Windows shell 创建用户，并将service启动用户设为该用户

最近改InstallAnyWhere脚本，其提供的action中可以调用系统的command或script，windows下就是CMD命令和BAT,有些实用命令记录一下。

创建用户test，密码为password：

net user test password /ADD

删除用户test：

net user test /delete

授权用户对某目录d:\Program Files\Applian的访问权限（full access）：

cacls "d:\Program Files\Applian" /t /e /g test:f

windows command-line 命令授权账户的权限为Log On As A Service，
ntrights.exe +r SeServiceLogonRight -u domain\accountname

Granting SeServiceLogonRight to domain\accountname   ... successful

如果在CMD运行遇到以下错误，关闭wiNdows  UAC功能或让CMD运行在admin用户下(run as admin)
Granting SeServiceLogonRight to domain\accountname   OpenPolicy:

***Error*** OpenPolicy -1073741790

ntrights命令需要单独从微软网站下载，属于Resource Kit Tools包，主要功能就是给service授权，能授权的功能如下，该命令运行需要administrator权限：

 SeAssignPrimaryTokenPrivilege:  Replace a process level token

  SeAuditPrivilege:  Generate security audits

  SeBackupPrivilege:  Back up files and directories

  SeBatchLogonRight:  Log on as a batch job

  SeChangeNotifyPrivilege:  Bypass traverse checking

  SeCreatePagefilePrivilege:  Create a paging file

  SeCreatePermanentPrivilege:  Create permanent shared objects

  SeCreateTokenPrivilege:  Create a token object

  SeDebugPrivilege:  Debug programs

  SeIncreaseBasePriorityPrivilege:  Increase scheduling priority

  SeIncreaseQuotaPrivilege:  Increase quotas

  SeInteractiveLogonRight:  Log on locally

  SeLoadDriverPrivilege:  Load and unload device drivers

  SeLockMemoryPrivilege:  Lock pages in memory

  SeMachineAccountPrivilege:  Add workstations to domain

  SeNetworkLogonRight:  Access this computer from the network

  SeProfileSingleProcessPrivilege:  Profile single process

  SeRemoteShutdownPrivilege:  Force shutdown from a remote system

  SeRestorePrivilege:  Restore files and directories

  SeSecurityPrivilege:  Manage auditing and security log

  SeServiceLogonRight:  Log on as a service

  SeShutdownPrivilege:  Shut down the system

  SeSystemEnvironmentPrivilege:  Modify firmware environment values

  SeSystemProfilePrivilege:  Profile system performance

  SeSystemTimePrivilege:  Change the system time

  SeTakeOwnershipPrivilege:  Take ownership of files or other objects

  SeTcbPrivilege:  Act as part of the operating system

  SeUnsolicitedInputPrivilege:  Read unsolicited input from a terminal device

用管理员权限运行某些命令的方式为：

runas /user:administrator cmd.exe

相当于windows版的sudo，运行后需要手工输入管理员密码。

本文出自 “祝坤荣” 博客，请务必保留此出处