Impersonation Levels

As they relate to COM+ on Windows 2000.

• Anonymous - Server can not see the client's access token, and is not able to identify or impersonate the client.
  
• Identify - Server can read the client's access token for the purposes of reading its SID and determining its access rights. However, the server can not impersonate.
  
• Impersonate - Server can impersonate the client and access local resources. Not able to access other remote resources using the client's credentials.
  
• Delegate - Includes all of the rights to the token that the Impersonate level grants, plus the ability to pass on the client's token to other remote servers.
  

Posted 8:05 AM    |    0 comments    |    Permalink