WinSecWiki > Security Settings > Local Policies > User Rights > User Rights In-Depth > Profile single process
Profile single process
AKA: SeProfileSingleProcessPrivilege, Profile single process
Default assignment: Administrators
Microsoft documentation claims this right is required for using performance monitoring tools to monitor “non-system processes” however in my testing I was able to monitor performance counters for any process without this right or its related “Profile system performance” right. All I needed was Read permission to HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\perflib and HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securepipeservers\winreg.
This right is apparently required if you use the undocumented API NTCreateProfile to perform application profiling in user mode. Application profiling is a very low level, activity normally performed by programmer trying analyze or reverse engineer an application. As such this right should not be granted to individual users and only to trusted applications that monitor other programs.
Back to top