Think Adoption, NOT Abortion
If this site helped you, please make a donation to:

Feeding families around the world…and the corner.

Jude 1:22  "And of some have compassion, making a difference"

XP Passwords

Site Visitors 

Three things to remember when you are working with computers.
• First thing is "YOU CAN DO IT".
• Second take your time, a little mistake can cause a big problem.
• Third all answers are only a question away.


TABLE OF CONTENTS is after these links.
Here are some links for online virus program and also free spyware programs
If you are experiencing computer Problems such as slowness, strange icons appearing, tool bars appearing, home page changing, please use one of the following links to check for a virus or trojan.


• Panda Virus Free Online Virus Scan
  
• AVG Anti-virus Program (FREE)
  • AVG is a great "FREE" program and I used to keep a link to the download but they keep changing it all the time and I can't keep this link up to date so Google "Download AVG Free" to get the download link. SORRY!

Security
• Make The Administrator Account Show In The Login Menu
• How To Set Logon User Rights By Using The Ntrights Utility In XP Home And Professional
• MS' Baseline Security Analyzer (MBSA)
Passwords
• Make The Administrator Account Show In The Login Menu
• Cannot Change the Administrator Password in Control Panel
• Lost/Forgotten Windows XP Password
• How to Log On to Windows XP If You Forget Your Password or Your Password Expires
  • Use a Password Reset Disk
  • Log On as an Administrator and Reset the Password
• Windows XP Home Edition or Windows XP Professional in a Workgroup
  • Log on as Administrator and reset the password
• Windows XP Professional in a Domain
  • Log on as Administrator and reset the password
• Create and Use a Password Reset Disk for a Computer That Is Not a Domain Member in Windows XP
  • How To Create A Password Reset Disk
    • Use a Computer Administrator Account
    • Use A Limited Account
    • Log on to the Computer By Using a Password Reset Disk
    • Troubleshooting
  • Please Type a Different Password" Error Message When You Change Your Password for a Second Time
  • Damaged Profile Problems with Windows XP


Cannot Change the Administrator Password in Control Panel
Problem
• When you log on as the administrator to a computer that is not a member of a domain and double-click User Accounts in the Control Panel to change the password for the built-in Administrator account, the Administrator account may not appear in the list of user accounts.
• This behavior can occur because the Administrator account logon option appears only in Safe mode if more than one account is created on the system.
• The Administrator account is available in Normal mode only if there are no other accounts on the system.
Solution
• Windows XP Home Edition
  • Restart the computer and then use a power user account to log on to the computer in Safe mode
• Windows XP Professional
  • Reset the password in the Local Users and Groups snap-in in Microsoft Management Console (MMC):
    • Click Start
    • Click Run
    • In the Open box type
      mmc
    • Click OK to start MMC
    • Start the Local Users and Groups snap-in
    • Under Console Root, expand Local Users and Groups
    • Click Users
    • In the right pane, right-click Administrator
    • Click Set Password
    • Click Proceed in the message box that appears
    • Type and confirm the new password in the appropriate boxes
    • Click OK

Lost/Forgotten Windows XP Password
Note:
• This information applies only to the password for logging in to the Windows XP operating system..
• If you have lost or forgotten your password for logging in to a computer running the Windows XP operating system, there are a few different options:
• If you created a password reset disk for Windows XP, you can use that disk to reset the password on your account
• If you don't have a password reset disk, the other option is to log on as the Administrator (or to have the person who is the machine's Administrator log on) and change the password for your user account.
• If you don't know the Administrator password, and don't have a password reset disk, then you will not be able to log on to Windows XP, and will need to reinstall the operating system and recreate any user accounts
• BUT: It is believed that you can use a Win 2000 CD installation disk to bypass this.
  • Anyone with a Windows 2000 CD can boot up a Windows XP box and start the Windows 2000 Recovery Console, a troubleshooting program.
  • Windows XP then allows the visitor to operate as Administrator without a password, even if the Administrator account has a strong password.
  • The visitor can also operate in any of the other user accounts that may be present on the XP machine, even if those accounts have passwords.
  • Unbelievably, the visitor can copy files from the hard disk to a floppy disk or other removable media - something even an Administrator is normally prevented from doing when using the Recovery Console.

