If I understand correctly, whoami /priv will return all the priivileges of the current login user. But I don't quite understand the State column. What does enabled and disabled mean?

it indicates if the privilge is currently in use or not. So C:\>whoami /priv PRIVILEGES INFORMATION ---------------------- Privilege Name Description State ============================= ==================================== ======== SeShutdownPrivilege Shut down the system Disabled SeChangeNotifyPrivilege Bypass traverse checking Enabled SeUndockPrivilege Remove computer from docking station Disabled SeIncreaseWorkingSetPrivilege Increase a process working set Disabled SeTimeZonePrivilege Change the time zone Disabled I have all those privs, I am just not currently 'using' some of them. If a user doesn't have a privilege, , its simply not listed. edit: see http://blogs.technet.com/b/askds/archive/2007/11/02/what-s-in-a-token.aspx , search for whoami, the text is buried a bit

I'm still not clear what it really means. For example, whoami /priv returns SeShutdownPrivilege with Disabled State. Can that user shut down the system? If yes, does it mean that whoami /priv will return SeShutdownPrivilege with Enabled State "after" the user has initialized the shutdown? If no, how can that privilege be enabled for that user?

if they privlidge is listed, then they are allowed to do it. The state is really just "is that privilige currently enabled for the process". generally the privlidge will be enabled for the user as required, programatically. For example. lets say I want to write my own version of shutdown.exe; I would do somethign like this: Call AdjustTokenPrivileges ( http://msdn.microsoft.com/en-us/library/aa375202(v=vs.85).aspx ) and ask for the SeShutdownPrivilege to be enabled If that succeds, call the Shutdown API and ask for the shutdown. From a user perspective its all pretty well automatic. there is no user command "enable the privilige". trying to think of a way to show this easily from the GUI.