showpriv privilegeshowpriv privilege
Where:
Note
For more information on error codes returned by ShowPriv, type
net helpmsg errorNumber
| Privilege | Windows Privilege | Description |
|---|---|---|
| SeTcbPrivilege | Act as part of the operating system | Allows a process to authenticate like a user and thus gain access to the same resources as a user. Only low-level authentication services should require this privilege. |
| SeMachineAccountPrivilege | Add computers to a domain | Allows the user to add a computer to a specific domain. For the privilege to be effective, it must be assigned to the user as part of local security policy for domain controllers in the domain. |
| SeBackupPrivilege | Back up files and directories | Allows the user to circumvent file and directory permissions to back up the system. The privilege is checked only when an application attempts access through the NTFS backup application programming interface (API). Otherwise, normal file and directory permissions apply. By default, this privilege is assigned to Administrators and Backup Operators. See also Restore files and directories in this table. |
| SeChangeNotifyPrivilege | Bypass traverse checking | Allows the user to pass through folders to which the user otherwise has no access while navigating an object path in any Windows file system or in the registry. This privilege does not allow the user to list the contents of a folder; it allows the user only to traverse its directories. By default, this privilege is assigned to Administrators, Backup Operators, Power Users, Users, and Everyone. |
| SeSystemTimePrivilege | Change the system time | Allows the user to set the time for the internal clock of the computer. By default, this privilege is assigned to Administrators and Power Users. |
| SeCreatePagefilePrivilege | Create a page filepagefile | Allows the user to create and change the size of a page file. By default, this privilege is assigned to Administrators. |
| SeCreateTokenPrivilege | Create a token object | Allows a process to create an access token by calling NtCreateToken() or other token-creating APIs. |
| SeCreatePermanentPrivilege | Create permanent shared objects | Allows a process to create a directory object in the Windows 2000 object manager. |
| SeDebugPrivilege | Debug programs | Allows the user to attach a debugger to any process. By default, this privilege is assigned to Administrators. |
| SeEnableDelegationPrivilege | Enable computer and user accounts to be trusted for delegation | Allows the user to change the Trusted for Delegation setting on a User or Computer object in Active Directory. The user or computer that is granted this privilege must also have write access to the account control flags on the object. |
| SeRemoteShutdownPrivilege | Force shutdown from a remote system | Allows a user to shut down a computer from a remote location on the network. See also Shut down the system in this table. By default, this privilege is assigned to Administrators. |
| SeAuditPrivilege | Generate security audits | Allows a process to create, generate, and add entries in the security log. The security log is used to trace unauthorized system access. See also Manage auditing and security log in this table. |
| SeIncreaseQuotaPrivilege | Increase quotas | Allows a process that has Write Property access to another process to increase the processor quota that is assigned to the other process. This privilege is useful for system tuning, but it can be abused, as in a denial of service attack. By default, this privilege is assigned to Administrators. |
| SeIncreaseBasePriorityPrivilege | Increase scheduling priority | Allows a process that has Write Property access to another process to increase the execution priority of the other process. A user with this privilege can change the scheduling priority of a process in the Task Manager dialog box. By default, this privilege is assigned to Administrators. |
| SeLoadDriverPrivilege | Load and unload device drivers | Allows a user to install and uninstall Plug and Play device drivers. Device drivers that are not Plug and Play are not affected by this privilege and can be installed only by Administrators. Because device drivers run as trusted (highly privileged) programs, this privilege can be misused to install hostile programs and give them destructive access to resources. By default, this privilege is assigned to Administrators. |
| SeLockMemoryPrivilege | Lock pages in memory | Allows a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege can significantly degrade system performance. This privilege is obsolete and is therefore never selected. |
| SeSecurityPrivilege | Manage auditing and security log | Allows a user to specify object access auditing options for individual resources such as files, Active Directory objects, and registry keys. Object access auditing is not actually performed unless you have enabled it in Audit Policy (under Security Settings, Local Policies). A user who has this privilege can also view and clear the security log from Event Viewer. By default, this privilege is assigned to Administrators. |
| SeSystemEnvironmentPrivilege | Modify firmware environment values | Allows modification of system environment variables either by a process through an API or by a user through System Properties. By default, this privilege is assigned to Administrators. |
| SeProfileSingleProcessPrivilege | Profile a single process | Allows a user to run Microsoft® Windows NT® and Microsoft® Windows® 2000 performance-monitoring tools to monitor the performance of nonsystem processes. By default, this privilege is assigned to Administrators and Power Users. |
| SeSystemProfilePrivilege | Profile system performance | Allows a user to run Windows NT and Windows 2000 performance-monitoring tools to monitor the performance of system processes. By default, this privilege is assigned to Administrators. |
| SeUndockPrivilege | Remove computer from docking station | Allows the user of a portable computer to undock the computer by clicking Eject PC on the Start menu. By default, this privilege is assigned to Administrators, Power Users, and Users. |
| SeAssignPrimaryTokenPrivilege | Replace a process-level token | Allows a parent process to replace the access token associated with a child process. |
| SeRestorePrivilege | Restore files and directories | Allows a user to circumvent file and directory permissions when restoring backed-up files and directories and to set any valid security principal as the owner of an object. See also Back up files and directories in this table. By default, this privilege is assigned to Administrators and Backup Operators. |
| SeShutdownPrivilege | Shut down the system | Allows a user to shut down the local computer. See also Force shutdown from a remote system in this table. In Windows 2000 Professional: By default, this privilege is assigned to Administrators, Backup Operators, Power Users, and Users. In Windows 2000 Server: By default, this privilege is not assigned to Users, only to Administrators, Backup Operators, and Power Users. |
| SeSynchAgentPrivilege | Synchronize directory service data | Allows a process to provide directory synchronization services. This privilege is relevant only on domain controllers. By default, this privilege is assigned to Administrators and LocalSystem accounts on domain controllers. |
| SeTakeOwnershipPrivilege | Take ownership of files or other objects | Allows a user to take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads. By default, this privilege is assigned to Administrators. |