntrights +r SeIncreaseQuotaPrivilege -u Administrators >>log.txt
ntrights +r SeLockMemoryPrivilege -u Administrators >>log.txt
ntrights +r SeUnsolicitedInputPrivilege -u Administrators >>log.txt
ntrights +r SeMachineAccountPrivilege -u Administrators >>log.txt
ntrights +r SeTcbPrivilege -u Administrators >>log.txt
ntrights +r SeSecurityPrivilege -u Administrators >>log.txt
ntrights +r SeSystemProfilePrivilege -u Administrators >>log.txt
ntrights +r SeSystemtimePrivilege -u Administrators >>log.txt
ntrights +r SeProfileSingleProcessPrivilege -u Administrators >>log.txt
ntrights +r SeIncreaseBasePriorityPrivilege -u Administrators >>log.txt
ntrights +r SeCreatePagefilePrivilege -u Administrators >>log.txt
ntrights +r SeCreatePermanentPrivilege -u Administratorsl >>log.txt
ntrights +r SeBackupPrivilege -u Administrators >>log.txt
ntrights +r SeRestorePrivilege -u Administrators >>log.txt
ntrights +r SeShutdownPrivilege -u Administrators >>log.txt
ntrights +r SeAuditPrivilege -u Administrators >>log.txt
ntrights +r SeSystemEnvironmentPrivilege -u Administrators >>log.txt
ntrights +r SeRemoteShutdownPrivilege -u Administrators >>log.txt
ntrights +r SeSyncAgentPrivilege -u Administrators >>log.txt
ntrights +r SeEnableDelegationPrivilege -u Administrators >>log.txt
ntrights +r SeManageVolumePrivilege -u Administrators >>log.txt
now done >>log.txt
@echo.
@echo.
@echo.
Double click on the addperms2.bat file to run it, follow any prompts it asks.
REBOOT
Doubleclick the addperms.bat again after reboot.
It will create a log
Re-run export.bat and post its contents here, please
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
At this stage I feel I should point out that when I double click on addperms/addperms2 it never asks me to do anything.
Username: PHIL\PHIL
SID: S-1-5-21-1606980848-1547161642-1801674531
Days since last password change: 812
Privilege: 2 (USER_PRIV_ADMIN)
Home directory:
Comment: ''
Flags: 66049 (UF_SCRIPT, UF_NORMAL_ACCOUNT, UF_DONT_EXPIRE_PASSWD)
Script path:
Operator privilege: 0 ()
Full name:
User comment: ''
Parms: ''
Workstations:
Last logon time: 29 May 2007 18:22:54
Last logoff time: unknown
Account expires: never
Maximum discspace: unlimited
Units per week: 168
Logonhours: 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
Bad password count: 0
Total logins count: 2522
Logonserver: \\*
Countrycode: 0
Codepage: 0
User ID: 1003
Primary Group ID: 513
Profile path:
Home directory:
Password is not expired
Groups: ----------------------------------------------------------------------
PHIL\None (S-1-5-21-1606980848-1547161642-1801674531-513)
Everyone (S-1-1-0)
PHIL\Administrators (S-1-5-32-544)
PHIL\Users (S-1-5-32-545)
NT AUTHORITY\INTERACTIVE (S-1-5-4)
NT AUTHORITY\Authenticated Users (S-1-5-11)
<??> (S-1-5-5-0-51470)
LOCAL (S-1-2-0)
Privileges: ------------------------------------------------------------------
(0) SeTakeOwnershipPrivilege = Take ownership of files or other objects
(0) SeCreateTokenPrivilege = Create a token object
(0) SeAssignPrimaryTokenPrivilege = Replace a process level token
(0) SeLockMemoryPrivilege = Lock pages in memory
(0) SeIncreaseQuotaPrivilege = Adjust memory quotas for a process
(0) SeUnsolicitedInputPrivilege = SeUnsolicitedInputPrivilege
(0) SeMachineAccountPrivilege = Add workstations to domain
(0) SeTcbPrivilege = Act as part of the operating system
(0) SeSecurityPrivilege = Manage auditing and security log
(0) SeTakeOwnershipPrivilege = Take ownership of files or other objects
(X) SeLoadDriverPrivilege = Load and unload device drivers
(0) SeSystemProfilePrivilege = Profile system performance
(0) SeSystemtimePrivilege = Change the system time
(0) SeProfileSingleProcessPrivilege = Profile single process
(0) SeIncreaseBasePriorityPrivilege = Increase scheduling priority
(0) SeCreatePagefilePrivilege = Create a pagefile
(0) SeCreatePermanentPrivilege = Create permanent shared objects
(0) SeBackupPrivilege = Back up files and directories
(0) SeRestorePrivilege = Restore files and directories
(0) SeShutdownPrivilege = Shut down the system
(0) SeDebugPrivilege = Debug programs
(0) SeAuditPrivilege = Generate security audits
(0) SeSystemEnvironmentPrivilege = Modify firmware environment values
(X) SeChangeNotifyPrivilege = Bypass traverse checking
(0) SeRemoteShutdownPrivilege = Force shutdown from a remote system
(X) SeUndockPrivilege = Remove computer from docking station
(0) SeSyncAgentPrivilege = Synchronize directory service data
(0) SeEnableDelegationPrivilege = Enable computer and user accounts to be trusted for delegation
(0) SeManageVolumePrivilege = Perform volume maintenance tasks
(X) SeImpersonatePrivilege = Impersonate a client after authentication
(X) SeCreateGlobalPrivilege = Create global objects
Environment variables: -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\PHIL\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PHIL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\PHIL
LOGONSERVER=\\PHIL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;"C:\Program Files\Symantec\Norton Ghost 2003\"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PHIL\LOCALS~1\Temp
TMP=C:\DOCUME~1\PHIL\LOCALS~1\Temp
USERDOMAIN=PHIL
USERNAME=PHIL
USERPROFILE=C:\Documents and Settings\PHIL
windir=C:\WINDOWS
Posting Permissions
