What could I be doing wrong here?
- Added Everyone to local security settings (testing purposes only)
- Forced the policy to update with
gpupdate /force - ran
whoami /priv
The permission I added is not showing under whoami /priv? Why?
In case it is relevant I'm following the instructions from here (and yes I restarted sql server)
The "State" column of the whoami.exe utility has two values - either Enabled or Disabled. However, this does not mean that the user does or does not have access to this privilege. If the privilege is listed at all, then that user has it.
What enabled and disabled mean in this context is something along the lines of "is the privilege currently being used in this process?"
Even if it says disabled using the whoami utility, that doesn't mean that the currently logged on user is not able to request it and use it.
Yeah, it is confusing.
What will happen if a "regular user" tries to do something that requires that SeManageVolumePrivilege privilege, he/she will be given a UAC prompt, after which he/she will have that SeManageVolumePrivilege privilege. Even if the UAC prompt is suppressed, there will still be some code executed that grants the user that privilege when necessary.