Dumping User Rights via Text

Feel the need to list out the current user rights or to find who has a specific User Right ? Well usually not me either – but it seems there is no specific Powershell cmdlet to do this (please prove me wrong !)

So the following scrapes the old-school method of dumping it out via secedit and then dumps the result into a Powershell object

$PO = @()

del .\SECURITYPOLICY.inf -ErrorAction SilentlyContinue;secedit /export /CFG SECURITYPOLICY.inf /areas user_rights|out-null;$secpol=gc .\SECURITYPOLICY.inf;del .\SECURITYPOLICY.inf;
$secpol |?{$_ -like "Se*"} | %{$prin=New-Object -TypeName "System.Collections.ArrayList";$ur_=$_ -split("=");$ur_[1] -split(",") -replace(" ","") -replace("\*","") | 
%{if($_ -like "S-*"){[void]$prin.add(((New-Object Security.Principal.SecurityIdentifier("$_")).Translate([Security.Principal.NTAccount])).value).ToString()}else{[void]$prin.add($_)}};$PO+=New-Object -typename PSObject -property @{UserRight=$ur_[0];Principals=$prin}} 


#list all rights ; $PO | sort UserRight | select UserRight,Principals 
#list a specific right ; $PO -match "SeServiceLogonRight" | % principals

Useful for when you go remote PS and don’t have the option to Secpol.msc..