How to Log On to Windows XP If You Forget Your Password or Your Password Expires
Problem

• This article describes how to log on to Windows XP if you forget your password, or if your password expires and you cannot create a new one.
• Note: If you have not created a password reset disk and you have also forgotten the password for all user accounts, you cannot log on to your existing Windows installation for security reasons. This information applies to starting Windows XP typically, to Safe mode, and to Recovery Console. In this case, you must perform a "clean" installation of Windows XP, re-create all user accounts, and reinstall all of your programs.
• BUT: It is believed that you can use a Win 2000 CD installation disk to bypass this.
  • Anyone with a Windows 2000 CD can boot up a Windows XP box and start the Windows 2000 Recovery Console, a troubleshooting program.
  • Windows XP then allows the visitor to operate as Administrator without a password, even if the Administrator account has a strong password.
  • The visitor can also operate in any of the other user accounts that may be present on the XP machine, even if those accounts have passwords.
  • Unbelievably, the visitor can copy files from the hard disk to a floppy disk or other removable media - something even an Administrator is normally prevented from doing when using the Recovery Console.
Use a Password Reset Disk

• If you created a password reset disk for Windows XP, reset your password by using the password reset disk. For additional information about how to use a password reset disk this information is listed below for:
  Log on as Administrator and reset the password
  • Create and Use a Password Reset Disk for a Computer in a Domain in Windows XP (might be a little late now for this one but here is how to do it for the next time)
  • Use a Computer Administrator Account
• Log On as an Administrator and Reset the Password
  
  • If you cannot log on to Windows by using a particular user account (including the Administrator or Computer Administrator accounts), but you can log on to another account with administrative privileges (including the Administrator or Computer Administrator accounts), follow these steps: Log on to Windows by using the administrator account that has a password that you remember.
  • Note: You cannot log on as usual by using the Administrator or Computer Administrator account to a Windows XP Home Edition-based computer or a Windows XP Professional-based computer in a workgroup.
  • To log on as the Administrator or Computer Administrator, you must start Windows XP in Safe Mode. For additional information, see the "Windows XP Home Edition or Windows XP Professional in a Workgroup" below.
    • Click Start
    • Click Run.
    • In the Open box, type the following command, and then click OK:
      control userpasswords2
    • Click the user account that you forgot the password for
    • Click Reset Password
    • Type a new password in both the New password and the Confirm new password boxes
    • Click OK
  • WARNING: If you reset the password for a user account in this manner in Windows XP Professional, the following types of information for that user will be no longer available:
    • E-mail messages that are encrypted with the user's public key
    • Internet passwords that are saved on, or remembered by, the computer
    • Any files that the user has encrypted
  • You should now be able to log on to Windows with the user account and the new password.

Windows XP Home Edition or Windows XP Professional in a Workgroup

• Log on as Administrator and reset the password
  • Restart the computer.
  • After the Power On Self Test (POST), press the F8 key.
  • In the Windows Advanced Options menu, use the Arrow keys to select Safe Mode
  • Press ENTER
  • When you are prompted to select the operating system to start, select Microsoft Windows XP edition (where edition is the edition of Windows XP that is installed)
  • Press Enter
  • On the To begin, click your user name screen
  • Click Administrator
  • Type the administrator password
  • Press Enter
  • Note: In some cases, the Administrator password may be set to a blank password. In this case, do not type a password before you press Enter
  • Click Yes to acknowledge that Windows is running in Safe mode
  • Click Start
  • Click Control Panel (or point to Settings, and then click Control Panel)
  • Click User Accounts
  • Click the user account whose password you want to change.
  • Click Change the Password if you want to keep a password, or click Remove password if you do not want to use a password. If you remove the password, skip the next step
  • Type the new password for the user
  • Click Change Password
  • Quit the User Accounts tool
  • Restart the computer
Windows XP Professional in a Domain

• Log on as Administrator and reset the password
  
  • In the Welcome to Windows dialog box, press CTRL+ALT+DELETE
  • Type the logon information for the Administrator account, including the password
  • Click OK
  • NOTE: In some cases, the Administrator password may be set to a blank password. In this case, do not type a password before you click OK
  • Click Start
  • Click Run
  • Type in
    compmgmt.msc
  • Click OK
  • In the Computer Management (Local) box, expand Local Users and Groups
  • Click the Users folder.
  • In the right pane of the Computer Management window, right-click the user account whose password you want to reset
  • Click Set Password
  • Click Proceed
  • In the New password box, type the new password for the user account.
  • Type the same password in the Confirm password box
  • Click OK
  • Click OK to acknowledge that the new password has been set.
  • Quit the Computer Management snap-in
  • Restart the computer.

