Enabling privileges of machine\ASPNET account

[Konrad]

hello

i'm trying to execute external application which copies .exe file to a new
..exe file with changed PE header, i'm doing this via ASP.NET, authentication
must be anonymous (specific user is set), so when i DuplicateTokenEx and
CreateProcessAsUser ASPNET user is used for this purpose (if i'm wrong pls
let me know)

i granted SeRestorePrivilege and SeTakeOwnership and
SeAssignPrimaryTokenPrivilege (is it of any use ?) to ASPNET account, in
sysinternals process viewer these privileges are disabled, when i
AdjustTokenPrivileges in my code for hToken of ASPNET (not duplicated token)
to enabled them i do still see it in sysinternals ProcessViewer as disabled,
what am i doing wrong ?

when i AdjustTokenPrivileges for hDuplicatedToken (after DuplicateTokenEx)
executed application doesn't do the job (dont even know if it was actually
executed) and GetLastWin32Error is 1307 (This security ID may not be assigned
as the owner of this object. ERROR_INVALID_OWNER) this could be due to these
privileges weren't actually enabled, should sysinternals ProcessViewer show
them as enabled ?

any help appreciated

thanks, Konrad