SeCreateTokenPrivilege gives service privilege to create a token object.
Allows a process to create an access token by calling NtCreateToken () or other token-creating APIs.
Default setting: Not assigned.
When a process requires this privilege, use the Local System (or System) account, which has the privilege inherently. Do not create a separate user account and assign the privilege to it.