Microsoft MVP성태의 닷넷 이야기
VS.NET IDE: 20. Win32 특권 정리 [링크 복사], [링크+제목 복사],
조회: 36306
글쓴 사람
정성태 (techsharer at outlook.com)
홈페이지
첨부 파일
 
(연관된 글이 2개 있습니다.)
MSDN 도움말에서 2개의 토픽을 발췌했습니다. 찾아보기 귀찮아서. ^^;


User Rights

User rights are rules that determine the actions a user can perform. Unless the computer is a domain controller, they are computer-specific policies. If it is a domain controller, the computer policy extends to all domain controllers in the domain.

Note

In the current release of Windows NT, the set of user rights is defined by the system and cannot be changed. Future versions of Windows NT may allow software developers to define new user rights appropriate to their application.

User rights can be assigned to individual user accounts, but are usually (and more efficiently) assigned to groups. Predefined (built-in) groups have sets of user rights already assigned. Administrators usually assign user rights by adding a user account to one of the predefined groups or by creating a new group and assigning specific user rights to that group. Users who are subsequently added to a group automatically gain all user rights assigned to the group account.

There are several user rights that administrators of high-security installations should be aware of and possibly audit. Of these, you might want to change the default permissions for two rights: Log on locally and Shut down the system.

Table 2.1 Default user rights that may require changing


User Right

Groups assigned this right by default

Recommended change

Log on locally
Allows a user to log on at the computer, from the computer's keyboard.

Administrators, Backup Operators, Everyone, Guests, Power Users, and Users

Deny Everyone and Guests this right.

Shut down the system (SeShutdownPrivilege)
Allows a user to shut down Windows NT.

Administrators, Backup Operators, Everyone, Power Users, and Users

Deny Everyone and Users this right.


The rights in the following table generally require no changes to the default settings, even in the most highly secure installations.

Table 2.2 Default user rights

Right

Allows

Initially assigned to

Access this computer from the network

A user to connect to the computer over the network.

Administrators, Everyone, Power Users

Act as part of the operating system
(SeTcbPrivilege)

A process to perform as a secure, trusted part of the operating system. Some subsystems are granted this right.

(None)

Add workstations to the domain (SeMachineAccountPrivilege)

Nothing. This right has no effect on computers running Windows NT.

(None)

Back up files and directories
(SeBackupPrivilege)

A user to back up files and directories. This right supersedes file and directory permissions.

Administrators, Backup Operators

Bypass traverse checking (SeChangeNotifyPrivilege)

A user to change directories and to access files and subdirectories, even if the user has no permission to access parent directories.

Everyone

Change the system time
(SeSystemTimePrivilege)

A user to set the time for the internal clock of the computer.

Administrators, Power Users

Create a pagefile
(SeCreatePagefilePrivilege)

Nothing. This right has no effect in current versions of Windows NT.

Administrators

Create a token object
(SeCreateTokenPrivilege)

A process to create access tokens. Only the Local Security Authority can do this.

(None)

Create permanent shared objects
(SeCreatePermanentPrivilege)

A user to create special permanent objects, such as \\Device, that are used within Windows NT.

(None)

Debug programs
(SeDebugPrivilege)

A user to debug various low-level objects, such as threads.

Administrators

Force shutdown from a remote system
(SeRemoteShutdownName)

A user to shut down a remote computer.

Administrators

Generate security audits
(SeAuditPrivilege)

A process to generate security-audit log entries.

(None)

Increase quotas
(SeIncreaseQuotaPrivilege)

Nothing. This right has no effect in current versions of Windows NT.

(None)

Increase scheduling priority
(SeIncreaseBasePriorityPrivilege)

A user to boost the execution priority of a process.

Administrators, Power Users

Load and unload device drivers
(SeLoadDriverPrivilege)

A user to install and remove device drivers.

Administrators

Lock pages in memory
(SeLockMemoryPrivilege)

A user to lock pages in memory so they cannot be paged out to a backing store, such as Pagefile.sys.

