Client Access to Network Resources

A server can use the following strategies to access network resources:

• If the server has the account name and password of a client, it can call WNetAddConnection2 with the client's credentials to map a local drive letter to a network share. A thread of the service can then impersonate the client to access files on the network share. The impersonation ensures that access to the files is checked against the client's security context.
• The server can call the CreateProcessAsUser function to create a process for the client. This new client process can access network resources using the client's security context. For example, the process can call the CreateFile function to open a file on a remote computer. The system uses the client's primary token to check access attempts by the client process.
• A server can call WNetAddConnection2 with null credentials to establish a null session connection to a network resource. However, this works only for resources that allow null sessions. For more information, see The LocalSystem Account.