When the Intrust agent attempts to register against the Intrust servereither automatically or manually, the process fails with the error in the Intrust event log or in the registration dialogue, respectively:
Either a required impersonation level was not provided, or the provided impersonation level is invalid.
TheDomain Group Policy setting Impersonate a Client after authentication(under Computer Policy\Windows Settings\Security Settings\Local Policies\User Rights Assignments) mayhave been set up not to include InTrust service accountand (or) account Service.
Add InTrust service account as well asaccount with name Service to the Domain Group Policy settingsImpersonate a Client after authentication (found under Computer Policy\Windows Settings\Security Settings\Local Policies\User Rights Assignments)
The Impersonate a client after authentication is a new Security Policy inWindows 2000 SP4 and above. If not granted, it doesnt allow programs a user runsto impersonate themselves, as administrators for example.