(None)

Log on as a batch job

Nothing. This right has no effect in current versions of Windows NT.

(None)

Log on as a service

A process to register with the system as a service.

(None)

Log on locally

A user to log on at the computer from the computer keyboard.

Administrators, Backup Operators, Guests, Power Users, Users

Manage auditing and security log
(SeSecurityPrivilege)

A user to specify what types of resource access (such as file access) are to be audited, and to view and clear the security log. This right does not allow a user to set system auditing policy using Audit on the User Manager Policy menu. Members of the Administrators group can always view and clear the security log.

Administrators

Modify firmware environment variables
(SeSystemEnvironmentPrivilege)

A user to modify system- environment variables stored in nonvolatile RAM on systems that support this type of configuration.

Administrators

Profile single process
(SeProfSingleProcess)

A user to perform profiling (performance sampling) on a process.

Administrators, Power Users

Profile system performance
(SeSystemProfilePrivilege)

A user to perform profiling (performance sampling) on the system.

Administrators

Replace a process-level token
(SeAssignPrimaryTokenPrivilege)

A user to modify a process's security-access token. This is a powerful right, used only by the system.

(None)

Restore files and directories
(SeRestorePrivilege)

A user to restore backed-up files and directories. This right supersedes file and directory permissions.

Administrators, Backup Operators

Shut down the system
(SeShutdownPrivilege)

A user to shut down Windows NT.

Administrators, Backup Operators, Power Users, Users

Take ownership of files or other objects
(SeTakeOwnershipPrivilege)

A user to take ownership of files, directories, printers, and other objects on the computer. This right supersedes permissions protecting objects.

Administrators


 

HOWTO: How to Obtain a Handle to Any Process with SeDebugPrivilege

SUMMARY

In Windows NT, you can retrieve a handle to any process in the system by enabling the SeDebugPrivilege in the calling process. The calling process can then call the OpenProcess() Win32 API to obtain a handle with PROCESS_ALL_ACCESS.

MORE INFORMATION

This functionality is provided for system-level debugging purposes. For debugging non-system processes, it is not necessary to grant or enable this privilege.

This privilege allows the caller all access to the process, including the ability to call TerminateProcess(), CreateRemoteThread(), and other potentially dangerous Win32 APIs on the target process.

Take great care when granting SeDebugPrivilege to users or groups.

Sample Code

The following source code illustrates how to obtain SeDebugPrivilege in order to get a handle to a process with PROCESS_ALL_ACCESS. The sample code then calls TerminateProcess on the resultant process handle.

#define RTN_OK 0
#define RTN_USAGE 1
#define RTN_ERROR 13

#include <windows.h>
#include <stdio.h>

BOOL SetPrivilege(
    HANDLE hToken,          // token handle
    LPCTSTR Privilege,      // Privilege to enable/disable
    BOOL bEnablePrivilege   // TRUE to enable.  FALSE to disable
    );

void DisplayError(LPTSTR szAPI);

int main(int argc, char *argv[])
{
    HANDLE hProcess;
    HANDLE hToken;
    int dwRetVal=RTN_OK; // assume success from main()

    // show correct usage for kill
    if (argc != 2)
    {
        fprintf(stderr,"Usage: %s [ProcessId]\n", argv[0]);
        return RTN_USAGE;
    }

    if(!OpenProcessToken(
            GetCurrentProcess(),
            TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
            &hToken
            )) return RTN_ERROR;

    // enable SeDebugPrivilege
    if(!SetPrivilege(hToken, SE_DEBUG_NAME, TRUE))
    {
        DisplayError("SetPrivilege");

        // close token handle
        CloseHandle(hToken);

        // indicate failure
        return RTN_ERROR;
    }

   // open the process
    if((hProcess = OpenProcess(
            PROCESS_ALL_ACCESS,
            FALSE,
            atoi(argv[1]) // PID from commandline
            )) == NULL)
    {
        DisplayError("OpenProcess");
        return RTN_ERROR;
    }

