New Desert Penguin Blog
I will be trying to write a series of blog posts about Windows privileges, in alphabetical order.
In Windows NT (and originally OpenVMS) privileges are attributes of a process that allow the process to perform privileged actions. Yes, it is very tautological*.
A process appears to get its privileges from a combination of the privileges held by the security principal (for example the user) that started it minus privileges dropped (for example by the service control manager) plus the privileges held by any pseudo-group it might belong to (for example SERVICE if it is a service) plus the privileges injected into its access token by software designed to modify access tokens.
Privileged actions include starting threads and processes using another identity (for example a different user), reading and overwriting files regardless of permissions (a backup program would need such a privilege), setting time and time zone and shutting down the system.
In alphabetical order the first...
A while ago I wrote a Windows service for testing permissions. Read about it and download it here.