WinSecWiki > Security Settings > Local Policies > User Rights > User Rights In-Depth > Permanent shared objects
Create permanent shared objects
AKA: SeCreatePermanentPrivilege, Create permanent shared objects
Default assignment: Local System (This default assignment does not show up in Local Security Policy. It is implicit.)
This right is required to create permanent shared objects in the name space of Windows’ object manager. A permanent shared object is one that Windows does not destroy after all references to it are deleted. This is a fairly low level operation usually performed by kernel components that already hold the right. Quite a long time ago, some exploits have been associated with permanent shared objects http://www.textfiles.com/hacking/MICROSOFT/lopht.txt. This right should only be assigned in special situations to accounts running services that integrate deeply with the operating system.
Back to top