Impersonation won't come into play here, since under the hood, Process.Start
is relying on one of two native Win32 calls:
If ProcessStartInfo.UserName is provided:
CreateProcessWithLogonW(startInfo.UserName, startInfo.Domain, ...)
And if not:
CreateProcess(null, cmdLine, null, null, true, ...)
The null
s passed into CreateProcess are what's probably biting you; from MSDN:
The lpSecurityDescriptor member of the structure specifies a security descriptor for the main thread. If lpThreadAttributes is NULL or lpSecurityDescriptor is NULL, the thread gets a default security descriptor. The ACLs in the default security descriptor for a thread come from the process token.
Note it says from process token, not calling thread - the impersonated identity doesn't get a chance to join the party since it's bound to the thread.