Check or Attack Name: Debug Privilege

A user has been detected with the Debug Programs privilege. This right is normally only granted to Administrators, and can be used to obtain higher access levels. Under some circumstances, it may be best not to grant this right to any user.

Verify Advanced user rights in User Manager.

To audit and revoke this privilege, follow these steps:

1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
2. From the Policies menu, select User Rights to display the User Rights Policy dialog box.
3. Select the Show Advanced User Rights check box.
4. From the Right list, select Debug programs.
5. Verify this right is set in accordance with your security policy.
6. To remove a user, select the user and click Remove.

Microsoft Knowledge Base Article Q155075, Cannot End Service Processes with Task Manager, http://support.microsoft.com/support/kb/articles/q155/0/75.asp

Microsoft Knowledge Base Article Q101366, Definition and List of Windows NT Advanced User Rights, http://support.microsoft.com/support/kb/articles/q101/3/66.asp