To allow a server to impersonate a client, the client calls the DdeSetQualityOfService function. The SECURITY_IMPERSONATION_LEVEL structure is used to control the level of impersonation the server may perform.
A DDE server can impersonate a DDE client by calling the ImpersonateDdeClientWindow function. A DDEML server should use the DdeImpersonateClient function.