We have alluded to one final aspect of access control several times, but never fully explained it: user rights and privileges. User rights and privileges are often used interchangeably. However, they are in fact very different constructs. User rights only govern the methods by which a user can log on. Privileges, however, determine what users can do after they have logged on. You saw privileges in a token in Figures Figure 3-10 and Figure 3-11. Privileges are managed in Group Policy under the User Rights Assignment node, shown in Figure 3-15.

Figure 3-15. You can manage privileges in Group Policy.

In many tools—such as the ...