FYI, Just posted: the final session on AzMan by Keith Brown that demonstrates some of the new features of AzMan in LHS and Vista.                 Blog Post: http://blogs.msdn.com/donovanf/                 Channel9 Screencast: https://channel9.msdn.com/Showpost.aspx?postid=298350 -Dave

Heads up to a change on Vista; if you get something like this error: Business rule scripts are disabled for the calling application. (Exception from HRESULT: 0xC0090003) You’re experiencing a new default for AzMan in Vista and beyond. That is, BizRules are opt-in now. Each application can say whether or not it wants to allow…

The MS Developer and Platform Evangelism team has produced a series of AzMan developer Web Casts hosted by Keith Brown, check out the first of the four part series: https://channel9.msdn.com/Showpost.aspx?postid=289062   Watch Donovan’s blog for news on the rest of the series; http://blogs.msdn.com/donovanf/     Here’s some additional video resources I’ve been remiss in not…

Ever have different behavior when connecting to an application sever remotely vs. locally? Here’s a common gotcha than can be tough to unwind. This is described here in an AzMan scenario but any app server that makes any network calls can have similar problems with the same root cause. Sometimes developers see that they have…

The AzMan developer whitepaper is now available. This is over 100 pages of AzMan Development info. Here’s the link   Here’s the outline:   Introduction to Developing Authorization Manager Solutions   Executive Summary   Application Authorization Challenges   Windows Authorization ManagerApplication Security Design   Application Authentication Model   Determining an Application Authentication ModelDesigning an Authorization Manager Solution   Identifying Resources and Operations   Determine Scoping Model   Determining Management ModelImplementing an…

A common question among AzMan deployments is how to pick the domain to store the AzMan policy in or whether or not to use ADAM. This comes down to factors that are unique to the network topology and applications but here are some initial suggestions to help decide (note that in Vista you’ll have the…

Cbekarthik’s question is so common that it deserves its own post.   One quirk of the AzMan dev experience is the fact that the UI exposes a role definition object and the API does not. As a result it’s a common surprise for developers who create a role definition in the UI and then see…

Some folks have asked about doing a query of  a given user’s roles. While this is not yet in the UI it is pretty easy to do via script. Here’s a sample, if you’re integrating AzMan interfaces into your custom UI this logic could be used to implement a user role query across a store….

  My name is Sudheer Mamidipaka. I am working in Windows Security Access Control team. I own testing of AzMan component.   We have lots of customers asking, if it’s possible to use AzMan to authorize ADAM principles. YES YOU CAN. But it just takes a little custom code. Here are some details and some…

Welcome to the Authorization Manager Team Blog. If you’re not familiar with Authorization Manager (AzMan) it is the Role-Based Access Control model provided originally in Windows Server 2003. It’s since been made available on XP via the XP Admin pack for Server 03 (this is for administration or dev on XP – see ms download…