RemoveInteractiveLogonRight

For RDP access the principal also needs membership in the computer’s local Remote Desktop Users group, which related to the edge MemberOfLocalGroup. When RDP access is possible, the principal will have the edge CanRDP.

Abuse Info

This edge alone does not enable abuse.

Opsec Considerations

No opsec considerations apply to this edge.

References

https://blog.cptjesus.com/posts/userrightsassignment/
https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-rights-assignment

Get Started with BloodHound

Install a Data Collector

Collect Data

OpenGraph

Analyze Attack Path Data

Manage BloodHound

API & Integrations

Resources

RemoveInteractiveLogonRight

Abuse Info

Opsec Considerations

References

Get Started with BloodHound

Install a Data Collector

Collect Data

OpenGraph

Analyze Attack Path Data

Manage BloodHound

API & Integrations

Resources

​Abuse Info

​Opsec Considerations

​References

Abuse Info

Opsec Considerations

References