WinSecWiki > Security Settings > Local Policies > User Rights > User Rights In-Depth > Profile system performance
Profile system performance
AKA: SeProfileSingleProcessPrivilege, Profile system performance
Default assignment: Administrators
Microsoft documentation claims this right is required for using performance monitoring tools to monitor “system processes” however in my testing I was able to monitor performance counters for any process without this right or its related “Profile single process” right. All I needed was Read permission to HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\perflib and HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securepipeservers\winreg.
This right is apparently required if you use the undocumented API NTCreateProfile to perform application profiling in kernel mode. Application profiling is a very low level, activity normally performed by programmer trying analyze or reverse engineer an application. As such this right should not be granted to individual users and only to trusted applications that monitor other programs.
Back to top