Question on security priviledges

  • Thread starter Thread starter LarryG
  • Start date Start date
L

LarryG

I have a terminal service application that I support. It basically
logs everyone on as the same user (transparent to them) and does its
thing. Part of what it does fails and logs some event messages under
the security Source. These are the priviledges that it seems to log
failures on:

SeCreateGlobalPriviledge
SeIcreaseBasePriorityPriviledge

If I make this user a local admin this will work. Because every user
transparently signs on with this user id I dont want to do give it
admin. Does anyone know how to translate these privs. into the listed
privs. in the "local securtiy policy"?

thx all...
 
Hello,

The information below should assist you:

SeIncreaseBasePriorityPrivilege ---> Increase Scheduling Priority
The user can boost the scheduling priority of a process.


The "Create Global Objects" User Right (SeCreateGlobalPrivilege)
The "Create global objects" user right (SeCreateGlobalPrivilege) is a
Windows 2000 security setting that was first introduced in Windows 2000
SP4. The user right is required for a user account to create global
objects in a Terminal Services session. Note that users can still create
session-specific objects without being assigned this user right. By
default, members of the Administrators
group, the System account, and Services that are started by the Service
Control Manager are assigned the "Create global objects" user right.

101366 Definition and List of Windows NT Advanced User Rights
http://support.microsoft.com/?id=101366

821546 Overview of the "Impersonate a Client After Authentication" and the
http://support.microsoft.com/?id=821546

Thank You.

Diana.

(e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Hello,

The information below should assist you:

SeIncreaseBasePriorityPrivilege ---> Increase Scheduling Priority
The user can boost the scheduling priority of a process.


The "Create Global Objects" User Right (SeCreateGlobalPrivilege)
The "Create global objects" user right (SeCreateGlobalPrivilege) is a
Windows 2000 security setting that was first introduced in Windows 2000
SP4. The user right is required for a user account to create global
objects in a Terminal Services session. Note that users can still create
session-specific objects without being assigned this user right. By
default, members of the Administrators
group, the System account, and Services that are started by the Service
Control Manager are assigned the "Create global objects" user right.

101366 Definition and List of Windows NT Advanced User Rights
http://support.microsoft.com/?id=101366

821546 Overview of the "Impersonate a Client After Authentication" and the
http://support.microsoft.com/?id=821546

Thank You.

Diana.

(e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.
Click to expand...
Diana, thx this really helps.

Larry
 
Back
Top