This policy setting allows one process or service to start another service or process with a different security access token, which can be used to modify the security access token of that sub-process and result in the escalation of privileges.
Solution
Make sure 'Replace a process level token' is set to Local Service and Network Service.