Windows Files Folders And Tools (Page 3 of 5) in pdf

directory permissions apply. Default setting:

Local System (or System) has the privilege

Administrators and Backup Operators. See

inherently.

also "Restore files and directories" in this

Allows a user to specify object access

Manage auditing and

table.

auditing options for individual resources such

security log

Allows the user to pass through folders to

as files, Active Directory objects, and registry

Bypass traverse checking

(SeSecurityPrivilege)

which the user otherwise has no access while

keys. Object access auditing is not performed

(SeChangeNotifyPrivileg

navigating an object path in the NTFS file

unless you enable it by using Audit Policy

system or in the registry. This privilege does

(under Security Settings, Local Policies). A

not allow the user to list the contents of a

user who has this privilege can also view and

folder; it allows the user only to traverse its

Allows a user to shut down a computer from

clear the security log from Event Viewer.

Force shutdown from a

directories. Default setting: Administrators,

a remote location on the network. Default

Default setting: Administrators.

remote system

Backup Operators, Power Users, Users, and

setting: Administrators.See also "Shut down

(SeRemoteShutdownPriv

Allows modification of system environment

Modify firmware

Everyone.

the system" in this table.

ilege)

variables either by a process through an API

environment values

Change the system time

Allows the user to adjust the time on the

Generate security audits

Allows a process to generate audit records in

(SeSystemEnvironmentP

or by a user through System Properties.

computer's internal clock. This privilege is

the security log. The security log can be used

Default setting: Administrators.

(SeSystemTimePrivilege)

(SeAuditPrivilege)

rivilege)

not required to change the time zone or other

to trace unauthorized system access. Default

Allows a non-administrative or remote user to

Perform volume

display characteristics of the system time.

setting: Local Service and Network Service.

manage volumes or disks. The operating

maintenance tasks

Default setting: Administrators and Power

Local System (or System) has the privilege

system checks for the privilege in a user's

(SeManageVolumePrivile

Users.

inherently.See also "Manage auditing and

access token when a process running in the

ge)

security log" in this table.

Allows a process to create an access token by

user's security context calls

Create a token object

calling NtCreateToken() or other token-

Allows a user to increase the base priority

SetFileValidData(). Default setting:

(SeCreateTokenPrivilege

Increase scheduling

creating APIs. Default setting: Not assigned.

class of a process. (Increasing relative priority

Administrators.

)

priority

When a process requires this privilege, use

within a priority class is not a privileged

(SeIncreaseBasePriorityP

Allows a user to sample the performance of

Profile single process

the Local System (or System) account, which

rivilege)

operation.) This privilege is not required by

an application process. Default setting:

(SeProfileSingleProcessP

has the privilege inherently. Do not create a

administrative tools supplied with the

Administrators and Power Users.Ordinarily,

rivilege)

separate user account and assign the privilege

operating system but might be required by

you do not need this privilege to use the

to it.

software development tools. Default setting:

Performance snap-in. However, you do need

Administrators.

Allows a process to create a directory object

the privilege if System Monitor is configured

Create permanent shared

in the object manager. This privilege is useful

Allows a user to install and remove drivers

to collect data by using Windows

objects

Load and unload device

(SeCreatePermanentPriv

to kernel-mode components that extend the

drivers

for Plug and Play devices. This privilege is

Management Instrumentation (WMI).

object namespace. Components that are

not required if a signed driver for the new

ilege)

(SeLoadDriverPrivilege)

Allows a user to sample the performance of

Profile system

running in kernel mode have this privilege

hardware already exists in the Driver.cab file

system processes. This privilege is required

performance

inherently. Default setting: Not assigned.

on the computer. Default setting:

by the Performance snap-in only if it is

(SeSystemProfilePrivileg

Administrators.Do not assign this privilege to

Allows the user to create and change the size

configured to collect data by using Windows

Create a pagefile

any user or group other than Administrators.

of a pagefile. This is done by specifying a

Management Instrumentation (WMI). Default

(SeCreatePagefilePrivileg

Device drivers run as trusted (highly

paging file size for a particular drive in the

setting: Administrators.Ordinarily, you do not

privileged) code. A user who has "Load and

Performance Options box on the Advanced

need this privilege to use the Performance

unload device drivers" privilege could

tab of System Properties. Default setting:

snap-in. However, you do need the privilege

unintentionally install malicious code

Administrators.

if System Monitor is configured to collect

masquerading as a device driver. It is

data by using Windows Management

Allows the user to attach a debugger to any

Debug programs

assumed that administrators will exercise

Instrumentation (WMI).

process. This privilege provides access to

(SeDebugPrivilege)

greater care and install only drivers with

sensitive and critical operating system

Allows the user of a portable computer to

verified digital signatures.Note: You must

Remove computer from

components. Default setting: Administrators.

undock the computer by clicking Eject PC on

docking station

have this privilege and also be a member of

the Start menu. Default setting:

(SeUndockPrivilege)

either Administrators or Power Users in order

Allows the user to change the Trusted for

Enable computer and

Administrators, Power Users, and Users.

to install a new driver for a local printer or

Delegation setting on a user or computer

user accounts to be

manage a local printer by setting defaults for

object in Active Directory. The user or

Allows a parent process to replace the access

trusted for delegation

Replace a process-level

options such as duplex printing. The

computer that is granted this privilege must

token that is associated with a child process.

(SeEnableDelegationPrivi

token

requirement to have both the privilege and

also have write access to the account control

Default setting: Local Service and Network

lege)

(SeAssignPrimaryToken

membership in Administrators or Power

flags on the object. Default setting: Not

Service. Local System has the privilege

Privilege)

Users is new to Windows XP Professional.

assigned to anyone on member servers and

inherently.

workstations because it has no meaning in

Allows a process to keep data in physical

Lock pages in memory

Allows a user to circumvent file and directory

Restore files and

those contexts. Delegation of authentication is

memory, which prevents the system from

(SeLockMemoryPrivilege

permissions when restoring backed-up files

directories

a capability that is used by multi - tier

paging the data to virtual memory on disk.

)

and directories and to set any valid security

(SeRestorePrivilege)

client/server applications. It allows a front-

Assigning this privilege can result in

principal as the owner of an object. Default

end service to use the credentials of a client in

significant degradation of system

setting: Administrators and Backup

authenticating to a back-end service. For this

performance. Default setting: Not assigned.

Operators. See also "Back up files and

Windows Files Folders And Tools Page 3

Related Articles

Related forms

Related Categories