Create and Use a Password Reset Disk for a Computer That Is Not a Domain Member in Windows XP

Problem

• This article describes how to create and use a password reset disk for a computer that is part of a workgroup, or that is not connected to a network. You can use a password reset disk to gain access to your Microsoft Windows XP-based computer if you forget your password.
How to Create a Password Reset Disk

• NOTE that the following procedure requires one blank, formatted floppy disk. To create a password reset disk for your local user account, use one of the following methods.
  
• Use a Computer Administrator Account
  
  • If you are logged on to the computer by using an administrator account, use the following steps to create a password reset disk for a user account:
    • Click Start
    • Click Control Panel.
    • In Control Panel, click User Accounts.
    • In the User Accounts pane, click the account that you want to work with.
    • Under Related Tasks
    • Click Prevent a forgotten password to start the Forgotten Password Wizard, and then click Next.
    • Insert a blank, formatted disk into drive A, and then click Next.
    • In the Current user account password box, type the password for the user account that you chose in step 3, and then click Next.
    • NOTE: If the user account does not have a password, do not type a password into the Current user account password box.
    • The Forgotten Password Wizard creates the disk.
    • When the Progress bar reaches 100% complete, click Next
    • Click Finish.
    • Remove, and then label the password reset disk. Store the disk in a safe place.
  Use a Limited Account
  
  • If you are logged on to the computer by using a limited account, use the following steps to create a password reset disk for your user account:
    • Click Start
    • Click Control Panel.
    • Under Pick a category
    • Click User Accounts.
    • Under Related Tasks
    • Click Prevent a forgotten password to start the Forgotten Password Wizard.
    • Click Next.
    • Insert a blank, formatted disk into drive A, and then click Next. I
    • n the Current user account password box, type your password, and then click Next.
    • NOTE: If your user account does not have a password, do not type a password into the Current user account password box.
    • The Forgotten Password Wizard creates the disk.
    • When the Progress bar reaches 100% complete, click Next
    • Click Finish.
    • Remove, and then label the password reset disk. Store the disk in a safe place.
  
  Log on to the Computer By Using a Password Reset Disk
  
  • If you forget your password, you can log on to the computer with a new password that you create by using the Password Reset Wizard and your password reset disk:
    • At the Windows XP logon screen, click the user name that you want to use. The Type your password box appears. Press ENTER, or click the right-arrow button. The following error message appears:
      • Did you forget your password?
      • You can click the "?" button to see your password hint.
      • Or you can use your password reset disk.
    • Please type your password again.
    • Be sure to use the correct uppercase and lowercase letters.
    • Click use your password reset disk. The Password Reset Wizard starts. The Password Reset Wizard enables you to create a new password for your user account.
    • Click Next.
    • Insert the password reset disk into drive A, and then click Next.
    • Type a new password in the Type a new password box.
    • Type the same password in the Type the password again to confirm box. In the Type a new password hint box, type a hint to remind you of your password if you forget the new password.
    • NOTE: This hint is visible to anyone who attempts to log on to the computer by using your user account.
    • Click Next, and then click Finish. The Password Reset Wizard quits, and you return to the Windows XP logon screen.
    • NOTE: The password reset disk is automatically updated with the new password information. You do not have to create a new password reset disk.
    • Type your new password into the Type your password box, and then click the right-arrow button to log on to the computer.
  
  Troubleshooting
  
  • The password reset disk cannot be used to reset the password on another computer.
  • The password reset disk that you create can only be used with the computer on which it was created.
    • For example, if you have two Windows XP-based computers with the same user names and passwords, a password reset disk that you create on the first computer cannot be used to reset the password on the second computer.
  • The password reset disk contains sensitive information.
  • The password reset disk may be used by others to gain access to your computer. For this reason, it is important to store this disk in a safe and secure location.

