Jump to content

User not staying in 'Debug Programs' in secpol.msc


Recommended Posts

Right, here's my problem and what I've done so far...

I'm trying to run a program from sysinternals called Filemon (http://www.sysinternals.com/Utilities/Filemon.html), which requires Debugger privileges in order to run.

My system is running Windows XP, SP2. Everything is fully up to date.

My user account is in the Administrators group and I still get the "Your account does not have the debug programs privilege" error.

I added user account to the "debugger Users" group in Computer management > system tools > local users and groups > users. But, after a restart, the error still remained. I tried it the other way round and went to groups and added my user that way. Still nothing.

So I went into the local security policy (secpol.msc) and added my user account to the "Debug programs" policy in Local policies > User Rights Assignment > Debug programs. I restarted for the changes to take effect, and my user accout was no longer in the Debug Programs policy. I tried again and the same thing happened.

I've also tried to use an application called "Unlocker", that requires debugger privileges. I get simaler errors with that. Also, the Filemon and Unlocker applications work fine on my laptop (XP Home, SP2), so I'm ruling out the application as being the problem.

Any ideas? I've spent hours trying to figure this out today, and it's really starting to get to me :?

Link to comment
Share on other sites

Well, on any GOOD operating system there's a command called 'id'. If you run it with the '-a' parameter it will spit out which groups the current user (which usually is you, but doesn't have to be) belongs to.

Windows doesn't have such a thing?

Link to comment
Share on other sites

Very strange, what if you add a group instead of a user to the Debug Programs policy does it stay there then? Can any users sucessfully use programs that require debugger priviledges, such as the built-in Administrator account?

Link to comment
Share on other sites

Thanks for your replys :)

I've tried adding a group, as suggested. Still no joy.

I've tried the built in administrator account too. I also tried making a new account with admin privileges. No luck :(

As for the ID thing... No, I don't think Windows does have anything like that :P

Link to comment
Share on other sites

My only other idea is to try the method XP Home users have to use to get debug privileges on their account(XPHome does not have secpol, gpedit etc):

Get the Windows Resource Kit:


The particular tool we're interested in is Ntrights.exe, and then use a command like:

ntrights +r SeDebugPrivilege +u barrytone

(replace "barrytone" with whatever your user account is named)

You'll have to reboot for this to take effect, I don't know if this will be any different to simply changing the Group Policy settings like you have been.

Link to comment
Share on other sites

Thanks for your continued advice. I'd allready gone and got the resouce kit, tried ntrights... It didn't work. I figured I might try again though. Uninstalled and re-installed the resource kit, and it works! Woo!

Now I can go about getting rid of this irritating little bit of spyware!

Thanks a lot, guys :)

I'd still love to know why I was having problems before though :?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...