WinSecWiki > Security Settings > Local Policies > User Rights > User Rights In-Depth > Profile single process

Profile single process

AKA: SeProfileSingleProcessPrivilege, Profile single process

Default assignment: Administrators

Microsoft documentation claims this right is required for using performance monitoring tools to monitor “non-system processes” however in my testing I was able to monitor performance counters for any process without this right or its related “Profile system performance” right. All I needed was Read permission to HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\perflib and HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securepipeservers\winreg. 

This right is apparently required if you use the undocumented API NTCreateProfile to perform application profiling in user mode. Application profiling is a very low level, activity normally performed by programmer trying analyze or reverse engineer an application. As such this right should not be granted to individual users and only to trusted applications that monitor other programs.

Back to top


Additional Resources