If you enable user mode interception, CA ControlMinder intercepts only the impersonation requests that originate from the Windows RunAs utility. User mode interception is available on all supported Windows versions.
Note: User mode interception is enabled by default when you enable user impersonation protection, that is, when you enable the SURROGATE class.
The advantages of user mode interception include:
In many Windows applications, including the RunAs utility, the NT AUTHORITY\SYSTEM user impersonates the requesting user and makes the impersonation request. User mode interception identifies the user executing the utility, not the NT AUTHORITY\SYSTEM user who makes the request. For example, if Tom executes RunAs to impersonate Administrator, the NT AUTHORITY\SYSTEM user makes the impersonation request and CA ControlMinder identifies Tom as the requesting user.
This minimizes performance impact.
A disadvantage of user mode interception is that CA ControlMinder does not intercept every impersonation request from every Windows process.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|