Microsoft MVP성태의 닷넷 이야기
VS.NET IDE: 20. Win32 특권 정리 [링크 복사], [링크+제목 복사],
조회: 27203
글쓴 사람
정성태 (techsharer at outlook.com)
홈페이지
첨부 파일
 
(연관된 글이 2개 있습니다.)
MSDN 도움말에서 2개의 토픽을 발췌했습니다. 찾아보기 귀찮아서. ^^;


User Rights

User rights are rules that determine the actions a user can perform. Unless the computer is a domain controller, they are computer-specific policies. If it is a domain controller, the computer policy extends to all domain controllers in the domain.

Note

In the current release of Windows NT, the set of user rights is defined by the system and cannot be changed. Future versions of Windows NT may allow software developers to define new user rights appropriate to their application.

User rights can be assigned to individual user accounts, but are usually (and more efficiently) assigned to groups. Predefined (built-in) groups have sets of user rights already assigned. Administrators usually assign user rights by adding a user account to one of the predefined groups or by creating a new group and assigning specific user rights to that group. Users who are subsequently added to a group automatically gain all user rights assigned to the group account.

There are several user rights that administrators of high-security installations should be aware of and possibly audit. Of these, you might want to change the default permissions for two rights: Log on locally and Shut down the system.

Table 2.1 Default user rights that may require changing


User Right

Groups assigned this right by default

Recommended change

Log on locally
Allows a user to log on at the computer, from the computer's keyboard.

Administrators, Backup Operators, Everyone, Guests, Power Users, and Users

Deny Everyone and Guests this right.

Shut down the system (SeShutdownPrivilege)
Allows a user to shut down Windows NT.

Administrators, Backup Operators, Everyone, Power Users, and Users

Deny Everyone and Users this right.


The rights in the following table generally require no changes to the default settings, even in the most highly secure installations.

Table 2.2 Default user rights

Right

Allows

Initially assigned to

Access this computer from the network

A user to connect to the computer over the network.

Administrators, Everyone, Power Users

Act as part of the operating system
(SeTcbPrivilege)

A process to perform as a secure, trusted part of the operating system. Some subsystems are granted this right.

(None)

Add workstations to the domain (SeMachineAccountPrivilege)

Nothing. This right has no effect on computers running Windows NT.

(None)

Back up files and directories
(SeBackupPrivilege)

A user to back up files and directories. This right supersedes file and directory permissions.

Administrators, Backup Operators

Bypass traverse checking (SeChangeNotifyPrivilege)

A user to change directories and to access files and subdirectories, even if the user has no permission to access parent directories.

Everyone

Change the system time
(SeSystemTimePrivilege)

A user to set the time for the internal clock of the computer.

Administrators, Power Users

Create a pagefile
(SeCreatePagefilePrivilege)

Nothing. This right has no effect in current versions of Windows NT.

Administrators

Create a token object
(SeCreateTokenPrivilege)

A process to create access tokens. Only the Local Security Authority can do this.

(None)

Create permanent shared objects
(SeCreatePermanentPrivilege)

A user to create special permanent objects, such as \\Device, that are used within Windows NT.

(None)

Debug programs
(SeDebugPrivilege)

A user to debug various low-level objects, such as threads.

Administrators

Force shutdown from a remote system
(SeRemoteShutdownName)

A user to shut down a remote computer.

Administrators

Generate security audits
(SeAuditPrivilege)

A process to generate security-audit log entries.

(None)

Increase quotas
(SeIncreaseQuotaPrivilege)

Nothing. This right has no effect in current versions of Windows NT.

(None)

Increase scheduling priority
(SeIncreaseBasePriorityPrivilege)

A user to boost the execution priority of a process.

Administrators, Power Users

Load and unload device drivers
(SeLoadDriverPrivilege)

A user to install and remove device drivers.

