How do you guys assign the Backup Operator’s privileges to Standard Users? Been trying to figure out for the past weeks but no luck :neutral: . Maybe consider to help a friend out? XD
I’m trying to recreate a box similar to those boxes but I’m stuck upon trying to assign the privilege to a Standard User. I managed to put the user in the Backup Operators group and have restricted privileges of “SeBackupPrivilege” and “SeRestorePrivilege” when I run “whoami /priv” on an elevated prompt; but no privileges when I run “whoami /priv” on a normal, not elevated prompt. Now, what I’m trying to achieve is that I would like the Standard User to be able to have those privileges even without running an elevated prompt.
How did you do it on on XEN?
This can be useful GitHub - giuliano108/SeBackupPrivilege: Use SE_BACKUP_NAME/SeBackupPrivilege to access objects you shouldn't have access to
Type your comment> @TazWake said:
How did you do it on on XEN?
This can be useful GitHub - giuliano108/SeBackupPrivilege: Use SE_BACKUP_NAME/SeBackupPrivilege to access objects you shouldn't have access to
That’s only useful if “SeBackupPrivilege” is present, which is not present in my case therefore I’m not able to utilize that in a standard prompt like after logging in to the account using “evil-winrm”.
@LehAnne said:
That’s only useful if “SeBackupPrivilege” is present, which is not present in my case therefore I’m not able to utilize that in a standard prompt like after logging in to the account using “evil-winrm”.
Ok, then don’t you already need to have elevated privileges to add the user to an elevated privilege group?
If the account doesn’t currently have SeBackupPrivilege, this has to be done by an account (or GPO) with the rights to assign privileges. If you have SYSTEM or Administrator it may be possible with powershell:
Set-LHSTokenPrivilege -Privilege SeBackupPrivilege
If you are a normal user account, I really dont think this will work.
Type your comment> @sparkla said:
I’m really no AD expert but my next question would be what OS version you use and which tools. Try to find a “powershell” way to do the task, that’s usually a good route. I mostly use the Server Manager for these things, or powershell.
It’s a Windows Server 2019, yup will try to look through the scripts again. Thanks for the suggestions mate, appreciate it 
That’s only useful if “SeBackupPrivilege” is present, which is not present in my case therefore I’m not able to utilize that in a standard prompt like after logging in to the account using “evil-winrm”.
Ok, then don’t you already need to have elevated privileges to add the user to an elevated privilege group?
If the account doesn’t currently have SeBackupPrivilege, this has to be done by an account (or GPO) with the rights to assign privileges. If you have SYSTEM or Administrator it may be possible with powershell:
Set-LHSTokenPrivilege -Privilege SeBackupPrivilegeIf you are a normal user account, I really dont think this will work.
Standard Prompt
Privilege Name Description State
========================= ========================= ======
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
C:\Users\Amanda>
Elevated Prompt
Privilege Name Description State
============================= ============================== ========
SeBackupPrivilege Back up files and directories Disabled
SeRestorePrivilege Restore files and directories Disabled
SeShutdownPrivilege Shut down the system Disabled
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
C:\Windows\system32>
The user is currently in Backup Operators group as she has both the privileges “SeBackupPrivilege” and “SeRestorePrivilege”, but this will only show if I use an elevated prompt to execute “whoami /priv”.
I want those privileges to be shown in the standard prompt for the challengers to see. The elevated prompt is just here to show that those privileges have been assigned which won’t be made accessible to the challengers.
To my understanding, the AdjustTokenPrivilege API is just to switch between on/off for the access tokens as long as it’s present within “whoami /priv”. Correct me if I’m wrong. Cheers.
These rights are just assigned if you have an interactive logon on the domain controller