Sets the helper token to impersonate the token of the COM client. Because an application sets the token through COM impersonation, the token is not persistent and is valid only for the lifetime of a session. When the BITS service receives a log-off notification, the BITS service discards any helper tokens that are associated with the transfer job.
HRESULT SetHelperToken( );
This method has no parameters.
The following value might be returned:
||COM settings on the client do not allow impersonate-level access to the client token.|
The helper token does not need to represent an administrator.
The impersonation level for the proxy blanket must be set to either RPC_C_IMP_LEVEL_IMPERSONATE or RPC_C_IMP_LEVEL_DELEGATE. For more information, see Security Blanket Negotiation.
The cloaking flag should be set to EOAC_DYNAMIC_CLOAKING, which enables the COM server to use the thread token as the client's identity. For more information, see Cloaking and EOLE_AUTHENTICATION_CAPABILITIES Enumeration.
Older implementations effectively required that BITS users have administrator privileges in order to set helper tokens. Starting with Windows 10, version 1607, non-administrator BITS users can use IBitsTokenOptions::SetHelperToken to set non-administrator helper tokens on BITS jobs they own. This change enables non-administrator BITS users (such as background downloader services running under the NetworkService account) to set helper tokens.
Specifically, the implementation has been changed to allow users without administrator privileges to set helper tokens, as long as the SID of the caller's thread's token is the same as the SID of the job owner's user account during the IBackgroundCopyJob::QueryInterface call, and the helper token being set does not have the administrator SID (DOMAIN_ALIAS_RID_ADMINS) enabled.
|Minimum supported client||Windows 7|
|Minimum supported server||Windows Server 2008 R2|
|Redistributable||Windows Management Framework on Windows Vista with SP1, Windows Vista with SP2, and Windows Server 2008 with SP2|