Privileges can be required to access system resources, and it can be a nuisance when an API call fails because a privilege is not available. This application displays the privileges available to the process token for the current logged on User.
If run as administrator, it will show the elevated privileges. In general, if a privilege is required for an API function, the application should be running with elevated credentials as a standard user has very few privileges. The application may also need to enable the privilege, before the API function is called.

For example there are a number of API functions to create a process, and only some of these require privileges:

  • CreateProcessWithTokenW
    must have the SE_IMPERSONATE_NAME privilege.
  • CreateProcessAsUser
    must have the SE_INCREASE_QUOTA_NAME privilege and may require the SE_ASSIGNPRIMARYTOKEN_NAME privilege if the token is not assignable
  • CreateProcessWithLogonW
    requires no special privileges as the new process runs in the security context of the Logon User
  • CreateProcess
    requires no special privileges as the new process runs in the security context of the calling process

The following screen image illustrates the privileges available for an elevated user.
Name:  Token Privileges.png
Views: 93
Size:  115.5 KB

From this example, the elevated user can call the CreateProcessWithTokenW, but before calling the CreateProcessAsUser, the application must first enable the SeIncreaseQuotaPrivilege. But this API would still return unsuccessful if the token is not assignable, because this elevated user does not have the SeAssignedPrimaryTokenPrivilege.

This application also has code to enable and disable a privilege.

The attached project also includes more detailed information on this application.