    // disable SeDebugPrivilege
    SetPrivilege(hToken, SE_DEBUG_NAME, FALSE);

    if(!TerminateProcess(hProcess, 0xffffffff))
    {
        DisplayError("TerminateProcess");
        dwRetVal=RTN_ERROR;
    }

    // close handles
    CloseHandle(hToken);
    CloseHandle(hProcess);

    return dwRetVal;
}

BOOL SetPrivilege(
    HANDLE hToken,          // token handle
    LPCTSTR Privilege,      // Privilege to enable/disable
    BOOL bEnablePrivilege   // TRUE to enable.  FALSE to disable
    )
{
    TOKEN_PRIVILEGES tp;
    LUID luid;
    TOKEN_PRIVILEGES tpPrevious;
    DWORD cbPrevious=sizeof(TOKEN_PRIVILEGES);

    if(!LookupPrivilegeValue( NULL, Privilege, &luid )) return FALSE;

    //
    // first pass.  get current privilege setting
    //
    tp.PrivilegeCount           = 1;
    tp.Privileges[0].Luid       = luid;
    tp.Privileges[0].Attributes = 0;

    AdjustTokenPrivileges(
            hToken,
            FALSE,
            &tp,
            sizeof(TOKEN_PRIVILEGES),
            &tpPrevious,
            &cbPrevious
            );

    if (GetLastError() != ERROR_SUCCESS) return FALSE;

    //
    // second pass.  set privilege based on previous setting
    //
    tpPrevious.PrivilegeCount       = 1;
    tpPrevious.Privileges[0].Luid   = luid;

    if(bEnablePrivilege) {
        tpPrevious.Privileges[0].Attributes |= (SE_PRIVILEGE_ENABLED);
    }
    else {
        tpPrevious.Privileges[0].Attributes ^= (SE_PRIVILEGE_ENABLED &
            tpPrevious.Privileges[0].Attributes);
    }

    AdjustTokenPrivileges(
            hToken,
            FALSE,
            &tpPrevious,
            cbPrevious,
            NULL,
            NULL
            );

    if (GetLastError() != ERROR_SUCCESS) return FALSE;

    return TRUE;
}

void DisplayError(
    LPTSTR szAPI    // pointer to failed API name
    )
{
    LPTSTR MessageBuffer;
    DWORD dwBufferLength;

    fprintf(stderr,"%s() error!\n", szAPI);

    if(dwBufferLength=FormatMessage(
                FORMAT_MESSAGE_ALLOCATE_BUFFER |
                FORMAT_MESSAGE_FROM_SYSTEM,
                NULL,
                GetLastError(),
                GetSystemDefaultLangID(),
                (LPTSTR) &MessageBuffer, // FormatMessage가 실패하면 이 포인터 값은 null로 반환
                0,
                NULL
                ))
    {
        DWORD dwBytesWritten;

        //
        // Output message string on stderr
        //
        WriteFile(
                GetStdHandle(STD_ERROR_HANDLE),
                MessageBuffer,
                dwBufferLength,
                &dwBytesWritten,
                NULL
                );

        //
        // free the buffer allocated by the system
        //
        LocalFree(MessageBuffer); // LocalFree의 경우 내부적으로 null 체크를 하기 때문에, 전달한 포인터에 대한 사전 null 체크가 필요 없습니다.
    }
}
   

 


[연관 글]






[최초 등록일: ]
[최종 수정일: 7/4/2025]

Creative Commons License
이 저작물은 크리에이티브 커먼즈 코리아 저작자표시-비영리-변경금지 2.0 대한민국 라이센스에 따라 이용하실 수 있습니다.
by SeongTae Jeong, mailto:techsharer at outlook.com

