privileges that are so powerful that any user that can enable them can effectively take control of the entire computer, even if they are not administrators.

Privileges.md

SeDebugPrivilege - obtain read/write handles to any process, even those owned by other users or SYSTEM.

SeTakeOwnershipPrivilege - take ownership of any securable object including files, handles, and threads.

SeRestorePrivilege - replace any file on the system.

SeLoadDriverPrivilege - load a device driver into the kernel.

SeCreateTokenPrivilege - create arbitrary access tokens to impersonate any user with any privilege and any domain group membership.