Restricted Mode
Restricted Mode
This content is no longer actively maintained. It is provided as is, for anyone who may still be using these technologies, with no warranties or claims of accuracy with regard to the most recent product version or service release.
Restricted mode has a limited set of permissions and allows access only to the intrinsic WorkflowSession object. Restricted mode is generally used for non-trusted developers. The following table summarizes restricted mode characteristics.
| Feature | Description |
|---|---|
| Script execution only | The workflow conditions and actions must be written in script. You cannot use Component Object Model (COM) objects in this mode. |
| Sandboxed script only | The workflow engine configures the script host to disallow the use of CreateObject. The script can modify the action table row undergoing the workflow using the IWorkflowSession Interface. |
| Script runs as Workflow System Account | The script host executes the script under the same Microsoft® Windows® server operating systems security account as the caller. No impersonation occurs. In the default case for the CDO for Workflow (CDOWF) event sink, this means that the script will run in the Workflow System Account, which typically has full administrative permissions to most Microsoft Exchange Server 2003 resources. |
The following illustration demonstrates how workflow processes run in restricted mode.
.gif "Diagram illustrating how workflow processes run in restricted mode, which does not allow COM objects to be created")
Send us your feedback about the Microsoft Exchange Server 2003 SDK.
Build: June 2007 (2007.618.1)
© 2003-2006 Microsoft Corporation. All rights reserved. Terms of use.