我需要编写一个脚本,删除 Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > User Rights Assignment > Change the system time 所有 Windows XP 计算机上本地组策略 (gpedit.msc) 下的所有用户。这些计算机不在域中。我确实有办法自动分发和运行该脚本。有人能告诉我创建此类脚本的正确方法吗?
答案1
好吧,忽略管理员可以将其改回来的事实.. ;)
这安全编辑工具应该能够提供您需要的功能。使用/areas SECURITYPOLICY。
答案2
答案有点晚,但可能有用。您也可以尝试使用来自的实用程序来执行此操作Windows Server 2003 资源工具包工具 权限管理工具。
示例脚本(在 Windows XP Professional SP3 上测试):
@echo off
echo Start process %date% %time% >> %~dp0%~n0.log
cd /d "c:\work"
rem Revokes "Change system time" right from Administrators
ntrights.exe -r SeSystemtimePrivilege -u "Administrators" >> %~dp0%~n0.log
rem Revokes "Change system time" right from Power users
ntrights.exe -r SeSystemtimePrivilege -u "Power Users" >> %~dp0%~n0.log
rem Revokes "Change system time" right from user2
ntrights.exe -r SeSystemtimePrivilege -u "user2" >> %~dp0%~n0.log
rem Grant "Change system time" right to user1
ntrights.exe +r SeSystemtimePrivilege -u "user1" >> %~dp0%~n0.log
echo End process %date% %time% >> %~dp0%~n0.log
rem Reboot if you need
shutdown /r /t 10