The following privilege constants are defined for Windows NT. These constants are defined as strings in WINNT.H. For example, the SE_AUDIT_NAME constant is defined as "SeAuditPrivilege".
The functions that get and adjust the privileges in an access token use the LUID type to identify privileges. Use the LookupPrivilegeValue function to determine the LUID on the local system that corresponds to a privilege constant. Use the LookupPrivilegeName function to convert a LUID to its corresponding string constant.
| Privilege Constant | Description |
|---|---|
| SE_ASSIGNPRIMARYTOKEN_NAME | Required to assign the primary token of a process. |
| SE_AUDIT_NAME | Required to generate audit-log entries. Give this privilege to secure servers. |
| SE_BACKUP_NAME | Required to perform backup operations. |
| SE_CHANGE_NOTIFY_NAME | Required to receive notifications of changes to files or directories. This privilege also causes the system to skip all traversal access checks. It is enabled by default for all users. |
| SE_CREATE_PAGEFILE_NAME | Required to create a paging file. |
| SE_CREATE_PERMANENT_NAME | Required to create a permanent object. |
| SE_CREATE_TOKEN_NAME | Required to create a primary token. |
| SE_DEBUG_NAME | Required to debug a process. |
| SE_INC_BASE_PRIORITY_NAME | Required to increase the base priority of a process. |
| SE_INCREASE_QUOTA_NAME | Required to increase the quota assigned to a process. |
| SE_LOAD_DRIVER_NAME | Required to load or unload a device driver. |
| SE_LOCK_MEMORY_NAME | Required to lock physical pages in memory. |
| SE_PROF_SINGLE_PROCESS_NAME | Required to gather profiling information for a single process. |
| SE_REMOTE_SHUTDOWN_NAME | Required to shut down a system using a network request. |
| SE_RESTORE_NAME | Required to perform restore operations. This privilege enables you to set any valid user or group SID as the owner of an object. |
| SE_SECURITY_NAME | Required to perform a number of security-related functions, such as controlling and viewing audit messages. This privilege identifies its holder as a security operator. |
| SE_SHUTDOWN_NAME | Required to shut down a local system. |
| SE_SYSTEM_ENVIRONMENT_NAME | Required to modify the nonvolatile RAM of systems that use this type of memory to store configuration information. |
| SE_SYSTEM_PROFILE_NAME | Required to gather profiling information for the entire system. |
| SE_SYSTEMTIME_NAME | Required to modify the system time. |
| SE_TAKE_OWNERSHIP_NAME | Required to take ownership of an object without being granted discretionary access. This privilege allows the owner value to be set only to those values that the holder may legitimately assign as the owner of an object. |
| SE_TCB_NAME | This privilege identifies its holder as part of the trusted computer base. Some trusted protected subsystems are granted this privilege. This privilege is required to call the LogonUser function. |
| SE_UNSOLICITED_INPUT_NAME | Required to read unsolicited input from a terminal device. |
| SE_MACHINE_ACCOUNT_NAME | Required to create a machine account. |