Administrators

Lock pages in memory
(SeLockMemoryPrivilege)

A user to lock pages in memory so they cannot be paged out to a backing store, such as Pagefile.sys.

(None)

Log on as a batch job

Nothing. This right has no effect in current versions of Windows NT.

(None)

Log on as a service

A process to register with the system as a service.

(None)

Log on locally

A user to log on at the computer from the computer keyboard.

Administrators, Backup Operators, Guests, Power Users, Users

Manage auditing and security log
(SeSecurityPrivilege)

A user to specify what types of resource access (such as file access) are to be audited, and to view and clear the security log. This right does not allow a user to set system auditing policy using Audit on the User Manager Policy menu. Members of the Administrators group can always view and clear the security log.

Administrators

Modify firmware environment variables
(SeSystemEnvironmentPrivilege)

A user to modify system- environment variables stored in nonvolatile RAM on systems that support this type of configuration.

Administrators

Profile single process
(SeProfSingleProcess)

A user to perform profiling (performance sampling) on a process.

Administrators, Power Users

Profile system performance
(SeSystemProfilePrivilege)

A user to perform profiling (performance sampling) on the system.

Administrators

Replace a process-level token
(SeAssignPrimaryTokenPrivilege)

A user to modify a process's security-access token. This is a powerful right, used only by the system.

(None)

Restore files and directories
(SeRestorePrivilege)

A user to restore backed-up files and directories. This right supersedes file and directory permissions.

Administrators, Backup Operators

Shut down the system
(SeShutdownPrivilege)

A user to shut down Windows NT.

Administrators, Backup Operators, Power Users, Users

Take ownership of files or other objects
(SeTakeOwnershipPrivilege)

A user to take ownership of files, directories, printers, and other objects on the computer. This right supersedes permissions protecting objects.

Administrators


 

HOWTO: How to Obtain a Handle to Any Process with SeDebugPrivilege

SUMMARY

In Windows NT, you can retrieve a handle to any process in the system by enabling the SeDebugPrivilege in the calling process. The calling process can then call the OpenProcess() Win32 API to obtain a handle with PROCESS_ALL_ACCESS.

MORE INFORMATION

This functionality is provided for system-level debugging purposes. For debugging non-system processes, it is not necessary to grant or enable this privilege.

This privilege allows the caller all access to the process, including the ability to call TerminateProcess(), CreateRemoteThread(), and other potentially dangerous Win32 APIs on the target process.

Take great care when granting SeDebugPrivilege to users or groups.

Sample Code

The following source code illustrates how to obtain SeDebugPrivilege in order to get a handle to a process with PROCESS_ALL_ACCESS. The sample code then calls TerminateProcess on the resultant process handle.

#define RTN_OK 0
#define RTN_USAGE 1
#define RTN_ERROR 13

#include <windows.h>
#include <stdio.h>

BOOL SetPrivilege(
    HANDLE hToken,          // token handle
    LPCTSTR Privilege,      // Privilege to enable/disable
    BOOL bEnablePrivilege   // TRUE to enable.  FALSE to disable
    );

void DisplayError(LPTSTR szAPI);

int main(int argc, char *argv[])
{
    HANDLE hProcess;
    HANDLE hToken;
    int dwRetVal=RTN_OK; // assume success from main()

    // show correct usage for kill
    if (argc != 2)
    {
        fprintf(stderr,"Usage: %s [ProcessId]\n", argv[0]);
        return RTN_USAGE;
    }

    if(!OpenProcessToken(
            GetCurrentProcess(),
            TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
            &hToken
            )) return RTN_ERROR;

    // enable SeDebugPrivilege
    if(!SetPrivilege(hToken, SE_DEBUG_NAME, TRUE))
    {
        DisplayError("SetPrivilege");

        // close token handle
        CloseHandle(hToken);

