(imported topic written by dmoore21)
So, I’ve got a chunk of relevance that stipulates that only Administrators and Power Users should have the senetworklogonright… But I would like to modify it take a different approach. Instead of positively identifying which groups and users should have the right, I would rather have the relevance stipulate which groups and users should NOT have the right…
Here’s my existing relevance statement:
not exists 1 whose ((((0 < size of it) of item 0 of it and ((item 0 of it * item 1 of it) = item 1 of it)) of (set of component strings of sids of accounts with privilege “senetworklogonright”, set of component strings of sids of security accounts “Administrators”)) and (((0 < size of it) of item 0 of it and ((item 0 of it * item 1 of it) = item 1 of it)) of (set of component strings of sids of accounts with privilege “senetworklogonright”, set of component strings of sids of security accounts “Power Users”)) and (((0 < size of it) of item 0 of it and ((item 0 of it * item 1 of it) = item 1 of it)) of (set of component strings of sids of accounts with privilege “senetworklogonright”, set of component strings of sids of security accounts “”)) and (((0 < size of it) of item 0 of it and ((item 0 of it * item 1 of it) = item 1 of it)) of ((set of (component strings of sids of (local users; local groups); names of keys of keys “HKLM\Security\Policy\Accounts” of x32 registry) - set of component strings of sids of accounts with privilege “senetworklogonright”), (((set of (component strings of sids of (local users; local groups); names of keys of keys “HKLM\Security\Policy\Accounts” of x32 registry) - set of component strings of sids of security accounts “Administrators”) * (set of (component strings of sids of (local users; local groups); names of keys of keys “HKLM\Security\Policy\Accounts” of x32 registry) - set of component strings of sids of security accounts “Power Users”)) * (set of (component strings of sids of (local users; local groups); names of keys of keys “HKLM\Security\Policy\Accounts” of x32 registry) - set of component strings of sids of security accounts “”)))))
Thoughts and suggestions appreciated!