Normally the local administrator group is a part of this group policy, and where the service account is also a part of the local administrator group.
Qlik Sense uses a function in the .NET Framework to setup access control lists (ACL) for the Qlik Sense certificate’s private key (so that it can be read by members of the “Qlik Sense Service Users” group. This function requests “AccessControlSections.All” which includes access to the audit section which in turn requires the 'SeSecurityPrivilege' privilege. However Qlik Sense does not use this function to modify anything besides the ACL, i.e. we do not update any auditing policies. The 'SeSecurityPrivilege' privilege is only required for the user running the bootstrap mode and could even be removed after this step is completed.