비밀번호

댓글 작성자
 



2015-06-15 04시36분
정성태

... 151  152  153  154  155  156  157  [158]  159  160  161  162  163  164  165  ...
NoWriterDateCnt.TitleFile(s)
1193정성태12/8/201126588오류 유형: 142. Windows Phone SDK 7.1 설치 시 Expression Blend 제거를 요구하는 경우
1192정성태12/8/201129511개발 환경 구성: 136. Windows 7 SP1의 IIS에서 사용자 프로파일을 로드하는 방법
1191정성태12/6/201130852.NET Framework: 280. MVC3에서 JavaScriptSerializer 재정의하는 방법파일 다운로드1
1190정성태12/6/201133869오류 유형: 141. Visual C++ 컴파일 오류 - error C2275: 'xxxxx' : illegal use of this type as an expression [1]
1189정성태12/6/201141416VS.NET IDE: 70. Visual Studio에서 프로젝트 로드가 안된다면?
1188정성태12/3/201130053개발 환경 구성: 135. 마이크로소프트 TFS 호스팅 서비스 - Preview [3]
1187정성태12/2/201135082개발 환경 구성: 134. Robocopy 오류 및 종료 코드
1186정성태12/1/201137249.NET Framework: 279. WPF - 그리기 성능 및 Blurring 문제파일 다운로드1
1185정성태11/29/201126389.NET Framework: 278. WPF - Content의 Changed 이벤트에 해당하는게 뭔가요?파일 다운로드1
1184정성태11/29/201130506.NET Framework: 277. F#과 WPF가 어울리지 못하는 근본적인 이유 [2]
1183정성태11/26/201125083오류 유형: 140. Visual Studio 2010 - Floating된 에디트 윈도우가 사라지지 않는 경우 [2]
1182정성태11/25/201161900.NET Framework: 276. 중복 없는 숫자를 랜덤으로 배열하는 방법 [5]파일 다운로드1
1181정성태11/24/201131890디버깅 기술: 44. windbg의 mscordacwks DLL 로드 문제
1180정성태11/23/201141600.NET Framework: 275. 레지스트리 등록 및 Interop DLL 없이 COM 개체 사용하는 방법 [2]파일 다운로드1
1179정성태11/22/201131697.NET Framework: 274. ReaderWriterLockSlim은 언제 쓰는 걸까요? [4]파일 다운로드1
1178정성태11/19/201128772.NET Framework: 273. 설치된 .NET 버전에 민감한 코드를 포함하는 경우, 다중으로 어셈블리를 만들어야 할까요?파일 다운로드1
1177정성태11/18/201133950.NET Framework: 272. 소켓 연결 시간 제한 - 두 번째 이야기 [1]파일 다운로드1
1176정성태11/17/201133457.NET Framework: 271. C#에서 확인해 보는 관리 힙의 인스턴스 구조 [3]파일 다운로드1
1175정성태11/16/201131422.NET Framework: 270. .NET 참조 개체 인스턴스의 Object Header를 확인하는 방법 [1]파일 다운로드1
1174정성태11/15/201130594.NET Framework: 269. 일반 참조형의 기본 메모리 소비는 얼마나 될까요? [4]
1173정성태11/14/201126451.NET Framework: 268. .NET Array는 왜 12bytes의 기본 메모리를 점유할까? [1]
1172정성태11/13/201123241.NET Framework: 267. windbg - GC Heap에서 .NET 타입에 대한 배열을 찾는 방법
1171정성태11/12/201140676.NET Framework: 266. StringBuilder에서의 OutOfMemoryException 오류 원인 분석 [4]파일 다운로드1
1170정성태11/10/201129934.NET Framework: 265. Named 동기화 개체 생성 시 System.UnauthorizedAccessException 예외 발생하는 경우
1169정성태11/10/201132850.NET Framework: 264. 다중 LAN 카드 환경에서 Dns.GetHostAddresses(local)가 반환해 주는 IP의 우선순위는 어떻게 될까요? [4]
1168정성태11/6/201129110오류 유형: 139. TlbImp : error TI0000 : A single valid machine type compatible with the input type library must be specified
... 151  152  153  154  155  156  157  [158]  159  160  161  162  163  164  165  ...