restore

privilege::restore requests the restore privilege (SeRestorePrivilege).

Required to perform restore operations. This privilege causes the system to grant all write access control to any file, regardless of the ACL specified for the file. Any access request other than write is still evaluated with the ACL. Additionally, this privilege enables you to set any valid user or group SID as the owner of a file. This privilege is required by the RegLoadKey function. The following access rights are granted if this privilege is held:\

  • WRITE_DAC

  • WRITE_OWNER

  • ACCESS_SYSTEM_SECURITY

  • FILE_GENERIC_WRITE

  • FILE_ADD_FILE

  • FILE_ADD_SUBDIRECTORY

  • DELETE

User Right: Restore files and directories. If the file is located on a removable drive and the "Audit Removable Storage" is enabled, the SE_SECURITY_NAME is required to have ACCESS_SYSTEM_SECURITY.

(docs.microsoft.com)

mimikatz # privilege::restore
Privilege '18' OK

Last updated