Some privilege of Windows2000

Source: Internet
Author: User
Tags domain to domain least privilege advantage backup
Tell me about some of the privilege of the 2000.
Privilege provides a means for local administrators to control what permissions are allowed or what system operations can be performed.
such as allow interactive landing and so on. Here we say the privilege refers to the special operation of the required permissions, such as backup AH what! Once a certain privilege has been granted,
These privileges are included in the user's secure access token. This is some basic concept that can be seen below and easier to understand.
The system always assigns appropriate privileges to each local group for ease of administration and never changes this privilege, which can be divided into built-in capabilities, standard user power, and advanced user power in the NT system, but in 2000 the standard rights and senior powers have been replaced by user privileges, You can map the NT rights to privileges in 2000 only if you trust the computer and user account (SeEnableDelegationPrivilege) for delegation and remove the computer from the dock (Seundockprivilege).
Pay attention to some of the 2000 questions. Not all abilities have a right to match, so it is not possible to use power exactly to match the group's built-in capabilities. And because
The predefined allocation of specific group capabilities and the inability to copy all capabilities into power make it difficult to distinguish between tasks and only the concept of least privilege is enforced.


Then there is a lack of a security structure at the domain level that leads to the difficulty of granting management functionality. 2000 after the introduction of AD, it is allowed to distinguish between tasks, but also to grant
The corresponding management level to domain and OU.
Here are some specific user privileges, there should be 26, also said 28.
SeTcbPrivilege
Become part of the OS
Allows a process to be identified as a user, so you can access the appropriate resources like a user. Only the underlying authentication service requires such privileges so no workstation, stand-alone server, or DC has this set to someone's rights.
SeMachineAccountPrivilege
Add workstation to domain for this privilege to be enabled, you must ensure that this user is in the domain controller local Security policy.
SeBackupPrivilege
Back up files and directories.
Allows users to bypass file and directory permissions for backup. This privilege is checked only when an application attempts to access the NTFS backup API. By default, this privilege is assigned to administrators and backup Operators.
SeChangeNotifyPrivilege
Bypass traversal checking.
Allows users to move directories back and forth, but the contents of the folder cannot be listed. By default, this privilege is given to administrators,
Backup Operators, Power Users, users, and everyone, in other words, everyone has this right.
SeSystemtimePrivilege
Change the system time.
Administrators and Power users have this right by default.
Secreatepagefileprivilege
Create a paging file.
Allows the user to create and change the size of a paging file. By default, only administrators has this privilege.
SeCreateTokenPrivilege
Creates a token object.
Allows a process to call NtCreateToken () or another token-creating APIs to create an access token.
SeCreatePermanentPrivilege
Create a permanent shared object.
Allows a process to create a directory object in the 2000 Project manager.
SeDebugPrivilege
Debug the program.
Allows a user to connect to a debugger to debug any process. Administrators has this privilege by default.
SeEnableDelegationPrivilege
Trust computers and user accounts for delegation.
Allows a user to change trust for delegation only if the user or computer has write permissions on the Account Control flag for that object.
SeRemoteShutdownPrivilege
Shut down the system remotely.
Administrators has this privilege by default.
SeAuditPrivilege
Generate security audits.
Allows an application to create, generate, and add a record in the security log.
Seincreasequotaprivilege
Increase the limit.
Allowing a process with write properties to take advantage of other processes to get more processor quotas is a privilege that facilitates system debugging, but also causes
The possibility of DOS.
Seincreasebaseprorityprivilege
Increase the scheduling priority.
Allows a process with write properties to take advantage of other processes to get more execution precedence. Users with this privilege can change the scheduling priority of a process in Task Manager. This privilege is administrators by default.




Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.