This privilege, held by any process, allows the impersonation (but not creation) of any token, provided that a handle to it can be obtained. Generally, this token/privilege is owned by a Windows service account. You can abuse this privilege to gain NT AUTHORITY/SYSTEM access on Windows using various tools like Rogue-WinRM, RottenPotato, SweetPotato, PrintSpoofer, Juicy Potato, or the newest toolkit, GodPotato.
whoami /user /priv# Example outputUSER INFORMATION----------------User Name SID ==================================nt authority\local service S-1-5-19PRIVILEGES INFORMATION----------------------Privilege Name Description State ==============================================================================SeAssignPrimaryTokenPrivilege Replace a process level token DisabledSeIncreaseQuotaPrivilege Adjust memory quotas for a process DisabledSeMachineAccountPrivilege Add workstations to domain DisabledSeSystemtimePrivilege Change the system time DisabledSeAuditPrivilege Generate security audits DisabledSeChangeNotifyPrivilege Bypass traverse checking Enabled SeImpersonatePrivilege Impersonate a client after authentication Enabled SeCreateGlobalPrivilege Create global objects Enabled SeIncreaseWorkingSetPrivilege Increase a process working set DisabledSeTimeZonePrivilege Change the time zone Disabled
