deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merged PR 10910: UserRights policy - added examples

Browse Source
This commit is contained in:
Maricia Alforque 2018-08-24 23:41:37 +00:00
parent 78635029ba
commit e3f5389275
1 changed files with 55 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
windows/client-management/mdm/policy-csp-userrights.md
View File

@ -12,6 +12,61 @@ ms.date: 03/12/2018
# Policy CSP - UserRights # Policy CSP - UserRights
<hr/>
User rights are assigned for user accounts or groups. The name of the policy defines the user right in question, and the values are always users or groups. Values can be represented as SIDs or strings. Here is a list for reference, [Well-Known SID Structures](https://msdn.microsoft.com/en-us/library/cc980032.aspx). Even though strings are supported for well-known accounts and groups, it is better to use SIDs because strings are localized for different languages. Some user rights allow things, like AccessFromNetwork, while others disallow things, like DenyAccessFromNetwork.
Here is an example syncml for setting the user right BackupFilesAndDirectories for Administrators and Authenticated Users groups.
```syntax
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>2</CmdID>
<Item>
<Meta>
<Format>chr</Format>
<Type>text/plain</Type>
</Meta>
<Target>
<LocURI>./Device/Vendor/MSFT/Policy/Config/UserRights/BackupFilesAndDirectories</LocURI>
</Target>
<Data>Authenticated Users&#xF000;Administrators</Data>
</Item>
</Replace>
<Final/>
</SyncBody>
</SyncML>
```
Here are examples of data fields. The encoded 0xF000 is the standard delimiter/separator
- Grant an user right to Administrators group via SID:
```
<Data>*S-1-5-32-544</Data>
```
- Grant an user right to multiple groups (Administrators, Authenticated Users) via SID
```
<Data>*S-1-5-32-544&#xF000;*S-1-5-11</Data>
```
- Grant an user right to multiple groups (Administrators, Authenticated Users) via a mix of SID and Strings
```
<Data>*S-1-5-32-544&#xF000;Authenticated Users</Data>
```
- Grant an user right to multiple groups (Authenticated Users, Administrators) via strings
```
<Data>Authenticated Users&#xF000;Administrators</Data>
```
- Empty input indicates that there are no users configured to have that user right
```
<Data></Data>
```
<hr/> <hr/>
<!--Policies--> <!--Policies-->