There are two ways to set the impersonation level. The client can set it process-wide, through a call to CoInitializeSecurity. Alternatively, a client can set proxy-level security on an interface of a remote object through a call to IClientSecurity::SetBlanket (or the helper function CoSetProxyBlanket). You set the impersonation level by passing an appropriate RPC_C_IMP_LEVEL_xxx value to the CoInitializeSecuritiy or CoSetProxyBlanket functions through the dwImpLevel parameter.
Different authentication services (such as NTLMSSP, Kerberos, and SSL) support delegate-level impersonation to different extents. For instance, NTLMSSP on Windows NT 5.0 supports cross-thread and cross-process delegate-level impersonation, but not cross machine. On the other hand, Kerberos (on Windows NT 5.0) works across machine boundaries. If you have a proxy at impersonate level and you want to set the impersonation level to delegate, you should call IClientSecurity::SetBlanket using the default constants for every parameter except the impersonation level. COM will choose NTLM locally and Kerberos remotely (when Kerberos will work).