XDM_CONST.LOGON_IMPERSONATION_LEVEL

Cortex Data Model Schema Guide
Last date published
2024-04-14

Impersonation is the ability of a thread to execute in a security context that is different from the context of the process that owns the thread. When running in the client's security context, the server 'is' the client, to some degree. See https://docs.microsoft.com/en-us/windows/win32/com/impersonation-levels

Original

Mapped

Description

%%1831

XDM_CONST.LOGON_IMPERSONATION_LEVEL_ANONYMOUS

The client is anonymous to the server. The server process can impersonate the client, but the impersonation token does not contain any information about the client. This level is only supported over the local interprocess communication transport. All other transports silently promote this level to identify.

%%1832

XDM_CONST.LOGON_IMPERSONATION_LEVEL_IDENTIFICATION

The system default level. The server can obtain the client's identity, and the server can impersonate the client to do ACL checks.

%%1833

XDM_CONST.LOGON_IMPERSONATION_LEVEL_IMPERSONATION

The server can impersonate the client's security context while acting on behalf of the client. The server can access local resources as the client. If the server is local, it can access network resources as the client. If the server is remote, it can access only resources that are on the same computer as the server.

%%1840

XDM_CONST.LOGON_IMPERSONATION_LEVEL_DELEGATION

The most powerful impersonation level. When this level is selected, the server (whether local or remote) can impersonate the client's security context while acting on behalf of the client. During impersonation, the client's credentials (both local and network) can be passed to any number of computers.