SystemRights
Gets or sets system rights granted to the role.
Syntax
SystemRight SystemRights {get; set;}
Property value
A byte indicating which system rights are granted.
Possible values:
public enum SystemRight { // No system rights None = 0, // Log in with password LoginWithPassword = 1, // Log in without password (single sign-on) LoginWithoutPassword = 2, // Ignore disabled status in Active Directory and log in anyway IgnoreDisabled = 4, // Allow using a full shell AllowNonRestrictedShell = 8, // NoAudit NoAudit = 16, // Audit always required AuditRequired = 32 // Multi-factor authentication required MfaRequired = 512, // Permit login when running in emergency mode Rescue = 64 // Allow logging in from the console ConsoleLogon = 128 // Allow logging in remotely (RDP) RemoteLogon = 256 // Allow powershell remote access PsRemote = 1024 }
Discussion
The Rescue system right allows the user to log in when there are problems with the authorization cache or the auditing service that are preventing all other users from logging in. For example, if auditing is required but the auditing service is not running or not available, only users with the rescue system right will be allowed to log in. The rescue system right requires the Centrify NSS module to be running in “emergency” mode because the adclient process is not running.