Revoke-Privilege

Revokes an identity's privileges to perform system operations and certain types of logons.

Syntax

Revoke-Privilege [-Identity] <String> [-Privilege] <String[]> [<CommonParameters>]

Description

Valid privileges are documented on Microsoft's website: Privilege Constants and Account Right Constants. Known values as of August 2014 are:

Related Commands

Parameters

Name Type Description Required? Pipeline Input Default Value
Identity String

The identity to grant a privilege.

true false
Privilege String[]

The privileges to revoke.

true false

EXAMPLE 1

Revoke-Privilege -Identity Batcomputer -Privilege SeServiceLogonRight

Revokes the Batcomputer account's ability to logon as a service. Don't restart that thing!