Privileges

A privilege is a system-wide right carried on a token. Privileges sit alongside identity but are orthogonal to it — they gate specific operations regardless of who you are. This page covers what a privilege is, where they come from, and how they interact with the access check.

Each privilege on a token is in one of four states — absent, present-disabled, present-enabled, or used. This page covers the transitions between states, what AdjustPrivileges does, how FilterToken removes a privilege permanently, and why removal is one-way.

SeBackupPrivilege and SeRestorePrivilege are exempt from the normal "enabled means in effect" rule. They are evaluated only when the caller passes a specific intent flag — BACKUP_INTENT or RESTORE_INTENT — to AccessCheck. This page covers why intent gating exists and how the flags are passed.

Privileges fall into four functional categories — kernel-standalone, AccessCheck-influencing, application-level, and reserved. This page covers what each category does and which privileges fall into each one.