Create and Use a Password Reset Disk for a Computer in a Domain in Windows XP
XP Pro only

Summary

• This article describes how to create and use a password reset disk for a computer that is a member of a domain. You can use a password reset disk to gain access to your Windows XP Professional-based computer if you forget your password.
How to Create a Password Reset Disk

• NOTE That this procedure requires one blank, formatted floppy disk.
• To create a password reset disk for your local user account:
  • Press CTRL+ALT+DELETE. The Windows Security dialog box appears.
  • Click Change Password.
  • The Change Password dialog box appears.
  • In the Log on to box, click the local computer.
    • For example, click Computer (this computer).
  • Click Backup.
  • The Forgotten Password Wizard starts.
  • On the Welcome to the Forgotten Password Wizard page, click Next.
  • Insert a blank, formatted disk in drive A, and then click Next.
  • In the Current user account password box, type your password, and then click Next.
  • The Forgotten Password Wizard creates the disk.
  • When the progress bar reaches 100 percent complete, click Next
  • Click Finish.
  • The Forgotten Password Wizard quits and you return to the Change Password dialog box.
  • Remove, and then label the password reset disk. Store the disk in a safe place.
  • In the Change Password dialog box, click Cancel.
  • In the Windows Security dialog box, click Cancel.
How to Use a Password Reset Disk

• If you forget your password, you can log on to the computer with a new password that you create by using the Password Reset Wizard and your password reset disk.
• To gain access to your local user account on a computer that is a member of a domain, or has been disconnected from a domain:
  • In the Welcome to Windows dialog box, press CTRL+ALT+DELETE.
  • In the Log On to Windows dialog box, type an incorrect password in the Password box
  • Click OK.
  • In the Logon Failed dialog box that appears
  • Click Reset.
  • The Password Reset Wizard starts. The Password Reset Wizard lets you create a new password for your local user account.
  • On the "Welcome to the Password Reset Wizard" page, click Next.
  • Insert the password reset disk in drive A, and then click Next.
  • On the Reset the User Account Password page, type a new password in the Type a new password box.
  • Type the same password in the Type the password again to confirm box.
  • In the Type a new password hint box, type a hint that will help you remember the password if you forget it.
  • NOTE: This hint is visible to anyone who attempts to log on to the computer by using your user account.
  • Click Next
  • Click Finish.
  • The Password Reset Wizard quits and you return to the Log On to Windows dialog box.
  • The password reset disk is automatically updated with the new password information. You do not have to create a new password reset disk.
  • In the Log On to Windows dialog box, type your new password in the Password box.
  • In the Log on to box, click the local computer.
    • For example, click Computer (this computer), and then click OK. You are logged on to the local computer with your local account information.
Troubleshooting

• You cannot use the password reset disk to reset the password on another computer.
• You can use the password reset disk that you create with only the computer on which it was created. For example, if you have two Windows XP-based computers with the same user names and passwords, you cannot use a password reset disk that you create on the first computer to reset the password on the second computer.
• You cannot use the password reset disk to reset your domain account password.
• You can use the password reset disk only to reset the local computer account password. If you forget your domain account password, contact your system administrator.
• The password reset disk contains sensitive information.
• Others may use the password reset disk to gain access to your computer. It is important to store this disk in a safe location.


Please Type a Different Password" Error Message When You Change Your Password for a Second Time
Error Message
• When you try to change your password on a Microsoft Windows XP Professional-based computer, you may receive an error message that is similar to the following:
  • Your password must be at least number characters; cannot repeat your previous number passwords; must contain capitals, numerals or punctuation; and cannot contain your account or full name. Please type a different password. Type a password which meets these requirements in both text boxes.
• You receive this error message even though the new password that you are using complies with the restrictions that are described in the error message. For example, the new password meets the following requirements:
  • It uses the correct number of characters.
  • It does not repeat a previous password.
  • It contains uppercase characters (capitals), numerals, or punctuation marks.
  • It does not contain your account name or your full name.
Cause
• This issue may occur if you try to change your password for a second time within the time period that is dictated by the Minimum Password Age Group Policy security setting. The age of the current password must be greater than the minimum password age, as dictated by the Group Policy security setting.
• The error message that is described in the "Symptoms" section is misleading because it does not mention this requirement.
Solution
• Note" A supported hotfix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Only apply it to systems that are experiencing this specific problem. This hotfix may receive additional testing. Therefore, if you are not severely affected by this problem, Microsoft recommends that you wait for the next Windows XP service pack that contains this hotfix.
• To resolve this problem immediately, contact Microsoft Product Support Services to obtain the hotfix.
  http://support.microsoft.com/default.aspx?scid=fh;[LN];CNTACTMS
• Note: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question. The English version of this hotfix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.



