Create a token object

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Create a token object


This security setting determines which accounts can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal application programming interface (API) to create an access token.

This user right is used internally by the operating system. Unless it is necessary, do not assign this user right to a user, group, or process other than Local System.


  • Assigning this user right can be a security risk. Do not assign this user right to any user, group, or process that you do not want to take over the system.

Default: Local System.

Configuring this security setting

You can configure this security setting by opening the appropriate policy and expanding the console tree as such: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\

For specific instructions about how to configure security policy settings, see Edit security settings on a Group Policy object.

For more information, see: