Activation security (also called launch security) helps control who can launch a server. Activation security is automatically applied by the service control manager (SCM) of a particular computer. Upon receipt of a request from a client to activate an object (as described in Instance Creation Helper Functions), the SCM checks the request against activation-security information stored within its registry. (Activation security is also checked for same-computer activations.)
When determining the identity of the client, activation examines the cloaking flag set in the client's call to CoInitializeSecurity. If the cloaking flag is set (for either dynamic or static cloaking), the thread token is used, if present, to determine the identity of the client. If no cloaking is set, the process token is used instead of the thread token.