$account = "accountName"
$userRight = "SeServiceLogonRight*"
$code = (Start-Process secedit -ArgumentList "/export /areas USER_RIGHTS /cfg c:\policies.inf" -Wait -PassThru).ExitCode
if ($code -eq 0)
{
Write-Output "security template exported successfully exit code $code"
}
else
{
Write-Output "security template export failed exit code $code"
}
$sid = ((Get-LocalUser $account).SID).Value
$policy = Get-Content C:\policies.inf
$newpol = @()
foreach ($line in $policy)
{
if ($line -like $userRight)
{
$line = $line + ",*$sid"
}
$newpol += $line
}
$newpol | Out-File C:\policies.inf -Force
$code = (Start-Process secedit -ArgumentList "/configure /db secedit.sdb /cfg C:\policies.inf /areas USER_RIGHTS /log C:\policies.log" -Wait -PassThru).ExitCode
if ($code -eq 0)
{
Write-Output "exit code $code"
}
else
{
Write-Output "exit code $code"
}
Remove-Item -Path c:\policies.inf -Force