ASP.NET programs that use Impersonation may not function properly on a Win 2K SP4 Server – Domain Controller

Service Pack 4 (SP4) on a Windows 2000 domain controller does not grant the IWAM account name SeImpersonatePrivilege; programs that use impersonation may not function properly.

Click on the following from Control Panel on the Win 2K SP4 Server – Domain Controller

Administrative Tools -> Domain Controller Security Policy -> Security Settings -> Local Policies -> User Rights Assignment

“Impersonate a Client after Authentication”

Click Add (button) -> Browse (button)
In the Select Users or Groups dialog, select the IWAM account name and click Add.
To apply the policy type the following at a CMD.EXE prompt:
secedit /refreshpolicy machine_policy /enforceIn the CMD.EXE prompt, re-start IIS by typing iisreset


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: