Vista Forums - View Single Post

Conficker · 05-28-2009

Hi Shawn,

You have no idea how angry I am with me being absent for these past two days, so I couldn't read your answer to my post, and didn't replay in time. Now I am afraid you'll think of me as some uncivil and irresponsible guy. I am really ashamed.

You know, I've been reading your tutorials and your replies for some time lately and I highly value your work - your tutorials are so concise and so easy to understand, almost perfect. And the way you treat people in your replies tells me that you are a really nice person. So I can't forgive myself being such a jerk.

But, well, now I am here.

In your reply you said that you were not sure what I was trying to do with "Debug programs" privilege. Well, I am afraid it would take too much time to explain all my reasons. So I'll try with the simplest one, just as an example.

I use a little program called Daphne. I am sure you know about it. It is some kind of replacement for Task Manager (manages processes and has some other features which are really useful to me). But...whenever I start Daphne, a little window comes up, saying something like: "In order to show full process list Daphne needs 'Debug programs' privilege added to your account...etc." Then, it offers the link to the website where we can find instructions of how to add that privilege to our user rights. The problem is that those instructions, although being very clear, are unusable for me because they assume using SECPOL.MSC in order to access Local Policy Settings. And, as we know, SECPOL.MSC (as well as GPEDIT.MSC) is not included in Vista Home Premium, which I have installed on my computer.

After all researches I made throughout entire WEB, I finally realized that the only way for us, users of Vista (and XP) Home editions, is to manage privileges through the Registry - manually, by using RegEdit tool.

That is the reason why I posted my problem in this forum. I have noticed that you solved many problems people complained at by various registry workarounds you specially created.

Now, referring to the second part of your reply - I did try with Real Built-in Administrator Account. I followed instructions in your tutorial and enabled that account. Then I started Daphne to check out if it had any effect. And - bingo! - it worked: Daphne didn't ask for "Debug programs" privilege, and showed full list of processes.

Someone should say: OK, the problem is solved! But not for me...

First of all, I take very seriously your recommendation not to use Real Built-in Administrator Account all the time. I really don't like the fact that, under this account, "everything installed on my computer have full access to it also". I often have big problems with viruses and trojans, and I can never be sure what may be hidden deep down in my machine.

So, as I have noticed some strange behavior of my system, I decided to disable Built-in Administrator Account. But before I did that, I made a little experiment. I opened elevated command prompt and typed: whoami /priv, just to check my privileges in that new account.

And what did I find? - The list of my privileges was exactly the same as it was in normal administrator account. And, pretty frustrating: only 3 privileges, out of 23 listed, were enabled (Bypass traverse checking, Impersonate a client after authentication and Create global objects). All others (and Debug programs among them) - disabled.

But the strangest thing was that Debug programs privilege was disabled and Daphne worked and didn't request for that privilege, just like it was enabled.

Then I went back to normal administrator account, opened elevated command prompt again, and got exactly the same list of privileges. But now Daphne requested for Debug programs privilege and didn't show full process list.

After all, I am totally confused.

The only thing I know for sure is that I have to provide that lousy privilege (and some others, if possible) by modifying the Registry. And if you, Shawn, cannot teach me how to do that, I really don't know who can.

Regards, Conficker...

Quote: Originally Posted by Brink

Hello Conficker,

I'm not sure what you are trying to do using this. I looked in my secpol.msc. and by default, Administrator accounts have privileges for "Debug Programs". You might see if using the built-in Administrator account may work better for you with it.

Administrator Account

Attachment 13061

Hope this helps,
Shawn

Quote: Originally Posted by Conficker

Hi,

Is there anybody in this world who can tell me:
HOW TO ADD "DEBUG PROGRAMS" PRIVILEGE TO MY ADMINISTRATOR ACCOUNT IN VISTA HOME PREMIUM?

I have posted this question on many forums, and haven't got appropriate answer yet. It is pretty frustrating that most people, even the moderators of some forums, don't know that SECPOL.MSC and GPEDIT.MSC tools are definitely not available in Home editions of XP and Vista.

But let's get to the problem.
Like I said, I have Vista Home Premium 32bit installed on my laptop, and I run it with Administrator account.
For some reasons I need to add "Debug programs" privilege to my account.
This wouldn't be such a problem if I could use secpol.msc or gpedit.msc. But I cannot because these tools are not available in Home Premium. Whenever I try to run them by typing their names in Run dialog, after I hit Enter I get the message:
"Windows cannot find 'secpol.msc'(/'gpedit.msc'). Make sure you typed the name correctly, and try again".

I have lost plenty of time searching the WEB before I found out that these two tools are excluded from Home editions of Vista (and XP). Some smart guys in Microsoft decided that they are not necessary as most of the settings that can be done with them are nothing but plain registry settings. So they left us users to use Regedit tool instead.

OK, now I am aware that, in order to assign "Debug programs" privilege tu my user rights, I have to mess with Registry. We all know how dangerous it can be, especially for a newbie like me. I can't even imagine which entries should I have to add or modify there.

So I'd appreciate very much if someone could give me detailed, step by step, instructions - how to add "Debug programs" privilege to my Administrator account through the Registry.

Thanks in advance.

