MSDN article, Enabling and Disabling Privileges in C++, provided the a code example to show how to enable or disable a privilege in an access token. I quote the part in questioned: tp.PrivilegeCount = 1; tp.Privileges[0].Luid = luid; if (bEnablePrivilege) tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; else tp.Privileges[0].Attributes = 0; What is the meaning of zero value for Attributes member? According to the documentation of TOKEN_PRIVILEGES structure, the attributes of a privilege can be a combination of the following values: SE_PRIVILEGE_ENABLED  (it is 0x00000002L in WinNT.h) SE_PRIVILEGE_ENABLED_BY_DEFAULT  (it is 0x00000001L in WinNT.h) SE_PRIVILEGE_REMOVED  (it is 0x00000004L in WinNT.h) SE_PRIVILEGE_USED_FOR_ACCESS  (it is 0x80000000L in WinNT.h) So, we don't see any valid constant with a value of zero. I guess, the zero is equal to SE_PRIVILEGE_REMOVED. Anybody here could explain what the zero value really does?