Check for SeImpersonatePrivilege or SeAssignPrimaryTokenPrivilege if enabled through whoami /priv or whoami /all
Requirement
Exploit
Reference