05-28-2009	#3 (permalink)
Conficker Vista Home Premium 32bit 3 posts	Re: Adding privileges to an account Hi Shawn, You have no idea how angry I am with me being absent for these past two days, so I couldn't read your answer to my post, and didn't replay in time. Now I am afraid you'll think of me as some uncivil and irresponsible guy. I am really ashamed. You know, I've been reading your tutorials and your replies for some time lately and I highly value your work - your tutorials are so concise and so easy to understand, almost perfect. And the way you treat people in your replies tells me that you are a really nice person. So I can't forgive myself being such a jerk. But, well, now I am here. In your reply you said that you were not sure what I was trying to do with "Debug programs" privilege. Well, I am afraid it would take too much time to explain all my reasons. So I'll try with the simplest one, just as an example. I use a little program called Daphne. I am sure you know about it. It is some kind of replacement for Task Manager (manages processes and has some other features which are really useful to me). But...whenever I start Daphne, a little window comes up, saying something like: "In order to show full process list Daphne needs 'Debug programs' privilege added to your account...etc." Then, it offers the link to the website where we can find instructions of how to add that privilege to our user rights. The problem is that those instructions, although being very clear, are unusable for me because they assume using SECPOL.MSC in order to access Local Policy Settings. And, as we know, SECPOL.MSC (as well as GPEDIT.MSC) is not included in Vista Home Premium, which I have installed on my computer. After all researches I made throughout entire WEB, I finally realized that the only way for us, users of Vista (and XP) Home editions, is to manage privileges through the Registry - manually, by using RegEdit tool. That is the reason why I posted my problem in this forum. I have noticed that you solved many problems people complained at by various registry workarounds you specially created. Now, referring to the second part of your reply - I did try with Real Built-in Administrator Account. I followed instructions in your tutorial and enabled that account. Then I started Daphne to check out if it had any effect. And - bingo! - it worked: Daphne didn't ask for "Debug programs" privilege, and showed full list of processes. Someone should say: OK, the problem is solved! But not for me... First of all, I take very seriously your recommendation not to use Real Built-in Administrator Account all the time. I really don't like the fact that, under this account, "everything installed on my computer have full access to it also". I often have big problems with viruses and trojans, and I can never be sure what may be hidden deep down in my machine. So, as I have noticed some strange behavior of my system, I decided to disable Built-in Administrator Account. But before I did that, I made a little experiment. I opened elevated command prompt and typed: whoami /priv, just to check my privileges in that new account. And what did I find? - The list of my privileges was exactly the same as it was in normal administrator account. And, pretty frustrating: only 3 privileges, out of 23 listed, were enabled (Bypass traverse checking, Impersonate a client after authentication and Create global objects). All others (and Debug programs among them) - disabled. But the strangest thing was that Debug programs privilege was disabled and Daphne worked and didn't request for that privilege, just like it was enabled. Then I went back to normal administrator account, opened elevated command prompt again, and got exactly the same list of privileges. But now Daphne requested for Debug programs privilege and didn't show full process list. After all, I am totally confused. The only thing I know for sure is that I have to provide that lousy privilege (and some others, if possible) by modifying the Registry. And if you, Shawn, cannot teach me how to do that, I really don't know who can. Regards, Conficker... Quote: Originally Posted by Brink Hello Conficker, I'm not sure what you are trying to do using this. I looked in my secpol.msc. and by default, Administrator accounts have privileges for "Debug Programs". You might see if using the built-in Administrator account may work better for you with it. Administrator Account Attachment 13061 Hope this helps, Shawn Quote: Originally Posted by Conficker Hi, Is there anybody in this world who can tell me: HOW TO ADD "DEBUG PROGRAMS" PRIVILEGE TO MY ADMINISTRATOR ACCOUNT IN VISTA HOME PREMIUM? I have posted this question on many forums, and haven't got appropriate answer yet. It is pretty frustrating that most people, even the moderators of some forums, don't know that SECPOL.MSC and GPEDIT.MSC tools are definitely not available in Home editions of XP and Vista. But let's get to the problem. Like I said, I have Vista Home Premium 32bit installed on my laptop, and I run it with Administrator account. For some reasons I need to add "Debug programs" privilege to my account. This wouldn't be such a problem if I could use secpol.msc or gpedit.msc. But I cannot because these tools are not available in Home Premium. Whenever I try to run them by typing their names in Run dialog, after I hit Enter I get the message: "Windows cannot find 'secpol.msc'(/'gpedit.msc'). Make sure you typed the name correctly, and try again". I have lost plenty of time searching the WEB before I found out that these two tools are excluded from Home editions of Vista (and XP). Some smart guys in Microsoft decided that they are not necessary as most of the settings that can be done with them are nothing but plain registry settings. So they left us users to use Regedit tool instead. OK, now I am aware that, in order to assign "Debug programs" privilege tu my user rights, I have to mess with Registry. We all know how dangerous it can be, especially for a newbie like me. I can't even imagine which entries should I have to add or modify there. So I'd appreciate very much if someone could give me detailed, step by step, instructions - how to add "Debug programs" privilege to my Administrator account through the Registry. Thanks in advance.
My System Specs