New AzMan Developer Whitepaper

The AzMan developer whitepaper is now available. This is over 100 pages of AzMan Development info. Here’s the link   Here’s the outline:   Introduction to Developing Authorization Manager Solutions   Executive Summary   Application Authorization Challenges   Windows Authorization ManagerApplication Security Design   Application Authentication Model   Determining an Application Authentication ModelDesigning an Authorization Manager Solution   Identifying Resources and Operations   Determine Scoping Model   Determining Management ModelImplementing an…



A common question among AzMan deployments is how to pick the domain to store the AzMan policy in or whether or not to use ADAM. This comes down to factors that are unique to the network topology and applications but here are some initial suggestions to help decide (note that in Vista you’ll have the…


Query for a User’s Roles

Some folks have asked about doing a query of  a given user’s roles. While this is not yet in the UI it is pretty easy to do via script. Here’s a sample, if you’re integrating AzMan interfaces into your custom UI this logic could be used to implement a user role query across a store….


Using ADAM Principals in Authorization Manager

  My name is Sudheer Mamidipaka. I am working in Windows Security Access Control team. I own testing of AzMan component.   We have lots of customers asking, if it’s possible to use AzMan to authorize ADAM principles. YES YOU CAN. But it just takes a little custom code. Here are some details and some…


Who is AzMan

Welcome to the Authorization Manager Team Blog. If you’re not familiar with Authorization Manager (AzMan) it is the Role-Based Access Control model provided originally in Windows Server 2003. It’s since been made available on XP via the XP Admin pack for Server 03 (this is for administration or dev on XP – see ms download…