Check or Attack Name: Backup Privilege

A user has been detected with the Back up Files and Directories privilege. This right is normally only granted to Administrators and Backup Operators, and can be used to read any file or registry key, regardless of permissions. If the user also has Restore Files and Directories privileges, the ownership of files and other objects can be changed.

Check user rights for Back up files and Directories. Remove any names disallowed by your security policy.

To audit and revoke this privilege, follow these steps:

1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
2. From the Policies menu, select User Rights to display the User Rights Policy dialog box.
3. From the Right list, select Back up files and directories.
4. Verify this right is set in accordance with your security policy.
5. To remove a user, select the user and click Remove.

Microsoft Knowledge Base Article Q104221, Windows NT Backup and Security, http://support.microsoft.com/support/kb/articles/q104/2/21.asp