Create a token object This policy setting allows a process to create an access token, which may provide elevated rights to access sensitive data. When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either local or located in Active Directory, they can be groups, users, or computers.

[default]

(1) GPO: Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesUser Rights Assignment!Create a token object (2) WMI: root sopcomputer#RSOP_UserPrivilegeRight#AccountList#UserRight='SeCreateTokenPrivilege' and precedence=1