Privileges New to Windows Vista

All versions of Windows (and Windows Vista is no exception) have added new privileges to mitigate new threats or to provide a protection mechanism for new functionality. In Windows, privileges can be represented by an index or a string constant. Chapter 5, “Creating Secure and Resilient Services,” describes all the privileges in Windows Vista and the following lists the index and string constant for the privileges new to Windows Vista.

SE_TRUSTED_CREDMAN_ACCESS_NAME (“SeTrustedCredManAccessPrivilege”)

SE_TRUSTED_CREDMAN_ACCESS_PRIVILEGE (31L)

This privilege is used by Credential Manager during Backup/Restore. No accounts should have this privilege because it is only assigned to Winlogon. Users’ saved credentials might be compromised if this privilege is given to other entities.

SE_RELABEL_NAME (“SeRelabelPrivilege”)

SE_RELABEL_PRIVILEGE (32L)

Granted to no accounts by default, this privilege allows a user to set any integrity level, potentially violating the No-Write up integrity rule.

SE_INC_WORKING_SET_NAME (“SeIncreaseWorkingSetPrivilege”)

SE_INC_WORKING_SET_ PRIVILEGE (33L)

Granted to all users by default, this privilege allows a principal to increase the working set for a process.

SE_TIME_ZONE_NAME (“SeTimeZonePrivilege”)

SE_TIME_ZONE_ PRIVILEGE (34L)

Granted to all users by default, this privilege allows a user to set the computer’s time zone, but not the system time.

SE_CREATE_SYMBOLIC_LINK_NAME (“SeCreateSymbolicLinkPrivilege”)

SE_CREATE_SYMBOLIC_LINK_ PRIVILEGE (35L)

This privilege determines if the user can create a symbolic link. Symlinks have been a source of many Mac OS X, Linux, and Unix security bugs in the past [(CVE-2005-2714), (CVE-2006-1247), and (CVE-2006-4124)]. The mklink command requires this privilege, which is granted only to administrators by default.