WinSecWiki > Security Settings > Local Policies > User Rights > User Rights In-Depth > Permanent shared objects

Create permanent shared objects

AKA: SeCreatePermanentPrivilege, Create permanent shared objects

Default assignment: Local System (This default assignment does not show up in Local Security Policy. It is implicit.)

This right is required to create permanent shared objects in the name space of Windows’ object manager. A permanent shared object is one that Windows does not destroy after all references to it are deleted. This is a fairly low level operation usually performed by kernel components that already hold the right. Quite a long time ago, some exploits have been associated with permanent shared objects http://www.textfiles.com/hacking/MICROSOFT/lopht.txt. This right should only be assigned in special situations to accounts running services that integrate deeply with the operating system.

Back to top

 

Upcoming Webinars
    Additional Resources