• None: No authentication occurs.
• Connect: Authentication occurs only once the connection is made.
• Call (default): The client authenticates at the beginning of every call.
• Packet: The client authenticates and verifies that all call data is received.
• Packet Integrity: The client authenticates and verifies that none of the call data was modified in transit.
• Packet Privacy: The client authenticates and encrypts the packet, including the data and the sender's identity and signature.
• Default: The client authenticates based on the local computer's setting for COM+ authentication.

Clients forward requests to queue managers and provisioning engines. If a queue manager, provisioning engine, or network connection experiences a failure, as indicated by specific error codes, MPF stops sending requests to the component for the amount of time specified in Exclusion Interval. The default interval is 300 seconds.

This option minimizes unnecessary resource consumption of network bandwidth, CPU cycles, and other system resources during a failure. It also enables the provider to generate a more immediate error to alert the caller that the server is not available.

You can also configure an individual request with an connectionExclusionInterval node or set an individual computer's ConnectionExclusionInterval registry value. For more information on these options, see HTTP and SOAP Provider.

• Static: COM+ uses the client identity from the first proxy call for all subsequent calls. If a proxy identity was set during a previous call, this becomes the client identity; otherwise, the client identity is based on the identity associated with the thread token (if any) or process token (if there is no thread token).
• Dynamic: COM+ re-evaluates the client identity after each call to a proxy to determine whether it has changed. If it has, the client is re-authenticated. If a proxy identity was set during a previous call, this becomes the client identity; otherwise, the client identity is based on the one associated with the thread token (if any) or process token (if there is no thread token). For dynamic cloaking, servers see the identity of the client that originated the call, which is generally the desired behavior. However, dynamic cloaking incurs an additional performance cost.
• None (default): The connection has no cloaking capabilities.

• Anonymous: The client is anonymous to the server application. The server can impersonate the client, but the impersonation token does not contain any information about the client.
• Identify: The server can obtain the client's identity and impersonate the client only when checking discretionary access control lists (DACLs). The server cannot access system objects as the client.
• Impersonate (default): The server can impersonate the client while acting on its behalf, but only if the server and the client both reside on the same computer. The impersonation token can only be passed across one computer boundary. The SChannel authentication service only supports this level of impersonation.
• Delegate: The server can impersonate the client regardless of where it resides in the network. If delegation is required, Capabilities must be set to "Dynamic Cloaking." The impersonation token can be passed across any number of computer boundaries.
• Default: This is the default local setting for COM+ impersonation. COM+ chooses the impersonation level using its normal security blanket negotiation algorithm. For more information, see "Security Blanket Negotiation" in MSDN®.