Determines which parent processes can replace the access token that is associated with a child process.
Specifically, the “Replace a process level token” privilege determines which user accounts can call the CreateProcessAsUser() application programming interface (API) so that one service can start another. An example of a process that uses this user right is Task Scheduler, where the user right is extended to any processes that can be managed by Task Scheduler.
An access token is an object that describes the security context of a process or thread. The information in a token includes the identity and privileges of the user account that is associated with the process or thread. With this user right, every child process that runs on behalf of this user account would have its access token replaced with the process level token.
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment
Replace a process level token
SeAssignPrimaryTokenPrivilege
Privilege Escalation (TA0004), Defense Evasion (TA0005)