This policy setting determines which users can use tools to monitor the performance of non-system processes. Typically, you do not need to configure this user right to use the Microsoft Management Console (MMC) Performance snap-in. However, you do need this user right if System Monitor is configured to collect data using Windows Management Instrumentation (WMI). Restricting the Profile single process user right prevents intruders from gaining additional information that could be used to mount an attack on the system. Countermeasure: Ensure that only the local Administrators group is assigned the Profile single process user right. Potential Impact: If you remove the Profile single process user right from the Power Users group or other accounts, you could limit the abilities of users who are assigned to specific administrative roles in your environment. You should ensure that delegated tasks will not be negatively affected.

[list_of_users_followed_by_comma]

(1) GPO: Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\User Rights Assignment\\Profile single process (2) REG: ### (3) WMI: root\\rsop\\computer#RSOP_UserPrivilegeRight#AccountList#UserRight='SeProfileSingleProcessPrivilege' and precedence=1