GrofLuigi Posted February 27, 2017 Share Posted February 27, 2017 (edited) *Edit: I'm moviing the text to the top because the stupid forum software ate it after the table. While I remember on XP/Win2003 most of them were enabled and there was a slight benefit enabling those that weren't (granting lock pages in memory right or debugprivilege)... I forgot most of it already. Of course I'll try enabling most of them, if not all, because I hate artificial restrictions Microsoft is putting to restrict the way how I use my computer, even if I won't see any benefit. The real question is: Will it break something? Common sense says it shouldn't, but I wouldn't be surprised if Microsoft has put artificial blockades just to make our life miserable. While I'm at it, I might grant system/trusted installer some more rights if they lack some, because I'm generous. I have armed myself with NTrights (reports say it still works on Win7 x64), as well as with few powershell scripts... Wish me luck. The output of whoami /priv: PRIVILEGES INFORMATION ---------------------- Privilege Name Description State =============================== ========================================= ======== SeAssignPrimaryTokenPrivilege Replace a process level token Disabled SeLockMemoryPrivilege Lock pages in memory Disabled SeIncreaseQuotaPrivilege Adjust memory quotas for a process Disabled SeSecurityPrivilege Manage auditing and security log Disabled SeTakeOwnershipPrivilege Take ownership of files or other objects Disabled SeLoadDriverPrivilege Load and unload device drivers Disabled SeSystemProfilePrivilege Profile system performance Disabled SeSystemtimePrivilege Change the system time Disabled SeProfileSingleProcessPrivilege Profile single process Disabled SeIncreaseBasePriorityPrivilege Increase scheduling priority Disabled SeCreatePagefilePrivilege Create a pagefile Disabled SeBackupPrivilege Back up files and directories Disabled SeRestorePrivilege Restore files and directories Disabled SeShutdownPrivilege Shut down the system Disabled SeDebugPrivilege Debug programs Disabled SeSystemEnvironmentPrivilege Modify firmware environment values Disabled SeChangeNotifyPrivilege Bypass traverse checking Enabled SeRemoteShutdownPrivilege Force shutdown from a remote system Disabled SeUndockPrivilege Remove computer from docking station Disabled SeManageVolumePrivilege Perform volume maintenance tasks Disabled SeImpersonatePrivilege Impersonate a client after authentication Enabled SeCreateGlobalPrivilege Create global objects Enabled SeIncreaseWorkingSetPrivilege Increase a process working set Disabled SeTimeZonePrivilege Change the time zone Disabled SeCreateSymbolicLinkPrivilege Create symbolic links Disabled Edited February 27, 2017 by GrofLuigi Link to comment Share on other sites More sharing options...
GrofLuigi Posted February 28, 2017 Author Share Posted February 28, 2017 (edited) Well, it seems that whoami /priv doesn't tell the whole truth, it disregards the privileges that are part of the group (administrators) and are in fact enabled for the account. Out of the three PowerShell scripts I found, two were intended for processes, and the third one requires newer version of PowerShell than the one that is in Win7 SP1, so I'm putting that on hold for now. I've turned my attention fully to good old ntrights, but how to check the privileges if whoami is inaccurate? Well, in the same Resource tools kit for Server2003 there is showpriv.exe. I've parsed the output of both to textfile, sorted it and deleted the crud, so I'm left with the list of privileges. Now only to compare. But no two lists are the same (including whoami's and the output of accesschk.exe), and I've also read that ntrights has some undocumented privileges, so everything needs to be tripple-checked. So far, it doesn't seem promising, at least for the Administrator account (yeah, I've been using that one since day one of Windows install ), there isn't much left to do. * After several edits: the forum editor is disastrous, it is impossible to bold something (I've done it manually), and paste doesn't paste at the cursor position. Edited February 28, 2017 by GrofLuigi Link to comment Share on other sites More sharing options...
dencorso Posted February 28, 2017 Share Posted February 28, 2017 2 hours ago, GrofLuigi said: * After several edits: the forum editor is disastrous, it is impossible to bold something (I've done it manually), and paste doesn't paste at the cursor position. Not always: it depends on the browser and on the browser version, so that it's somewhat less crappy on FF 49+ and quite bad on IE up to 9. The older versions, which did implement BBCode right was way much better than this lame duck we're now stuck with, however Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now