A string, or
A string or
or one of the keywords
A Lisp form.
specify login credentials. In general, these are strings but the symbol
is treated specially to mean the user that is currently interacting with the console of the computer (
is ignored in this case).
, if non-nil, must be a string specifying the domain or server where the account database to find the user is held. It can be "." meaning the local database.
means use the default domain or server, as defined by Windows.
keywords are mapped to the
constants which are documented in the MSDN entry for
. The default value
is treated as an alias for
Impersonation means that, in operations where the user identity makes a difference, the user identity is the impersonated user rather than the user running the process. For example, when opening a file the system uses the credentials of the impersonated user to check the access control list of the file. When creating a file, the impersonated user is also used as the owner and creator of the file.
The process that tries to impersonate must have special privilege to do that. Processes do not normally have these privileges. The processes that do are those that run with system credentials, for example services. Impersonation is used by these processes to perform specific operations with the credentials of some user rather than the system user.
Impersonation can also be used when a service process wants to start a process to interact with the user. In that situation, the new process must run as the user. To do that, you start process inside the scope of
, for example by calling call-system or open-pipe. Normally you will want to run as the user that is currently logged on the console (see the special
LispWorks User Guide and Reference Manual - 21 Dec 2011