   Date         Time   Version          Size    File name
   -------------------------------------------------------
   31-Oct-2003  01:27  5.1.2600.1316   970,240  Msgina.dll



• After you apply this hotfix, and then you try to change your password for a second time within the time period that is dictated by the Minimum Password Age Group Policy security setting, you receive an error message that is similar to the following instead of the error message that is described in the "Symptoms" section:
  Your password must be at least number characters; cannot repeat your previous number passwords; must be at least number days old; must contain capitals, numerals or punctuation; and cannot contain your account or full name. Please type a different password. Type a password which meets these requirements in both text boxes.
• The minimum password age must be less than the maximum password age, unless the maximum password age is set to 0 (a setting of 0 indicates that the password will never expire). If the maximum password age is set to 0, the minimum password age can be set to any value in the 0 to 998 range.
• Set the minimum password age to a value of greater than 0 if you want the Enforce Password History Group Policy setting to be effective. If you do not do so, users can cycle through passwords repeatedly until they return to an old favorite.
• Notes:
  • By default, the Minimum Password Age Group Policy security setting is 0 days. This default setting permits an administrator to specify a password for a user and then to require the user to change the administrator-defined password when the user logs on. If you (as the administrator) configure the Minimum Password Age Group Policy security setting to 1 day or longer, users cannot log on and change their passwords until the Minimum Password Age time limit expires.
  • By default, Enforce Password History is set to 1 day on domain controllers and to 0 days on stand-alone servers. By default, member computers follow the configuration of their domain controllers.
  • To configure the Minimum Password Age setting, open the appropriate policy, and then expand the following console tree:
    Computer Configuration\Windows Settings\Security
    Settings\Account Policies\Password Policy

Damaged Profile Problems with Windows XP
• When you log on to your account, you may receive the following error message:
  The system has recovered from a serious error
• After you receive this error message, your documents may be missing, and you may have to re-create your settings for Microsoft Outlook, Microsoft Internet Explorer, and your Microsoft .NET Passport.
• Note: Your documents may still remain in the C:\Documents and Settings\old user name\My Documents folder, where old user name is the name that you used for your profile.
• Note: This issue may occur if your user profile is damaged. When this occurs, Windows may create a new profile for you to use, but the new profile does not reflect the "My Documents" folder that was used by the damaged profile. Windows creates a new profile in the C:\Documents and Settings\new user name folder, where new user name is the name that Windows is now using for your profile.
Solution
• Locate your documents, and then back them up. Your documents are in the C:\Documents and Settings\old user name\My Documents folder.
• Locate your Favorites, and then back them up. Your Favorites are in the C:\Documents and Settings\old user name\Favorites folder.
• Click Start
• Point to All Programs
• Point to Accessories
• Point to System Tools
• Click System Restore
• In the Welcome to System Restore dialog box, click Next
• In the Select a Restore Point dialog box
• Select a date on the calendar
• Select a restore point to restore your computer to an earlier state
• In the Confirm Restore Point selection dialog box, confirm the selected restore point or the restoration
• After you confirm the selection, the restoration process starts, your computer restarts, and you are prompted to log on.
• Log on to your usual user profile
• Confirm that your computer has been restored correctly.
• If your computer has been restored correctly, do not complete the remaining steps. If your computer has not been restored correctly, go to the next step.
• Log off the computer
• Log on to the computer by using the Administrator account, or an account with administrative permissions.
• Note: The Administrator account is created automatically when you install Windows XP. The Administrator account is the one you use when you first set up a workstation or member server. You use this account before you create an account for yourself. The Administrator account is a member of the Administrators group on the workstation or member server. The Administrator account can never be deleted, disabled, or removed from the Administrators local group, ensuring that you never lock yourself out of the computer by deleting or disabling all the administrative accounts.
• Click Start
• Click Control Panel
• Click Performance and Maintenance
• Click Administrative Tools
• Then double-click Computer Management
• Important Before you continue with this step, make sure that you have backed up your documents.
• Right-click the damaged user account
• Click Delete
• On the Action menu, click New User
• Type the appropriate information in the dialog box, and then click to select or clear the following check boxes:
  User must change password at next logon
  • User cannot change password
  • Password never expires
  • Account is disabled
• Click Create
• Click Close
• Log off the computer, and then log on to the computer by using the new account.
• Restore your documents and favorites from the backup you made to the following folders
  • C:\Documents and Settings\new user name\My Documents
  • C:\Documents and Settings\new user name\Favorites where new user name is the name that Windows is now using for your profile.
• Re-create your settings for Outlook, Internet Explorer, and your .NET Passport.

MS' Baseline Security Analyzer (MBSA)
Summary
• MBSA can be run in GUI mode ( mbsa.exe ) or more usefully for automated periodic checks, in command line mode (mbsacli.exe)
• Checks Windows NT 4 SP 4 and up, Windows 2000, and Windows XP for common security vulnerabilities
• MBSA can be installed on Windows 2000 and Windows XP. MBSA currently performs five checks:
  • Hotfix checks: scans for missing hotfixes for Windows NT 4, Windows 2000, all system services, SQL 7.0, SQL 2000, and IE 5.01 and later.
  • Password checks: checks for blank and weak passwords.
  • Vulnerability checks: scans for security issues and common configuration mistakes in Windows operating systems (NT4, 2000, and XP).
  • IIS checks: scans for security issues in IIS 4.0 and 5.0.
  • SQL vulnerability checks: scans for security issues in SQL 7.0 and 2000.
Setting up MSBA
• MBSA requires several Services installed & activated
• Check to make sure these Services are available
  • Click Start
  • Click Settings
  • Click Control Panel
  • Click Network Connections (Network & Dial-up connections)
  • Right click on your Internet connection
  • Select Properties
  • Select the Networking tab
    
    
    
    
  • The following have to be installed
    • Internet Protocol (TCP/IP)
    • File & Printer Sharing for Microsoft Networks
    • Client for Microsoft Networks
    • Note:If any of these are not installed
      • Select the Install button
      • Select the Client/Service/Protocol
      • Select the component to be installed and install it
    • Once all are installed Tick the component to enable it, should you require it, Unticking the component will disable it
    • These do not need to be enabled for MBSA to work correctly but they must be installed
    • Click OK once you have made all the changes necessary here & reboot your PC
Setting up Services
• Click on Start
• Click Settings
• Click Control Panel
• Click Administrative Tools
• Select Services




• Right click on Server & Workstation and Remote Registry
• Select Properties
• Click General tab
• Change the Startup type to either Start or Automatic
  
  
  
  
• The Remote Registry service may also be required for some systems, though most likely not on stand-alone PCs

How To Set Logon User Rights By Using The Ntrights Utility In XP Home And Professional
Summary
• Ntrights is a tool you can use for administrative tasks related to granting and revoking user and group rights
• If you cannot access the computer locally you can try to use the Ntrights.exe utility to remotely add the user right
• Note: To use NTRight.exe utility to add a user right remotely, the computer must already connect to a workgroup or domain and can access by another machine
• You can use the NTRights utility (Ntrights.exe) to set user rights from a command prompt
• You can manipulate the rights on either the local computer or a remote computer
• Note: that when you use the NTRights utility, the user right is case sensitive
• The Ntrights Help output shows the rights that you can modify and the syntax that you use for each command
• The output doesn't display a complete list of all the rights that you can modify with the utility to define the rights that the Help file doesn't list
User Rights Included in the Help File



