{"id":19055433,"url":"https://github.com/evotecit/localsecurityeditor","last_synced_at":"2025-04-24T04:22:40.154Z","repository":{"id":39598136,"uuid":"481551292","full_name":"EvotecIT/LocalSecurityEditor","owner":"EvotecIT","description":".NET library for managing local security policy (User Rights Assignment).","archived":false,"fork":false,"pushed_at":"2025-01-21T12:27:24.000Z","size":78,"stargazers_count":5,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-18T12:18:49.806Z","etag":null,"topics":["netcore","netframework","userrightsassignment"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/EvotecIT.png","metadata":{"files":{"readme":"README.MD","changelog":"CHANGELOG.MD","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":"PrzemyslawKlys","custom":["https://paypal.me/PrzemyslawKlys"]}},"created_at":"2022-04-14T09:51:19.000Z","updated_at":"2025-02-28T12:26:31.000Z","dependencies_parsed_at":"2025-04-17T23:50:10.535Z","dependency_job_id":null,"html_url":"https://github.com/EvotecIT/LocalSecurityEditor","commit_stats":{"total_commits":31,"total_committers":1,"mean_commits":31.0,"dds":0.0,"last_synced_commit":"539b71f263e0e708700126c6f4c4b4eeb50472ad"},"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EvotecIT%2FLocalSecurityEditor","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EvotecIT%2FLocalSecurityEditor/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EvotecIT%2FLocalSecurityEditor/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EvotecIT%2FLocalSecurityEditor/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/EvotecIT","download_url":"https://codeload.github.com/EvotecIT/LocalSecurityEditor/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250561373,"owners_count":21450414,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["netcore","netframework","userrightsassignment"],"created_at":"2024-11-08T23:45:00.759Z","updated_at":"2025-04-24T04:22:40.132Z","avatar_url":"https://github.com/EvotecIT.png","language":"C#","funding_links":["https://github.com/sponsors/PrzemyslawKlys","https://paypal.me/PrzemyslawKlys"],"categories":[],"sub_categories":[],"readme":"# LocalSecurityEditor - .NET Library\n\n\u003cp align=\"center\"\u003e\n \u003ca href=\"https://www.nuget.org/packages/LocalSecurityEditor\"\u003e\u003cimg alt=\"Nuget\" src=\"https://img.shields.io/nuget/dt/LocalSecurityEditor?label=nuget%20downloads\"\u003e\u003c/a\u003e\n \u003ca href=\"https://www.nuget.org/packages/LocalSecurityEditor\"\u003e\u003cimg alt=\"Nuget\" src=\"https://img.shields.io/nuget/v/LocalSecurityEditor\"\u003e\u003c/a\u003e\n \u003ca href=\"#\"\u003e\u003cimg src=\"https://img.shields.io/badge/.NET%20Framework-%3E%3D%204.5-red.svg\"\u003e\u003c/a\u003e\n \u003ca href=\"#\"\u003e\u003cimg src=\"https://img.shields.io/badge/.NET%20Standard-%3E%3D%202.0-red.svg\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n \u003ca href=\"#\"\u003e\u003cimg src=\"https://img.shields.io/github/license/EvotecIT/LocalSecurityEditor.svg\"\u003e\u003c/a\u003e\n \u003ca href=\"#\"\u003e\u003cimg src=\"https://img.shields.io/github/languages/top/evotecit/LocalSecurityEditor.svg\"\u003e\u003c/a\u003e\n \u003ca href=\"#\"\u003e\u003cimg src=\"https://img.shields.io/github/languages/code-size/evotecit/LocalSecurityEditor.svg\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n \u003ca href=\"https://twitter.com/PrzemyslawKlys\"\u003e\u003cimg src=\"https://img.shields.io/twitter/follow/PrzemyslawKlys.svg?label=Twitter%20%40PrzemyslawKlys\u0026style=social\"\u003e\u003c/a\u003e\n \u003ca href=\"https://evotec.xyz/hub\"\u003e\u003cimg src=\"https://img.shields.io/badge/Blog-evotec.xyz-2A6496.svg\"\u003e\u003c/a\u003e\n \u003ca href=\"https://www.linkedin.com/in/pklys\"\u003e\u003cimg src=\"https://img.shields.io/badge/LinkedIn-pklys-0077B5.svg?logo=LinkedIn\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n## Description\n\n.NET library for managing local security policy (User Rights Assignment). This library was written to use in PowerShell Module [SecurityPolicy](https://github.com/EvotecIT/SecurityPolicy) providing easy way to manage local security policy.