Privilege constants windows

User Right: Replace a process-level token. Required to generate audit-log entries. Give this privilege to secure servers. User Right: Generate security audits. Required to perform backup operations. This privilege causes the system to grant all read access control to any file, regardless of the access control list ACL specified for the file.

Any access request other than read is still evaluated with the ACL. Required to receive notifications of changes to files or directories. This privilege also causes the system to skip all traversal access checks.

It is enabled by default for all users. User Right: Bypass traverse checking. Required to create named file mapping objects in the global namespace during Terminal Services sessions. This privilege is enabled by default for administrators, services, and the local system account. User Right: Create global objects. Required to create a primary token. User Right: Create a token object. You cannot add this privilege to a user account with the "Create a token object" policy.

Additionally, you cannot add this privilege to an owned process using Windows APIs. Required to debug and adjust the memory of a process owned by another account. User Right: Debug programs. Required to obtain an impersonation token for another user in the same session. User Right: Impersonate other users. Required to mark user and computer accounts as trusted for delegation. User Right: Enable computer and user accounts to be trusted for delegation.

Required to increase the base priority of a process. User Right: Increase scheduling priority. Required to increase the quota assigned to a process. User Right: Adjust memory quotas for a process. Privacy policy. Skip to main content. This browser is no longer supported. Download Microsoft Edge More info. Contents Exit focus mode. Please rate your experience Yes No. Any additional feedback? Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.

Feedback will be sent to Microsoft: By pressing the submit button, your feedback will be used to improve Microsoft products and services.

Privacy policy. You cannot add privileges to an administrator or user through WMI, you can only enable privileges that the account already has. By default, a local user on a computer can read static data from the WMI repository , write to instances supplied by providers, and execute provider methods, unless the provider enforces special security requirements of its own.

Only administrators can connect to a remote computer , change security descriptors, or change static WMI repository data, such as a WMI class definition.