| | | Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved. Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact [email protected]. | | | |
IMAGES
VIDEO
COMMENTS
This tutorial will show you how to change User Rights Assignment security policy settings to control users and groups ability to perform tasks in Windows 10. You must be signed in as an administrator to change User Rights Assignment.
Restrict the Adjust memory quotas for a process user right to only users who require the ability to adjust memory quotas to perform their jobs. If this user right is necessary for a user account, it can be assigned to a local machine account instead of to a domain account.
User rights govern the methods by which a user can log on to a system. User rights are applied at the local device level, and they allow users to perform tasks on a device or in a domain. User rights include logon rights and permissions.
You can add, remove, and check User Rights Assignment (remotely / locally) with the following Powershell scripts.
Inappropriate granting of user rights can provide system, administrative, and other high level capabilities. Accounts with the "Adjust memory quotas for a process" user right can adjust memory that is available to processes, and could be used in a denial of service (DoS) attack.
Running the 32-bit version of Excel should intrinsically limit the amount of memory it can use to 2GB (or 3GB/4GB, depending on Windows version and settings) of RAM. (Sadly, this won’t work for web browsers such as Google Chrome or Microsoft Edge that use a different process for ~every~ tab.)
We created the video below to explain the different User Rights Assignment policies that are available and how you can use those policies to control who is able to log onto a device and what they are able to do once they've logged on.
User Rights Assignment. Increase scheduling priority for Windows Server 2012 and earlier. Describes the best practices, location, values, policy management, and security considerations for the Increase scheduling priority security policy setting.
Adjust memory quotas for a process. This privilege determines who can change the maximum memory that can be consumed by a process. This user right is defined in the Default Domain Controller Group Policy object (GPO) and in the local security policy of workstations and servers.
WinSecWiki > Security Settings > Local Policies > User Rights > User Rights In-Depth > Adjust Memory Quotas.