Determining privilege levels of running process
-
On WinNT/2K/XP, how do determine what privilege level a process is executing in (eg whether the process has LocalSystem privileges)? Is there any API call to use?
-
Does the process calling these functions require any special access rights? My application can only execute with normal user privileges.
-
the calling process needs the SE_DEBUG_NAME privilege,that can be achieve using AdjustTokenPrivileges
A usual user account should never have assigned SeDebugPrivilege. This is one of the most powerful privileges and can easily be used to make yourself an Admin! UGenn, what exactly do you want to do? Do you try to get this informations about a foreign process or about your own process? And what information do you need? "Privilege level" is a bit ambigious, because the access rights of a process are spread over a couple of places. Do you just want to know if the process is running under the LocalSystem account? Or if the user account the process is running under is a member of the Admins group? Anything about assigned and enabled privileges? I am quite sure I can help you, but I need more input :rolleyes: -- Daniel Lohmann http://www.losoft.de (Hey, this page is worth looking! You can find some free and handy NT tools there :-D )