WinSecWiki

WinSecWiki » Windows Security Settings » Local Policies » User Rights Assignment » User Rights In-Depth » Debug programs

Debug programs

Debug programs

Note: This is an admin-equivalent right.

AKA: SeDebugPrivilege, Debug programs

Default assignment: Administrators

This extremely powerful right allows the user to attach a special program called a debugger to any process including the kernel. This right allows a skilled programmer to invade any process, even highly privileged system processes, with their own arbitrary code. This right should never be granted to programmers or other users on production servers. Programmers do not need this right for processes already running under their own user account. See http://www.leastprivilege.com/SeDebugPrivilegeAndDebuggerUsers.aspx.

Tightly restrict this right to programmers on development systems.

By default this right is not audited even if you enable Audit privilege use. See Full Privilege Auditing.

Add Your Comments

Name:	*
Email Address:
Web Address:

Verification Code:	*

Details

Article not rated yet.
Article has been viewed 1,595 times.

Options

Bookmark Article
Social Bookmarks

Social Bookmarks
Comments RSS

Comments RSS

Upcoming Webinars

Additional Resources

Home

Windows

WinSecWiki

User name:
Password:
	/ Forgot?
	Register

Home

About | Contact

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2012 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.