What is 'User Impersonation' and 'Act as part of the operating system' ?

'Act as part of the operating system' is a security policy which allows the operating system to 'do actions in the name of that user'. This is often used when you want to do User Impersonation.

User Impersonation allows a user, often an administrator, to access files and operate an application as if they were another user. In case of a printing service like Print&Share CQ this could be sending a print job to a printer as a specific user instead of printing the job as Local System or the user that runs the service.

How to Enabling Run As Service Account to Act as the Operating System on a server or PC:

1. Log in on the server or PC where you want to configure and use this policy.
2. Navigate to Windows Control Panel > System and Security > Administrative Tools and open Local Security Policy.
   This can also be done via WINDOWS KEY + R, type secpol.msc and hit Enter.
3. In the Local Security Policy window, navigate to Security Settings > Local Policies > User Rights Assignment.
4. Righ-click on Act as part of the operating system and select Properties
   (or simple double click the policy to open the properties window).
5. Click Add User or Group... and fill in the user that is running of the application (e.g. Print&Share CQ or File Processor). This could be SYSTEM or a specific domain user: <domain>\<user>.
   (Remember, in Services you can see under which user your application (e.g. Print&Share CQ or File Processor is running).

This can also be configured e.g. via Group Policy Management Editor (gpedit.msc) and navigating to Default Domain Policy > Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment.

See also

• Act as part of the operating system docs.microsoft.com