Commonly Abused Windows Token Privileges: SeBackupPrivilege

Picture of Henry Zhang Henry Zhang : Updated on October 9, 2025

Endpoint Hardening Senteon Technical Cybersecurity Managed Endpoint Hardening System hardening

SeBackupPrivilege — Back up files and directories

Determines which users can bypass file and directory, registry, and other persistent object permissions for the purposes of backing up the system. This user right is effective only when an application attempts access through the NTFS backup application programming interface (API) through a tool such as NTBACKUP.EXE. Otherwise, standard file and directory permissions apply.

GPO Setting Path

Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment

GPO Setting Name

Back up files and directories

Token Privilege

SeBackupPrivilege

Associated ATT&CK Tactic(s)

Collection (TA0009)

1 min read

Commonly Abused Windows Token Privileges: SeRestorePrivilege

Picture of Henry Zhang Henry Zhang : Nov 1, 2021 9:45:00 AM

SeRestorePrivilege — Restore files and directories Determines which users can bypass file, directory, registry, and other persistent object...

Endpoint Hardening Senteon Technical Cybersecurity Managed Endpoint Hardening System hardening
READ MORE

1 min read

Commonly Abused Windows Token Privileges: SeTakeOwnershipPrivilege

Picture of Henry Zhang Henry Zhang : Nov 8, 2021 9:30:00 AM

SeTakeOwnershipPrivilege — Take ownership of files or other objects Determines which users can take ownership of any securable object in the device,...

Endpoint Hardening Senteon Technical Cybersecurity Managed Endpoint Hardening System hardening
READ MORE

1 min read

Windows Logon Session Types: Batch

Picture of Henry Zhang Henry Zhang : Nov 29, 2021 11:45:00 AM

Logon Type — Batch Used to run a scheduled task as a specified account.

Endpoint Hardening Senteon Technical Cybersecurity Managed Endpoint Hardening System hardening
READ MORE