Can someone please describe why impersonation requires the impersonator to
be local admin?

Hi Daniel,

I have never heard of this restriction in windows system. AFAIK, you can
impersonate any domain users in your application if you have their
credential. There is a good article from Codeproject demonstrates how to
implement impersonation in the current application. After testing, I can
impersonate any domain accounts in my dev computer even though this account
is not the member of the computer.

So, I think the current issue you caught is that the account which has been
impersonated doesn't have the permission to access some resources or execute
some application. I suggest you check the permission of the account. However,
if my understanding is incorrect. Could you please supply more details about
the current issue. For example, what the exactly error is encountered at the
current stage. This will help me to understand your issue well.

Regards,

Ryan

Show quoteHide quote

Hi Daniel,

Please ignore my previous thread. The user who calls impersonation function
should have both "Impersonate a Client AfterAuthentication" and "Create
Global Objects" user rights. You can check whether the current caller has
these permission in the "Local Security Settings".

Regards,

Ryan

Show quoteHide quote

Are Win32 functions be rewritten for .NET or simply wrapped?
System.IO.StreamWriter uses two bytes for ASCII characters with UT
how can I < or > with two objects of any type passed as object?
How to boost network utilization with Socket/TcpClient (.NET 1.1)
Document Managment