Client Access to Network Resources
A server can use the following strategies to access network resources:
- If the server has the account name and password of a client, it can call WNetAddConnection2 with the client's credentials to map a local drive letter to a network share.
- After calling LogonUser with client credentials, the server can call the CreateProcessAsUser function to create a process for the client. This new client process can access network resources using the client's security context. For example, the process can call the CreateFile function to open a file on a remote computer. The system uses the client's primary token to check access attempts by the client process.
- A server can call WNetAddConnection2 with null credentials to establish either a connection to a network resource with server access or a default connection. If the server is running as the LocalSystem account, it authenticates to the network resource under the security context of the domain server. If the server is running under a service account, it authenticates as that account. For more information, see the LocalSystem Account.
Build date: 10/26/2012