|
|
|
If you enable user mode interception, CA Access Control intercepts only the impersonation requests that originate from the Windows RunAs utility. User mode interception is available on all supported Windows versions.
Note: User mode interception is enabled by default when you enable user impersonation protection, that is, when you enable the SURROGATE class.
The advantages of user mode interception include:
In many Windows applications, including the RunAs utility, the NT AUTHORITY\SYSTEM user impersonates the requesting user and makes the impersonation request. User mode interception identifies the user executing the utility, not the NT AUTHORITY\SYSTEM user who makes the request. For example, if Tom executes RunAs to impersonate Administrator, the NT AUTHORITY\SYSTEM user makes the impersonation request and CA Access Control identifies Tom as the requesting user.
This minimizes performance impact.
A disadvantage of user mode interception is that CA Access Control does not intercept every impersonation request from every Windows process.
| Copyright © 2012 CA. All rights reserved. | Tell Technical Publications how we can improve this information |