| Platform SDK: COM |
There are two ways to set the impersonation level. The client can set it process-wide, through a call to CoInitializeSecurity. Alternatively, a client can set proxy-level security on an interface of a remote object through a call to IClientSecurity::SetBlanket (or the helper function CoSetProxyBlanket). You set the impersonation level by passing an appropriate RPC_C_IMP_LEVEL_xxx value to CoInitializeSecurity or CoSetProxyBlanket through the dwImpLevel parameter.
Different authentication services (such as NTLMSSP or Kerberos) support delegate-level impersonation to different extents. For instance, NTLMSSP on Windows 2000 supports cross-thread and cross-process delegate-level impersonation, but not cross machine. On the other hand, the Kerberos v5 protocol (implemented by Windows 2000) works across machine boundaries. If you have a proxy at impersonate level and you want to set the impersonation level to delegate, you should call IClientSecurity::SetBlanket using the default constants for every parameter except the impersonation level. COM will choose NTLM locally and the Kerberos protocol remotely (when Kerberos will work).