For doing a regular health check of our servers, I created a VBScript which queries all the relevant information (free disk space, registry size, security log size, etc.) and dumps that into a HTML file. One particular information I wanted to query remotely was one of target machine's Local Security Policies - "Log on as a service" (under User Rights Assignments).
Apparently, WMI does not have any support to enumerate Local Security Policy, probably because of security reasons. While looking for some third-party tool, I came across DumpSec, which does show remote machine's User Rights Assignments and other Local Security Policies. The problem though with this tool is, it is primarily GUI based and does not show all the rights. Even though it supports command-line parameters (C:\>DUMPSEC /rpt=RIGHTS /saveas=CSV /outfile=report.txt), it still requires output file name to dump the result instead of showing directly on the console. You are then supposed to parse that output file (may be by using FIND) to retrieve the particular piece of information. For example, executing C:\>FIND "SeServiceLogonRight" report.txt would reveal something like this:
SeServiceLogonRight,MACHINENAME\ASPNET,Log on as a service
SeServiceLogonRight,NT AUTHORITY\NETWORK SERVICE,Log on as a service
This obviously doesn't seem very efficient from scripting perspective. It would have been lot easier to get those details via Windows' scripting engine or WMI. On the positive side though, these limitations are motivating me to write my own program to query Local Security Policy (LSP) entries. Gotta revisit Charles Petzold's masterpiece on WIN32 APIs! J