I have been tasked with providing a user with the ability to get conclusive proof that a specific collection of local security policy changes (pushed via Intune) have been applied to their workstation. They don't want to change anything -- just view what's being applied. The custom policies are in the User Rights Assignment subsection of the Local Security Policies. Giving the user additional admin rights isn't an option and I can find no additional policy that would give then read-only access to this information without also giving them additional permissions.
What I've tried so far:
- Having the user open the Local Security Policy MMC as a non-admin. This fails (as expected)
- Having them bypass the MMC by invoking secedit.exe with the /export and /validate options. This also failed due to insuffcient permissions.
- I had them try RSOP. That provided information about user polcies, but told them they didn't have permissions for computer policies.
I found another post here that indicated the information was available from a non-admin session, but the solution seems to require C# and isn't something a user could do on their own. Though I am not a C# SME and might be misinterpreting what the OP listed as their solution. I have not tried this method since I am not really sure how it would be done from an end-user standpoint.
I figure this information has to be stored, at least in a read-only state, on the local system somewhere.