WinSecWiki > Security Settings > Local Policies > User Rights > User Rights In-Depth > Debug programs

Debug programs

Note: This is an admin-equivalent right.

AKA: SeDebugPrivilege, Debug programs

Default assignment: Administrators

This extremely powerful right allows the user to attach a special program called a debugger to any process including the kernel. This right allows a skilled programmer to invade any process, even highly privileged system processes, with their own arbitrary code. This right should never be granted to programmers or other users on production servers. Programmers do not need this right for processes already running under their own user account. See

Tightly restrict this right to programmers on development systems.

By default this right is not audited even if you enable Audit privilege use. See Full Privilege Auditing.

Back to top


Additional Resources