Unable to assign SeTcbPrivilege (SE_TCB_NAME)!?!?

From: Colin Reinhardt (colinrei@oz.net)
Date: 06/18/02 

From: "Colin Reinhardt" <colinrei@oz.net>
Date: Tue, 18 Jun 2002 14:28:46 -0700

(on Win2000 Server SP1)
I'm making a call to LogonUser and it fails with error 1314 "A required
privilege is not held by the client"...
this is where the fun begins...

>From some research, it seems the process token making the call to LogonUser
needs to have the right:
"Act as part of the operating system" aka SeTcbPrivilege aka SE_TCB_NAME...

So, I go into Administrative Tools\Local Security Policy\Local Policies\User
Rights Assignment
and here I select the "Act as part of the operating system" policy and I add
my local user account: TestUser, who is a member of the local administrators
account.

When I apply this policy setting, in the right window pane of the Local
Security Settings tool I see three columns listed:
Policy, Local Setting, Effective Setting
and for these columns I see
"Act as part of the operating system", TestServer\TestUser,

in other words, the Effective Setting is none. Why is this??

Now when I log in as TestUser and check the effective token privileges with
GetTokenInformation( )
I see that my process token still does not have the desired privilege
(SeTcbPrivilege)!!!

How can assign this privilege correctly so I can call LogonUser to
impersonate on a thread???
thank you much,

Colin Reinhardt
colinr@transenda.com