Privileges in security design of Windows operation system

Sharing permissions is one of the most important tasks for system administrators, which can be solved with the help of privileges.

Each system administrator knows that the privilege in the operation system context is. This entity is much deeper than it seems at first sight. Below you may find information about the privileges, which can be useful for skillful network administrators and users of different levels.

The Windows operation system uses privileges as the main way for handling permissions. Each process in the operation system is processed in the context of a certain user. It means that each object or process in this system guarantees a security protection of data. This technology allows to implement the security restrictions and a managed data access for the whole system.

The users' accounts are trustful objects of the system. It means that the system can take a decision, which resources should be permitted or prohibited for the certain users' groups or accounts. The privileges are permissions of a certain user or a group of users to perform some actions towards the whole system. You can treat any computer, to which a user is currently locked in, as the system. Therefore, you cannot transfer the privileges to another computer of the network. Every time, logging to the system, it generates a new security descriptor. This security descriptor may contain another set of privileges. When the user tries to perform some privileged operations, the system does not only check the permissions but the state of privileges. The system can switch off the privileges and, in this case, the user will not receive any opportunity to use such operation. Each trusted object or account in the system may have privileges assigned. The privileges can be in the access token in two states. They can be switched on or off as well. However, the most valuable condition is the fact of the privileges' presence in the access token since many functions use to switch it on by themselves.

Below you can find a list of privileges with a short description:

SE_TCB_NAME - is an object, a trusted part of the computer operation system.

SE_BACKUP_NAME - this privilege requires the achievement of the operations.

SE_TAKE_OWNERSHIP_NAME - it allows to become an owner of the protected system's object without evident permissions in the list of a restricted access.

SE_DEBUG_NAME - it requires the privilege for the applications' debugging.

SE_ASSIGNPRIMARYTOKEN_NAME - is a privilege for the assigning of the primary access token to the process.

SE_INCREASE_QUOTA_NAME - is the process the quotes increase needs.

SE_INC_BASE_PRIORITY_NAME - is an increase of the process' basic priority.

SE_LOCK_MEMORY_NAME - is mandatory for the storage of memory pages.

SE_SECURITY_NAME - is a privilege, required for the performance of the security-related operations.

SE_AUDIT_NAME - is necessary for the creation of the auditing records.

SE_SHUTDOWN_NAME - is a privilege for the computer's shut down.

The ideology of the privileges is based on the common security principles of the operation system. Deep knowledge about these aspects is the right way to understand how the system security policies work. The security takes a significant place in the architecture of the Windows operation system. Hence, each user or administrator of the windows network should take into account these privileges.

This artilce has been viewed: 0 times this month, and 12 times in total since published.