        // indicate failure
        return RTN_ERROR;
    }

   // open the process
    if((hProcess = OpenProcess(
            PROCESS_ALL_ACCESS,
            FALSE,
            atoi(argv[1]) // PID from commandline
            )) == NULL)
    {
        DisplayError("OpenProcess");
        return RTN_ERROR;
    }

    // disable SeDebugPrivilege
    SetPrivilege(hToken, SE_DEBUG_NAME, FALSE);

    if(!TerminateProcess(hProcess, 0xffffffff))
    {
        DisplayError("TerminateProcess");
        dwRetVal=RTN_ERROR;
    }

    // close handles
    CloseHandle(hToken);
    CloseHandle(hProcess);

    return dwRetVal;
}

BOOL SetPrivilege(
    HANDLE hToken,          // token handle
    LPCTSTR Privilege,      // Privilege to enable/disable
    BOOL bEnablePrivilege   // TRUE to enable.  FALSE to disable
    )
{
    TOKEN_PRIVILEGES tp;
    LUID luid;
    TOKEN_PRIVILEGES tpPrevious;
    DWORD cbPrevious=sizeof(TOKEN_PRIVILEGES);

    if(!LookupPrivilegeValue( NULL, Privilege, &luid )) return FALSE;

    //
    // first pass.  get current privilege setting
    //
    tp.PrivilegeCount           = 1;
    tp.Privileges[0].Luid       = luid;
    tp.Privileges[0].Attributes = 0;

    AdjustTokenPrivileges(
            hToken,
            FALSE,
            &tp,
            sizeof(TOKEN_PRIVILEGES),
            &tpPrevious,
            &cbPrevious
            );

    if (GetLastError() != ERROR_SUCCESS) return FALSE;

    //
    // second pass.  set privilege based on previous setting
    //
    tpPrevious.PrivilegeCount       = 1;
    tpPrevious.Privileges[0].Luid   = luid;

    if(bEnablePrivilege) {
        tpPrevious.Privileges[0].Attributes |= (SE_PRIVILEGE_ENABLED);
    }
    else {
        tpPrevious.Privileges[0].Attributes ^= (SE_PRIVILEGE_ENABLED &
            tpPrevious.Privileges[0].Attributes);
    }

    AdjustTokenPrivileges(
            hToken,
            FALSE,
            &tpPrevious,
            cbPrevious,
            NULL,
            NULL
            );

    if (GetLastError() != ERROR_SUCCESS) return FALSE;

    return TRUE;
}

void DisplayError(
    LPTSTR szAPI    // pointer to failed API name
    )
{
    LPTSTR MessageBuffer;
    DWORD dwBufferLength;

    fprintf(stderr,"%s() error!\n", szAPI);

    if(dwBufferLength=FormatMessage(
                FORMAT_MESSAGE_ALLOCATE_BUFFER |
                FORMAT_MESSAGE_FROM_SYSTEM,
                NULL,
                GetLastError(),
                GetSystemDefaultLangID(),
                (LPTSTR) &MessageBuffer,
                0,
                NULL
                ))
    {
        DWORD dwBytesWritten;

        //
        // Output message string on stderr
        //
        WriteFile(
                GetStdHandle(STD_ERROR_HANDLE),
                MessageBuffer,
                dwBufferLength,
                &dwBytesWritten,
                NULL
                );

        //
        // free the buffer allocated by the system
        //
        LocalFree(MessageBuffer);
    }
}
   

 


[연관 글]






[최초 등록일: ]
[최종 수정일: 2/15/2005]

Creative Commons License
이 저작물은 크리에이티브 커먼즈 코리아 저작자표시-비영리-변경금지 2.0 대한민국 라이센스에 따라 이용하실 수 있습니다.
by SeongTae Jeong, mailto:techsharer at outlook.com

