WinSecWiki > Security Settings > Local Policies > User Rights > User Rights In-Depth > Profile system performance

Profile system performance

AKA: SeProfileSingleProcessPrivilege, Profile system performance

Default assignment: Administrators

Microsoft documentation claims this right is required for using performance monitoring tools to monitor “system processes” however in my testing I was able to monitor performance counters for any process without this right or its related “Profile single process” right. All I needed was Read permission to HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\perflib and HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securepipeservers\winreg. 

This right is apparently required if you use the undocumented API NTCreateProfile to perform application profiling in kernel mode. Application profiling is a very low level, activity normally performed by programmer trying analyze or reverse engineer an application. As such this right should not be granted to individual users and only to trusted applications that monitor other programs.

Back to top

 

Upcoming Webinars
    Additional Resources