WinSecWiki > Security Settings > Local Policies > User Rights > User Rights In-Depth > Debug programs
Debug programs
Note: This is an admin-equivalent right.
AKA: SeDebugPrivilege, Debug programs
Default assignment: Administrators
This extremely powerful right allows the user to attach a special program called a debugger to any process including the kernel. This right allows a skilled programmer to invade any process, even highly privileged system processes, with their own arbitrary code. This right should never be granted to programmers or other users on production servers. Programmers do not need this right for processes already running under their own user account. See https://leastprivilege.com/2004/08/19/sedebugprivilege-and-debugger-users/.
Tightly restrict this right to programmers on development systems.
By default this right is not audited even if you enable Audit privilege use. See Full Privilege Auditing.
Back to top