비밀번호

댓글 작성자
 



2015-06-15 04시36분
정성태

1  2  3  4  [5]  6  7  8  9  10  11  12  13  14  15  ...
NoWriterDateCnt.TitleFile(s)
13516정성태1/7/20242344닷넷: 2196. IIS - AppPool의 "Disable Overlapped Recycle" 옵션의 부작용
13515정성태1/6/20242622닷넷: 2195. async 메서드 내에서 C# 7의 discard 구문 활용 사례 [1]
13514정성태1/5/20242309개발 환경 구성: 702. IIS - AppPool의 "Disable Overlapped Recycle" 옵션
13513정성태1/5/20242224닷넷: 2194. C# - WebActivatorEx / System.Web의 PreApplicationStartMethod 특성
13512정성태1/4/20242176개발 환경 구성: 701. IIS - w3wp.exe 프로세스의 ASP.NET 런타임을 항상 Warmup 모드로 유지하는 preload Enabled 설정
13511정성태1/4/20242198닷넷: 2193. C# - ASP.NET Web Application + OpenAPI(Swashbuckle) 스펙 제공
13510정성태1/3/20242120닷넷: 2192. C# - 특정 실행 파일이 있는지 확인하는 방법 (Linux)
13509정성태1/3/20242169오류 유형: 887. .NET Core 2 이하의 프로젝트에서 System.Runtime.CompilerServices.Unsafe doesn't support netcoreapp2.0.
13508정성태1/3/20242223오류 유형: 886. ORA-28000: the account is locked
13507정성태1/2/20242878닷넷: 2191. C# - IPGlobalProperties를 이용해 netstat처럼 사용 중인 Socket 목록 구하는 방법파일 다운로드1
13506정성태12/29/20232465닷넷: 2190. C# - 닷넷 코어/5+에서 달라지는 System.Text.Encoding 지원
13505정성태12/27/20232993닷넷: 2189. C# - WebSocket 클라이언트를 닷넷으로 구현하는 예제 (System.Net.WebSockets)파일 다운로드1
13504정성태12/27/20232579닷넷: 2188. C# - ASP.NET Core SignalR로 구현하는 채팅 서비스 예제파일 다운로드1
13503정성태12/27/20232443Linux: 67. WSL 환경 + mlocate(locate) 도구의 /mnt 디렉터리 검색 문제
13502정성태12/26/20232565닷넷: 2187. C# - 다른 프로세스의 환경변수 읽는 예제파일 다운로드1
13501정성태12/25/20232326개발 환경 구성: 700. WSL + uwsgi - IPv6로 바인딩하는 방법
13500정성태12/24/20232416디버깅 기술: 194. Windbg - x64 가상 주소를 물리 주소로 변환
13498정성태12/23/20233102닷넷: 2186. 한국투자증권 KIS Developers OpenAPI의 C# 래퍼 버전 - eFriendOpenAPI NuGet 패키지
13497정성태12/22/20232496오류 유형: 885. Visual Studiio - error : Could not connect to the remote system. Please verify your connection settings, and that your machine is on the network and reachable.
13496정성태12/21/20232490Linux: 66. 리눅스 - 실행 중인 프로세스 내부의 환경변수 설정을 구하는 방법 (gdb)
13495정성태12/20/20232418Linux: 65. clang++로 공유 라이브러리의 -static 옵션 빌드가 가능할까요?
13494정성태12/20/20232591Linux: 64. Linux 응용 프로그램의 (C++) so 의존성 줄이기(ReleaseMinDependency) - 두 번째 이야기
13493정성태12/19/20232722닷넷: 2185. C# - object를 QueryString으로 직렬화하는 방법
13492정성태12/19/20232397개발 환경 구성: 699. WSL에 nopCommerce 예제 구성
13491정성태12/19/20232271Linux: 63. 리눅스 - 다중 그룹 또는 사용자를 리소스에 권한 부여
13490정성태12/19/20232401개발 환경 구성: 698. Golang - GLIBC 의존을 없애는 정적 빌드 방법
1  2  3  4  [5]  6  7  8  9  10  11  12  13  14  15  ...