Privileges

ABOUT

Privileges in Windows are rights that an account can be granted to perform a variety of operations on the local system such as managing services, loading drivers, shutting down the system, debugging an application, and more.

Privileges are different from access rights, which a system uses to grant or deny access to securable objects. User and group privileges are stored in a database and granted via an access token when a user logs on to a system. An account can have local privileges on a specific computer and different privileges on different systems if the account belongs to an Active Directory domain. Each time a user attempts to perform a privileged action, the system reviews the user's access token to see if the account has the required privileges, and if so, checks to see if they are enabled. Most privileges are disabled by default. Some can be enabled by opening an administrative cmd.exe or PowerShell console, while others can be enabled manually.

When a privilege is listed for our account in the Disabled state, it means that our account has the specific privilege assigned. Still, it cannot be used in an access token to perform the associated actions until it is enabled.

Enable Privilege

Enable All Token Privs [LINK]

PS C:\> Import-Module .\Enable-Privilege.ps1
PS C:\> .\EnableAllTokenPrivs.ps1

Key Groups

Group	Description
Default Administrators	Domain Admins and Enterprise Admins with unrestricted privileges.
Server Operators	Modify services, access SMB shares, backup files.
Backup Operators	Log onto Domain Controllers (DCs), backup SAM/NTDS database, and access the DC file system via SMB.
Print Operators	Log onto DCs and potentially load malicious drivers.
Hyper-V Administrators	Manage virtual DCs and should be considered equivalent to Domain Admins.
Account Operators	Modify non-protected accounts and groups in the domain.
Remote Desktop Users	Typically used for lateral movement via Remote Desktop Protocol (RDP).
Remote Management Users	Log on to DCs using PowerShell Remoting.
Group Policy Creator Owners	Create new GPOs but need delegated permissions to link them.
Schema Admins	Modify the AD schema structure and insert backdoors into new GPOs.
DNS Admins	Can load malicious DLLs on DCs for persistence but cannot restart the DNS service.

Common User Rights Assignments:

Constant	Setting Name	Standard Assignment	Description
SeNetworkLogonRight	Access this computer from the network	Administrators, Authenticated Users	Allows connecting to a system over the network.
SeRemoteInteractiveLogonRight	Allow log on via Remote Desktop Services	Administrators, Remote Desktop Users	Enables remote desktop access.
SeBackupPrivilege	Back up files and directories	Administrators	Overrides permissions to back up system data.
SeTakeOwnershipPrivilege	Take ownership of objects	Administrators	Assign ownership of NTFS objects, registry keys, etc.
SeDebugPrivilege	Debug programs	Administrators	Attach to or debug processes, even those owned by other users.
SeImpersonatePrivilege	Impersonate a client	Administrators, Service accounts	Act on behalf of another user after authentication.
SeRestorePrivilege	Restore files and directories	Administrators	Bypass permissions for restoring system data.