http://blogs.technet.com/voy/archive/2007/03/21/least-privilege-for-services.aspxThis is part 2 of our series of posts on service hardening. "Need to have" and least privilege principle Executing with least privilege is a good practice of computer security. As with the "need to know" principle for information access, there shouldenCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.technet.com/voy/archive/2007/03/21/least-privilege-for-services.aspx#1327697Sat, 23 Jun 2007 01:08:14 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:1327697Ashutosh B<p>I set required privilege for my service to SeBackupPrivilege and then restarted the service. I dumped process's token using my own enumtoken tool and I see that along with SeBackupPrivilege, SeChangeNotifyPrivilege privilege is also present there in the token. Why didn't SCM remove my service's SeChangeNotifyPrivilege? Does system keep this by default for performance reason (for file system traversal) ?</p> http://blogs.technet.com/voy/archive/2007/03/21/least-privilege-for-services.aspx#2834771Wed, 06 Feb 2008 03:35:02 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:2834771The Security Wizard<p>From the cold winter of Seattle, i&amp;#39;ve managed to gather a small bunch of guides that explain the</p>