You can define credentials to be used by MPF to elevate privileges for a specific procedure. Credentials consist of an account domain, user name, and password. By default, MPF uses MPFServiceAcct credentials if you do not have impersonation enabled, or the caller's credentials if you do have impersonation enabled. If the default account is not appropriate for all procedures, you can use Provisioning Manager to specify credentials for one or more other accounts that can be used to process specific procedures. After specifying the credentials for an account, you can configure any MPF procedure to execute using those credentials.

When you specify credentials for a procedure, you allow a procedure to impersonate a user and to exercise the privileges associated with a user account. For example, if Active Directory requires Administrator privileges to create an object, you can configure the CreateObject procedure of the Active Directory Provider namespace to execute using Administrator credentials. Requests that require Administrator privileges can then invoke the procedure, but users making the request are not actually granted all other Administrator privileges.

For more information about credentials, see Administering credentials.