SharePoint 2013: - Failed to launch sandbox process, SE_ASSIGNPRIMARYTOKEN_NAME and SE_INCREASE_QUOTA_NAME privileges are require

Problem

You review a SharePoint Server 2013 ULS log and see the following message in this log:

  - Failed to launch sandbox process, SE_ASSIGNPRIMARYTOKEN_NAME and SE_INCREASE_QUOTA_NAME privileges are require

You see other messages adjacent to this one also involving the sandbox process instantiation attempt.

Solution

1. On the server generating this error, open the Services panel.
2. Scroll down until you find SharePoint User Code Host, and then make a note of the identity used for running this service.  Let's call it spSvc for this posting.
3. Launch the Local Security Policy panel.
4. Open the tree at left to Local Policies > User Rights Assignments.
5. Look for Adjust memory quotas for a process and check whether the security setting for this assignment includes spSvc.
• If it hasn't been added, add it.
• If you can't add it (ie, it's controlled by GPO), add this service account to the local Administrators group or request your systems administrator add it. 
6. Now look for Replace process-level token and check whether the security setting for this assignment includes spSvc:
1. If it hasn't been added, add it.
2. If you can't add it yourself (ie, it's controlled by GPO), request your systems administrator add it.

References

• Enabling and Disabling Privileges in C++

Notes

• SE_ASSIGNPRIMARYTOKEN_NAME: associated with Replace process-level token user rights assignment.
• SE_INCREASE_QUOTA_NAME: associated with Adjust memory quotas for a process user rights assignment.
• Members of the local Administrators group are granted many user rights assignments, including the Adjust memory quotas for a process, but not all.  Review your server's default user rights assignments to determine which are.