Code Field Name Description
SeAssignPrimaryTokenPrivilege Privileges Replace a process-level token Required to assign the primary token of a process. With this privilege, the user can initiate a process to replace the default token associated with a started subprocess.
SeAssignPrimaryTokenPrivilege Privileges Replace a process-level token Required to assign the primary token of a process. With this privilege, the user can initiate a process to replace the default token associated with a started subprocess.
SeAuditPrivilege Privileges Generate security audits With this privilege, the user can add entries to the security log.
SeBackupPrivilege Privileges Back up files and directories - Required to perform backup operations. With this privilege, the user can bypass file and directory, registry, and other persistent object permissions for the purposes of backing up the system. This privilege causes the system to grant all read access control to any file, regardless of the access control list (ACL) specified for the file. Any access request other than read is still evaluated with the ACL. The following access rights are granted if this privilege is held: READ_CONTROL, ACCESS_SYSTEM_SECURITY, FILE_GENERIC_READ, FILE_TRAVERSE
SeChangeNotifyPrivilege Privileges Bypass traverse checking Required to receive notifications of changes to files or directories. This privilege also causes the system to skip all traversal access checks. With this privilege, the user can traverse directory trees even though the user may not have permissions on the traversed directory. This privilege does not allow the user to list the contents of a directory, only to traverse directories.
SeCreateGlobalPrivilege Privileges Create global objects Required to create named file mapping objects in the global namespace during Terminal Services sessions.
SeCreatePagefilePrivilege Privileges Create a pagefile With this privilege, the user can create and change the size of a pagefile.
SeCreatePagefilePrivilege Privileges Create permanent shared objects Required to create a permanent object. This privilege is useful to kernel-mode components that extend the object namespace. Components that are running in kernel mode already have this privilege inherently; it is not necessary to assign them the privilege.
SeCreateSymbolicLinkPrivilege Privileges Create symbolic links Required to create a symbolic link.
SeCreateTokenPrivilege Privileges Create a token object Allows a process to create a token which it can then use to get access to any local resources when the process uses NtCreateToken() or other token-creation APIs. When a process requires this privilege, we recommend using the LocalSystem account (which already includes the privilege), rather than creating a separate user account and assigning this privilege to it.
SeDebugPrivilege Privileges Debug programs Required to debug and adjust the memory of a process owned by another account. With this privilege, the user can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need this user right. Developers who are debugging new system components need this user right. This user right provides complete access to sensitive and critical operating system components.
SeEnableDelegationPrivilege Privileges Enable computer and user accounts to be trusted for delegation Required to mark user and computer accounts as trusted for delegation. With this privilege, the user can set the Trusted for Delegation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or under a user context) that is trusted for delegation can access resources on another computer using the delegated credentials of a client, as long as the account of the client does not have the Account cannot be delegated account control flag set.
SeImpersonatePrivilege Privileges Impersonate a client after authentication With this privilege, the user can impersonate other accounts.
SeIncreaseBasePriorityPrivilege Privileges Increase scheduling priority Required to increase the base priority of a process. With this privilege, the user can use a process with Write property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface.
SeIncreaseQuotaPrivilege Privileges Adjust memory quotas for a process Required to increase the quota assigned to a process. With this privilege, the user can change the maximum memory that can be consumed by a process.
SeIncreaseWorkingSetPrivilege Privileges Increase a process working set Required to allocate more memory for applications that run in the context of users.
SeLoadDriverPrivilege Privileges Load and unload device drivers Required to load or unload a device driver. With this privilege, the user can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers.
SeLockMemoryPrivilege Privileges Lock pages in memory Required to lock physical pages in memory. With this privilege, the user can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM).
SeMachineAccountPrivilege Privileges Add workstations to domain With this privilege, the user can create a computer account. This privilege is valid only on domain controllers.
SeManageVolumePrivilege Privileges Perform volume maintenance tasks Required to run maintenance tasks on a volume, such as remote defragmentation.