0
Using Process Explorer tool, we can see the privileges held by a running process. A running process might delete the privileges, and hence effective privileges held by the process would be less than what's allowed to the user/group.
If we open a process in ProcExp, and select 'Security' tab, we can see all privileges currently held by the process, and status of each privilege:
If we select any other process (Service) running under SYSTEM account, it would not have all the privileges (like SeTcbPrivilege) - the process itself might have deleted the process (using AdjustTokenPrivilege with SE_PRIVILEGE_REMOVED flag).
Which command can list the privileges held by a running process?
Ajay
Posted 2017-11-17T09:49:16.553
Reputation: 702
What makes you think that Process Explorer is not already showing the actual running privileges? – DavidPostill – 2017-11-17T21:44:04.567
I already know and I only mentioned it. I was just asking if there is a command-line tool that can do that. I needed to quickly see the outcome, rather than browsing through the process in PE UI everytime I run anew process. – Ajay – 2017-11-18T07:32:50.347
Your question makes no mention of a command line tool. And as far as I know there isn't one. – DavidPostill – 2017-11-18T17:14:24.827
The last line clearly mentions about "command" (unedited, original). Thanks for the response! – Ajay – 2017-11-19T07:40:15.043