Commonly Abused Windows Token Privileges: SeRestorePrivilege

Picture of Henry Zhang Henry Zhang : Updated on November 4, 2025

Endpoint Hardening Senteon Technical Cybersecurity Managed Endpoint Hardening System hardening

SeRestorePrivilege — Restore files and directories

Determines which users can bypass file, directory, registry, and other persistent object permissions when they restore backed up files and directories, and it determines which users can set valid security principals as the owner of an object.

GPO Setting Path

Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment

GPO Setting Name

Restore files and directories

Token Privilege

SeRestorePrivilege

Associated ATT&CK Tactic(s)

Privilege Escalation (TA0004), Defense Evasion (TA0005), Collection (TA0009), Impact (TA0040)

Commonly Abused Windows Token Privileges: SeBackupPrivilege

Picture of Henry Zhang Henry Zhang : Sep 20, 2021 7:45:00 AM

SeBackupPrivilege — Back up files and directories Determines which users can bypass file and directory, registry, and other persistent object...

Endpoint Hardening Senteon Technical Cybersecurity Managed Endpoint Hardening System hardening
READ MORE

Commonly Abused Windows Token Privileges: SeTakeOwnershipPrivilege

Picture of Henry Zhang Henry Zhang : Nov 8, 2021 9:30:00 AM

SeTakeOwnershipPrivilege — Take ownership of files or other objects Determines which users can take ownership of any securable object in the device,...

Endpoint Hardening Senteon Technical Cybersecurity Managed Endpoint Hardening System hardening
READ MORE

Commonly Abused Windows Token Privileges: SeImpersonatePrivilege

Picture of Henry Zhang Henry Zhang : Oct 11, 2021 8:30:00 AM

SeImpersonatePrivilege — Impersonate a client after authentication Determines which programs are allowed to impersonate a user or another specified...

Endpoint Hardening Senteon Technical Cybersecurity Managed Endpoint Hardening System hardening
READ MORE