Typically, access to an object is determined by comparing the user and group memberships in the user's access token with permissions for the object. However, some activities performed by users are not associated with a particular object.
For example, you may want certain individuals to be able to create regular backups for the server. These people should be able to do their job without regard to permissions that have been set on those files. In cases like this, an administrator could assign specific user rights (sometimes called privileges) to give users or groups access to services that normal discretionary access control does not provide. (You can use the dialog box shown below from the User Manager tool to assign user rights.)
Backing up files and directories, shutting down the computer, logging on interactively, and changing the system times are all examples of user rights defined by Windows NT.
Note In the current release of Windows NT, the set of user rights is defined by the system and cannot be changed. Future versions of Windows NT may allow software developers to define new user rights appropriate to their application.
For more information about permissions and user rights, see the Windows NT System Guide. Details for administrators are also included in the Windows NT Advanced Server Concepts and Planning Guide and the Windows NT Advanced Server System Guide.