This policy setting allows a process to assume the identity of any user and thus gain access to the resources that the user is authorized to access. When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either local or located in Active Directory, they can be groups, users, or computers. This policy setting allows a process to assume the identity of any user and thus gain access to the resources that the user is authorized to access. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment!Least Privilege or User Rights Assignment (2) WMI: root\rsop\computer#RSOP_UserPrivilegeRight#AccountList#UserRight=SeTcbPrivilege and precedence=1