\n\n### Supported User Rights Assignement\n\n| ConstantName | Group Policy Setting |\n| ----------------------------------------- | ------------------------------------------------------------------ |\n| SeTrustedCredManAccessPrivilege | Access Credential Manager as a trusted caller |\n| SeNetworkLogonRight | Access this computer from the network |\n| SeTcbPrivilege | Act as part of the operating system |\n| SeMachineAccountPrivilege | Add workstations to domain |\n| SeIncreaseQuotaPrivilege | Adjust memory quotas for a process |\n| SeInteractiveLogonRight | Allow log on locally |\n| SeRemoteInteractiveLogonRight | Allow log on through Remote Desktop Services |\n| SeBackupPrivilege | Back up files and directories |\n| SeChangeNotifyPrivilege | Bypass traverse checking |\n| SeSystemtimePrivilege | Change the system time |\n| SeTimeZonePrivilege | Change the time zone |\n| SeCreatePagefilePrivilege | Create a pagefile |\n| SeCreateTokenPrivilege | Create a token object |\n| SeCreateGlobalPrivilege | Create global objects |\n| SeCreatePermanentPrivilege | Create permanent shared objects |\n| SeCreateSymbolicLinkPrivilege | Create symbolic links |\n| SeDebugPrivilege | Debug programs |\n| SeDenyNetworkLogonRight | Deny access to this computer from the network |\n| SeDenyBatchLogonRight | Deny log on as a batch job |\n| SeDenyServiceLogonRight | Deny log on as a service |\n| SeDenyInteractiveLogonRight | Deny log on locally |\n| SeDenyRemoteInteractiveLogonRight | Deny log on through Remote Desktop Services |\n| SeEnableDelegationPrivilege | Enable computer and user accounts to be trusted for delegation |\n| SeRemoteShutdownPrivilege | Force shutdown from a remote system |\n| SeAuditPrivilege | Generate security audits |\n| SeImpersonatePrivilege | Impersonate a client after authentication |\n| SeIncreaseWorkingSetPrivilege | Increase a process working set |\n| SeIncreaseBasePriorityPrivilege | Increase scheduling priority |\n| SeLoadDriverPrivilege | Load and unload device drivers |\n| SeLockMemoryPrivilege | Lock pages in memory |\n| SeBatchLogonRight | Log on as a batch job |\n| SeServiceLogonRight | Log on as a service |\n| SeSecurityPrivilege | Manage auditing and security log |\n| SeRelabelPrivilege | Modify an object label |\n| SeSystemEnvironmentPrivilege | Modify firmware environment values |\n| SeDelegateSessionUserImpersonatePrivilege | Obtain an impersonation token for another user in the same session |\n| SeManageVolumePrivilege | Perform volume maintenance tasks |\n| SeProfileSingleProcessPrivilege | Profile single process |\n| SeSystemProfilePrivilege | Profile system performance |\n| SeUndockPrivilege | Remove computer from docking station |\n| SeAssignPrimaryTokenPrivilege | Replace a process level token |\n| SeRestorePrivilege | Restore files and directories |\n| SeShutdownPrivilege | Shut down the system |\n| SeSyncAgentPrivilege | Synchronize directory service data |\n| SeTakeOwnershipPrivilege | Take ownership of files or other objects |\n\n### Example Local Computer\n\n```csharp\nusing System;\nusing LocalSecurityEditor;\n\nnamespace TestApp {\n internal class Program {\n static void Main() {\n string[] accounts;\n\n Console.WriteLine(\"[*] Accessing server - Displaying Current\");\n\n using (LsaWrapper lsa = new LsaWrapper()) {\n accounts = lsa.GetPrivileges(UserRightsAssignment.SeBatchLogonRight);\n }\n\n foreach (var account in accounts) {\n Console.WriteLine(account);\n }\n\n Console.WriteLine(\"[*] Adding Account to the Server\");\n\n using (LsaWrapper lsa = new LsaWrapper()) {\n lsa.AddPrivileges(\"EVOTEC\\\\przemyslaw.klys\", UserRightsAssignment.SeBatchLogonRight);\n }\n\n Console.WriteLine(\"[*] Accessing server - Displaying Current\");\n\n using (LsaWrapper lsa = new LsaWrapper()) {\n accounts = lsa.GetPrivileges(UserRightsAssignment.SeBatchLogonRight);\n }\n\n foreach (var account in accounts) {\n Console.WriteLine(account);\n }\n\n Console.WriteLine(\"[*] Accessing server - Displaying Current\");\n\n using (LsaWrapper lsa = new LsaWrapper()) {\n lsa.RemovePrivileges(\"EVOTEC\\\\przemyslaw.klys\", UserRightsAssignment.SeBatchLogonRight);\n }\n\n using (LsaWrapper lsa = new LsaWrapper(\"\")) {\n accounts = lsa.GetPrivileges(UserRightsAssignment.SeBatchLogonRight);\n }\n\n foreach (var account in accounts) {\n Console.WriteLine(account);\n }\n }\n }\n}\n```\n\n### Example Remote Computer\n\n```csharp\nusing System;\nusing LocalSecurityEditor;\n\nnamespace TestApp {\n internal class Program {\n static void Main() {\n string[] accounts;\n\n Console.WriteLine(\"[*] Accessing AD1 server - Displaying Current\");\n\n using (LsaWrapper lsa = new LsaWrapper(\"AD1\")) {\n accounts = lsa.GetPrivileges(UserRightsAssignment.SeBatchLogonRight);\n }\n\n foreach (var account in accounts) {\n Console.WriteLine(account);\n }\n\n Console.WriteLine(\"[*] Adding Account to the Server\");\n\n using (LsaWrapper lsa = new LsaWrapper(\"AD1\")) {\n lsa.AddPrivileges(\"EVOTEC\\\\przemyslaw.klys\", UserRightsAssignment.SeBatchLogonRight);\n }\n\n Console.WriteLine(\"[*] Accessing AD1 server - Displaying Current\");\n\n using (LsaWrapper lsa = new LsaWrapper(\"AD1\")) {\n accounts = lsa.GetPrivileges(UserRightsAssignment.SeBatchLogonRight);\n }\n\n foreach (var account in accounts) {\n Console.WriteLine(account);\n }\n\n Console.WriteLine(\"[*] Accessing AD1 server - Displaying Current\");\n\n using (LsaWrapper lsa = new LsaWrapper(\"AD1\")) {\n lsa.RemovePrivileges(\"EVOTEC\\\\przemyslaw.klys\", UserRightsAssignment.SeBatchLogonRight);\n }\n\n using (LsaWrapper lsa = new LsaWrapper(\"AD1\")) {\n accounts = lsa.GetPrivileges(UserRightsAssignment.SeBatchLogonRight);\n }\n\n foreach (var account in accounts) {\n Console.WriteLine(account);\n }\n }\n }\n}\n```\n\n### Example GenerateSID\n\n```csharp\nstring serviceName = \"ADSync\";\nstring serviceExpectedSid = \"S-1-5-80-3245704983-3664226991-764670653-2504430226-901976451\";\nstring serviceSid = NTService.GenerateSID(serviceName);\nConsole.WriteLine($\"The SID for the service '{serviceName}' is: {serviceSid} {serviceExpectedSid} {(serviceSid == serviceExpectedSid)}\");\n```\n\n### Credits\n\nThis library was created based on help from mutliple sources. Without those, it wouldn't be possible.\n\n- Willy Denoyette [MVP]\n- [LSA Functions - Privileges and Impersonation](https://www.codeproject.com/Articles/4863/LSA-Functions-Privileges-and-Impersonation)\n- [How to access local security policy of computer using C#](https://social.msdn.microsoft.com/Forums/lync/en-US/3c0e7d5c-a786-45a1-aa65-a4a2a934c0cb/how-to-access-local-security-policy-of-computer-using-c-?forum=csharpgeneral)\n- [Programmatically updating local policy in Windows](https://web.archive.org/web/20161006162851/http://www.lshift.net/blog/2013/03/25/programmatically-updating-local-policy-in-windows/)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fevotecit%2Flocalsecurityeditor","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fevotecit%2Flocalsecurityeditor","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fevotecit%2Flocalsecurityeditor/lists"}