What's New in Authorization Manager
Applies To: Windows Server 2008
Important
Authorization Manager is available for use in the following versions of Windows: Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows XP, Windows Vista, Windows 7, and Windows 8. It is deprecated as of Windows Server 2012 R2 and may be removed in subsequent versions.
With this version of Windows, several new features are available in Authorization Manager. These include:
Authorization Manager stores may now be stored in a Microsoft SQL Server database, as well as in Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS) or in an XML file. For more information, see Connect to an SQL-based Authorization Store.
Support for business rule groups, that is, groups whose membership is determined at run-time by a script, is now available. For more information, see Create an Application Group within an Authorization Store.
Support is now available for custom object pickers, so that application administrators can use the Authorization Manager MMC Snap-in for applications that use AD LDS or SQL user accounts. For more information about creating a custom object picker see Custom Object Picker at the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=64027). For more information about using a custom object picker, see Choose Users or Groups with a Custom Object Picker.
Many improvements and changes to Authorization Manager have been made as well. Some of these are:
Improvements to the Authorization Manager Application Programming Interface (API), including optimizations of common functions and the introduction of simpler, faster versions of commonly used methods, such as AccessCheck.
LDAP queries are not limited to only user objects.
Additional events are recorded in the log if auditing is active.
The use of business rules and authorization rules is controlled by a registry setting. In this version of Windows, rules are disabled by default. In earlier versions of Windows rules were enabled by default.