Key Points
User Rights Assignment in Windows 10 lets administrators control system-level actions for users and groups to enhance security and compliance.
- Access the Local Security Policy by typing secpol.msc into the Start menu to configure user rights on Windows 10 Pro or Enterprise.
- Edit specific policies such as “Log on locally” or “Access this computer from the network” to control user and group permissions.
- Always test configuration changes in a non-production environment to avoid disrupting access or system functionality.
- Follow best practices by applying least privilege, logging all changes, and maintaining compliance with regulatory requirements.
Configuring User Rights Assignments in Windows 10 gives IT administrators control over device access and security. This policy also supports secure network configurations and permits delegated administrative access, such as for remote IT support.
This guide explains the function of User Rights Assignments in Windows 10 and how to modify these settings to improve security and define custom access privileges.
What Are Windows Security Policies?
Windows Security Policies are a set of operating system configurations that govern how users can interact with devices and corporate resources. From access control to enforcing password complexity, security policies ensure that a system operates securely while still adhering to organizational requirements.
Manage your Active Directory Domain Controller without disruption.
🥷 Discover more NinjaOne RMM® UAC capabilities
The role of User Rights Assignment in Windows security
User Rights Assignment defines what a user or system account is authorized to do on a machine, such as logging on locally, accessing a system over a network, or backing up files. Custom configurations based on user roles improve security while preserving functionality and make sure group memberships and access rights comply with organizational policies and operational requirements.
Common security policies controlled by User Rights Assignment
“Log on locally”
This setting controls who can sign in directly through the device.
“Access this computer from the network”
This setting determines who can control a PC remotely. Several types of network protocols, such as NetBIOS require this right to function. The “Deny access to this computer from the network “ right overrides this.
“Allow log on through Remote Desktop Services”
This right determines who can access a device’s sign-in screen through Windows’ remote access tool, Remote Desktop Services (formerly known as Terminal Services).
“Shut down the system”
This setting specifies which accounts can turn off or reset the Windows device.
“Back up files and directories”
This right allows a user or group to bypass permissions that they lack in order to back up critical files for data security.
“Take ownership of files or other objects”
This security policy allows users to take ownership of files and other resources, regardless of prior permissions. IT administrators can use this right to recover access to a file on a locked device or to gain ownership of files after an employee leaves the organization.
Step-by-step guide to changing User Rights Assignment settings
Prerequisites for modifying User Rights Assignment in Windows 10
Administrator access is required to modify these policies. To update a group policy object on a domain controller, you must also have permission to install the Microsoft Management Console (MMC). On Windows 10, use the Local Group Policy Editor or the Local Security Policy Editor to change security policy settings.
However, you also need to make sure that you have a compatible version of Windows as some tools, like Local Group Policy Editor, are available only on Windows 10 Pro or Enterprise editions, not the Home version.
How to configure a User Right Assignment using the Local Security Policy console
- Navigate to the Local Security Policy by typing “secpol.msc” into the Start menu search bar.
- Go to the Security Settings, then select Local Policies. You can edit a User Rights Assignment from here.
- Double-click the security policy that you need to modify.
- Modify which users and groups are included by clicking either the “Add user or group…” or “Remove” buttons.
- Click the OK button once you’re finished.
If you ever need to undo your changes, there’s a helpful walkthrough in our video How to Reset All Local Security Policy Settings to Default.
How to configure a security policy setting using the Local Group Policy Editor console
- Go to the Local Group Policy Editor (gpedit.msc).
- Navigate to Computer Configuration > Windows Settings> Security Settings.
- From here, you can click on Local Policies to edit a User Right Assignment setting by double-clicking the security policy.
- You can select which users or groups are included by clicking either the “Add user or group…” or “Remove” buttons.
- Click “OK” to save your changes.
Windows 10 user rights management guide: best practices for configuring User Rights Assignment
1. Avoid overly permissive configurations
Excessive permissions increase the risk of misuse, accidental changes, misconfigurations, and cyberattacks. Apply the Principle of Least Privilege to ensure users or groups only have the rights needed to perform their tasks. Use the Local Security Policy Editor to manage these settings with precision.
2. Log and document changes for troubleshooting
Track changes to all changes made to User Rights Assignments to make it easier for technicians to troubleshoot any security configurations. IT documentation software makes it faster and more efficient to log and access information detailing the default and current configurations, along with any history of prior modification.
3. Test changes in a non-production environment before applying them broadly
Changes to User Rights Assignment policies can have far-reaching consequences if not implemented carefully. For example, incorrectly modifying “Access this computer from the network” can lead to losing remote access functionality. You can use a virtual machine with tools like Hyper-V or VMware to create isolated testing environments.
Use cases and practical uses for configuring user privileges on Windows 10
1. Controlling logon permissions
Login privileges allow administrators to define how users can access a system. Restricting logon privileges is highly recommended for kiosk devices or shared workstations. For example, IT administrators can assign the “Log on locally” right to the technician user groups, allowing them to access devices to troubleshoot and resolve any issues remotely.
2. Securing Windows devices and servers
IT administrators should change the security policy settings on Windows 10 to prevent unauthorized access and protect sensitive data. Modifying user rights access policies ensures that access to Windows devices and servers is only given to authorized users and roles. This helps prevent unauthorized access that can lead to data breaches.
3. Compliance management
Modifying local security policy settings helps organizations meet regulatory standards in industries such as finance and healthcare. For example, PCI compliance requires restricted administrative access to systems handling payment data. User Rights Assignment enforces strict controls over logon privileges and administrative rights to support these requirements.
Managing user privileges in Windows 10 for enhanced security
User Rights Assignment helps IT administrators secure Windows systems and manage user access effectively. By adjusting Local Security Policy settings, administrators can assign appropriate privileges to end-users, technicians, and other stakeholders.
NinjaOne Windows Endpoint Management streamlines security settings management. It provides real-time visibility into endpoints, enables large-scale user permission management, and supports file backups from a central interface. Its automation tools handle repetitive tasks, allowing IT teams to focus on strategic work. Watch a demo or start a free trial to evaluate NinjaOne.
Securely push scripts and policies with unified IT management software.
→ Try NinjaOne RMM® for free
Quick-Start Guide
NinjaOne offers several ways to manage user rights and security policy settings in Windows:
1. Policy Management: – You can set policies at the organization level for different device roles. – There are scripts available for setting password policies and managing security settings, such as: – Set Password Policy: Sets minimum password requirements for local accounts – Enable or Disable Cached Credentials – Set Minimum Password Requirements
2. Specific Security Features: – The platform allows you to configure various security-related settings, including: – Disabling local admin tools – Modifying user group memberships – Setting Windows Firewall configurations – Managing user login restrictions
3. Windows Update and Security: – Patch Intelligence AI can help manage patch approvals and security updates – Scripts for managing Windows security settings like: – Disabling weak TLS/SSL protocols – Setting feature update controls – Managing Windows Spotlight and start menu suggestions
While NinjaOne provides robust tools for managing user rights and security policies, for very specific Group Policy-like settings, you might need to use additional scripts or Windows-native tools in conjunction with NinjaOne’s platform.
