Re: Basic security question

From: Arnaud Debaene (adebaene_at_club-internet.fr)
Date: 06/18/04

  • Next message: John Banes [MS]: "Re: SSL cache and strong"
    Date: Fri, 18 Jun 2004 19:41:46 +0200
    
    

    Rob Bolton wrote:
    > Hi there. I'm very familiar with the basic Windows security model in
    > general, but can someone set me straight on what account is used to
    > process a (non-COM) call to a remote machine? For instance, if I call
    > any given API function that takes a machine name argument, such as
    > "RegConnectRegistry()" or "OpenSCManager()" among others, what
    > account does this processing actually occur under on that machine?

    It depends of the actual service you request on the remote machine, but most
    often, the remote service that handles your request use impersonation, which
    means it endorses your identity and credentials while working for you. This
    way, all the escurity checks are made against your account.

    See ImpersonnateLoggedOnUser, ImpersonnateNamedPipeClient,
    RPCImpersonnateClient, RevertToSelf and related functions in MSDN for
    details.

    Arnaud
    MVP - VC


  • Next message: John Banes [MS]: "Re: SSL cache and strong"