Critical Privileges in Windows 7
Care must be taken when granting elevated privileges to users’ accounts and programs in Windows systems, as such permissions can be leveraged by malicious users or programs!
For instance, assigning a user with data backup privileges or the ability to change the system time will bypass many access checks. With these privileges a user is capable of reading all files and traverse through all directories. A program may change the system time in order to cause Kerberos authentication to fail. In Windows 7 like previous and later systems some privileges are considered as very critical to the security of systems and it is recommended to take the necessary measures to disallow unnecessary accounts or programs to gain such privileges.
Critical privileges in stand-alone systems can be categorized as follows:
- Act as part of operating system privilege. This allows an application to run as part of the operating system in a trusted environment. This is the most critical privilege in Windows and is granted only the Local System account; even administrators are not granted this privilege.
- Debug programs privilege. This privilege allows an account to debug any process running in Windows. A user account with such privilege can run any code he or she wants in any running process.
- Backup files and directories privilege. Any process running with this privilege will bypass all access control list (ACL) checks, because the process must be able to read all files to build a complete backup. Also, this privilege allows for files and directories to be restored, and this will also ignore ACL checks when copying files to source media.