I have a Windows service account. I need to grant it permission to impersonate another account within a group on another trusted domain, without delegation. So effectively, my service account says 'Oh, I'm Barnie@otherdomain.com' now. I know it's possible because it's been set up for another domain – but before I joined, and I don't know how they did it!
I'm a developer, but the directory admin people where I am don't seem to know what to do. Any help would be greatly appreciated!
Best Answer
You're looking for:
"Impersonate a client after authentication" in the Local Security Policy under Local Policies -> User Rights Assignment
You can also use NTRights with "SeImpersonatePrivilege"
ntrights.exe +r SeImpersonatePrivilege -u domain\user