I'm pretty sure that SE_DEBUG_NAME can be enabled "on the fly" if you have a right to it. My SYSUTILS plugin does it in InitializePlugin() (code below). I am an (unelevated) administrator and it apparently succeeds. Even so, I cannot use ISAPP with a system process.
I think Rex means processes 0 and 4. Elevated, you can query any other process.
UAC makes for a sad state of affairs for privileges like SE_DEBUG_NAME and SE_SYSTEMTIME_NAME. While admins have those (and others) privileges, the "token" assigned to an admin logged in under UAC does not have them. Since they're not in the token, they cannot be assigned, even if you ask for them politely.
With SECPOL.MSC (Management Console Security Policy Snap-in) you can enable those privileges for anyone, including ordinary users. Having done so, ordinary users can debug and set the system time with no fuss at all. But admins still can't (without elevation) because of that crippled token given to them by UAC.