Vista Features Demo

FYI, Just posted: the final session on AzMan by Keith Brown that demonstrates some of the new features of AzMan in LHS and Vista.                 Blog Post:                 Channel9 Screencast: -Dave


BizRules opt-in

Heads up to a change on Vista; if you get something like this error: Business rule scripts are disabled for the calling application. (Exception from HRESULT: 0xC0090003) You’re experiencing a new default for AzMan in Vista and beyond. That is, BizRules are opt-in now. Each application can say whether or not it wants to allow…


AzMan Videos

The MS Developer and Platform Evangelism team has produced a series of AzMan developer Web Casts hosted by Keith Brown, check out the first of the four part series:   Watch Donovan’s blog for news on the rest of the series;     Here’s some additional video resources I’ve been remiss in not…


Impersonation Shenanigans?

Ever have different behavior when connecting to an application sever remotely vs. locally? Here’s a common gotcha than can be tough to unwind. This is described here in an AzMan scenario but any app server that makes any network calls can have similar problems with the same root cause. Sometimes developers see that they have…


New AzMan Developer Whitepaper

The AzMan developer whitepaper is now available. This is over 100 pages of AzMan Development info. Here’s the link   Here’s the outline:   Introduction to Developing Authorization Manager Solutions   Executive Summary   Application Authorization Challenges   Windows Authorization ManagerApplication Security Design   Application Authentication Model   Determining an Application Authentication ModelDesigning an Authorization Manager Solution   Identifying Resources and Operations   Determine Scoping Model   Determining Management ModelImplementing an…



A common question among AzMan deployments is how to pick the domain to store the AzMan policy in or whether or not to use ADAM. This comes down to factors that are unique to the network topology and applications but here are some initial suggestions to help decide (note that in Vista you’ll have the…


Query for a User’s Roles

Some folks have asked about doing a query of  a given user’s roles. While this is not yet in the UI it is pretty easy to do via script. Here’s a sample, if you’re integrating AzMan interfaces into your custom UI this logic could be used to implement a user role query across a store….


Using ADAM Principals in Authorization Manager

  My name is Sudheer Mamidipaka. I am working in Windows Security Access Control team. I own testing of AzMan component.   We have lots of customers asking, if it’s possible to use AzMan to authorize ADAM principles. YES YOU CAN. But it just takes a little custom code. Here are some details and some…


Who is AzMan

Welcome to the Authorization Manager Team Blog. If you’re not familiar with Authorization Manager (AzMan) it is the Role-Based Access Control model provided originally in Windows Server 2003. It’s since been made available on XP via the XP Admin pack for Server 03 (this is for administration or dev on XP – see ms download…