The debug privilege can be disabled globally via a GPO, but this restriction can be bypassed.
whoami /priv as local admin and notice that
SeDebugPrivilege is missing.
Export the current security policy to a file.
secedit.exe /export /cfg secpolicy.inf /areas USER_RIGHTS
secpolicy.inf to look like the following:
... [Privilege Rights] SeDebugPrivilege = *S-1-5-32-544 ...
This allows the group of local administrators to use the debug privilege again.
Import the modified policy.
echo J | secedit.exe /configure /db secedit.sdb /cfg secpolicy.inf /overwrite /areas USER_RIGHTS
In order for the changes to take effect you must log out and log in again. The changes will stay in effect until the next GPO update cycle.
Alternatively you can abuse TrustedInstaller. It always has the debug privilege.