Is there a way to check if a user has specific rights?

Question

In my application I'm using ntrights.exe, that is part of Windows Resource Kit, to grant and revoke a specific user right.

For example to grant a user "Log on as a server" right, I execute using shell object following command:

ntrights -u User +r SeServiceLogonRight

However ntrights doesn't allow you to check if a user has a specific right.

Can you tell me how I can check if a user has a specific right?

Update The question is posted here because it's part of .NET application I'm writing. If any one knows, how to do it using code, please post it here.

Answer 1

Short answer: LsaEnumerateAccountRights

I don't know if .NET provides a wrapper class, though.

Answer 2

If you're on an Active Directory domain, you can administer this through System.DirectoryServices.

System.DirectoryServices Namespace

Other things you might look up are ADSI and LDAP.

Answer 3

I think you'll need LsaEnumerateAccountRights(). That isn't exposed in .NET but is being used. Use Reflector and take a look at the private ServiceProcessInstaller.AccountHasRight method.