Each object contains a list of processes for which it has been opened. Each time an object is accessed its process list is checked to find out if the object has been opened by the calling process. If not, the client is impersonated and an open access check is made by calling AccessCheckAndAuditAlarm with a “Maximum Allowed” access mask. If this call is successful, an entry is made into the object's process list. Each entry contains the process ID, granted access mask and GenerateOnClose value.