On Win2003, there is an "Impersonate a client after authentication" setting in Control Panel / Administrative Tools / Local Security Policy / Local Policies / User rights management. This looks like it.