To set the owner SID in a security descriptor to a SID that is not in your own token you need to
- Run as Administrator
- Enable the SE_RESTORE_NAME privilege in your token
From Privilege Constants documentation for SE_RESTORE_NAME - - "This privilege causes the system to grant all write access control to any file, regardless of the ACL specified for the file. Any access request other than write is still evaluated with the ACL. Additionally, this privilege enables you to set any valid user or group SID as the owner of a file."