Switches	Reason for Use
SeCreateTokenPrivilege	Grants the right to create a token object. A token object is a set of security settings that a process can use to gain access to local resources. Any application or process that requires this right should use the local system account, which already has this right
SeAssignPrimaryTokenPrivilege	Lets users replace process-level tokens but doesn't let them create tokens. If the system account creates a process that has several subprocesses or child processes, a user with the SeAssignPrimaryTokenPrivilege right can change the access token of the child processes
SeLockMemoryPrivilege	Lets a user lock memory pages so that the OS doesn't send the locked memory pages to virtual memory
SeIncreaseQuotaPrivilege	Grants a user the ability to adjust a disk space quota limit
SeUnsolicitedInputPrivilege	Controls which users have permission to read unsolicited input from a terminal device
SeMachineAccountPrivilege	Lets users add computers to the domain; usually this permission is given to administrators, Help desk technicians, and consultants aiding in workstation rollouts
SeTcbPrivilege	Lets its possessor act as a trusted part of the OS. Be careful when granting this permission
SeSecurityPrivilege	Lets a user manage the system's Security and audit logs
SeTakeOwnershipPrivilege	Lets a user take ownership of files, folders, and objects that the user didn't create or have access to
SeLoadDriverPrivilege	Lets a user load and unload device drivers and should be given to only administrators and server operators because loading incompatible or bad device drivers can lead to server instability
SeSystemProfilePrivilege	Lets a user run Performance Monitor on a machine. I recommend that you grant this right to only administrators and server operators
SeSystemtimePrivilege	Lets a user reset the system clock
SeProfileSingleProcessPrivilege	Lets a user monitor processes
SeIncreaseBasePriorityPrivilege	Lets a user increase the priority level of a particular process
SeCreatePagefilePrivilege	Grants its possessor the ability to create a pagefile and to manage virtual memory
SeCreatePermanentPrivilege	Lets a user create permanent objects in Windows
SeBackupPrivilege	Lets a user back up files and directories
SeRestorePrivilege	Completes the SeBackupPrivilege by letting the user restore files and folders
SeShutdownPrivilege	Lets a user shut down the system
SeAuditPrivilege	Lets a user generate security audits
SeSystemEnvironmentPrivilege	Lets a user modify system environment variables
SeChangeNotifyPrivilege	Lets a user browse a directory tree
SeRemoteShutdownPrivilege	Grants a user the ability to remotely shut down a system

User Rights Not Displayed in the Help File
The following list shows rights that don't appear in the Ntrights Help file that can also be used



Switches	Reason for Use
SeNetworkLogonRight	Grants a user the ability to control who can and who can't access a particular computer over the network
SeDenyNetworkLogonRight	Implicitly denies a user or group access to a particular computer over the network
SeInteractiveLogonRight	Lets a user or group log on locally to a machine from its console
SeDenyInteractiveLogonRight	Implicitly denies a user or group the ability to log on locally from the console of a machine
SeBatchLogonRight	Lets a user log on as a batch job. It's usually given to a special user account created solely to run batch jobs
SeDenyBatchLogonRight	Implicitly denies a user from logging on and running batch jobs on a machine
SeServiceLogonRight	Lets a user log on as a service. You generally grant this right to a special user account created solely to run certain services on certain machines
SeDenyServiceLogonRight	Implicitly denies a user from logging on as a service

Ntrights switches
• -u xxx User/Group    Specifies a user or group on which to perform a task
  ntrights -u "Everyone"
• --m \\xxx    Instructs the utility which machine to perform the task against.
  • If you're running Ntrights from your workstation but want to perform the task on a remote server named Joe
    ntrights -m \\Joe
• --e xxxxx-Add text to the event log of a particular machine
  ntrights -e comment here
• --r xxx    Revokes an Ntright from a user or group
  ntrights -r <name of the right>
• -+r xxx    Grants or adds an Ntright to a user or group
  ntrights +r <name of the right>
• If you would like to grant the Authenticated Users group the right to access the Joe server over the network. You're running the Ntrights utility from your workstation
  • Run the following command
    ntrights +r
    SeNetworkLogonRight -u
    Authenticated Users -m \\Joe
• Grant the user account MAILER, which you created to be used as a service account, the right to log on to the server Joe and start a service
  • You also want to add a line of text in the server's event log.
    ntrights +r SeServiceLogonRight
    -u MAILER -m \\Joe -e Mailer user account has been given right to log on as a service by Bill
• Remove a particular user or group's ability to shut down the system
  ntrights -u SeShutdownPrivilege
  
  
  -u domain\simhelpdesk
• Revoke the right to change the system time from the Users group in the gates domain
  ntrights -r
  SeSystemtimePrivilege -u
  gates\Users
  
  
  
  
• About the Error The local policy of this system does not permit you to log on interactively?
  • This error usually occurs when a non-administrator tries to access a Win 2K domain controller
    • By design, this access is restricted; but if you've created administrative groups that you want to grant rights to you can use the following command
      ntrights +r
      SeInteractiveLogonRight u
      gates\simadmins

Make The Administrator Account Show In The Login Menu
• Click Start Button
• Click Run
• Type in
  regedit
• When the Edit Registry window open scroll down to
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\
  SpecialAccounts\UserList
• In the right pane give the Administrator key a value of "1"