Windows Security — Privileges

Privileges are rights given for a specific account (user/group) which allows performing different system related operations on the local computer. Think about: changing the system time, loading a device driver, shutting down the system and more. There is a difference between access rights to privileges (https://learn.microsoft.com/en-us/windows/win32/secauthz/privileges).

Thus, we can say that privileges control the access to system resources/system related tasks while access rights control access to securable objects (such as files, directories, registry keys and more). We assign privileges to user/group accounts whereas access rights are granted as part of DACLs (more on that in future writeups).

Moreover, the operating system represents a privilege in a category of “User Rights Assignments”. We can modify them using the “Local Group Policy” (or the “Group Policy”) MMC snap-in (https://learn.microsoft.com/en-us/windows/win32/secauthz/privilege-constants) — as shown in the screenshot below.

Lastly, the privileges are defined using constants in the following pattern “SE_[DESCRIPTION]_NAME” and also has a text format which is in the pattern of “Se[DESCRIPTION]Privilege”. A couple of examples are: “SE_CREATE_PAGEFILE_NAME”\”SeCreatePagefilePrivilege” which enables creating a new pagefile, “SE_DEBUG_NAME”\”SeDebugPrivilege” which is required for debugging/adjusting the memory of a processes owned by a different user account and “SE_LOAD_DRIVER_NAME”\”SeLoadDriverPrivilege” which is required to load/unload a device driver (it is also the one marked in the screenshot below).

See you next time ;-) You can follow me on twitter — @boutnaru (https://twitter.com/boutnaru).