Gets or sets system rights granted to the role.


SystemRight SystemRights {get; set;}

Property value

A byte indicating which system rights are granted.

Possible values:

public enum SystemRight
     // No system rights
        None = 0,
     // Log in with password
        LoginWithPassword = 1,
     // Log in without password (single sign-on)
        LoginWithoutPassword = 2,
     // Ignore disabled status in Active Directory and log in anyway
        IgnoreDisabled = 4,
     // Allow using a full shell
        AllowNonRestrictedShell = 8,
     // NoAudit
        NoAudit = 16,
     // Audit always required
        AuditRequired = 32
     // Multi-factor authentication required
        MfaRequired = 512,
     // Permit login when running in emergency mode
        Rescue = 64
     // Allow logging in from the console
        ConsoleLogon = 128
     // Allow logging in remotely (RDP)
        RemoteLogon = 256
     // Allow powershell remote access
        PsRemote = 1024


The Rescue system right allows the user to log in when there are problems with the authorization cache or the auditing service that are preventing all other users from logging in. For example, if auditing is required but the auditing service is not running or not available, only users with the rescue system right will be allowed to log in. The rescue system right requires the Centrify NSS module to be running in “emergency” mode because the adclient process is not running.