Understanding Authorization Manager Applications

Applies To: Windows Server 2008


Authorization Manager is available for use in the following versions of Windows: Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows XP, Windows Vista, Windows 7, and Windows 8. It is deprecated as of Windows Server 2012 R2 and may be removed in subsequent versions.

With Authorization Manager, you can provide authorization services to administrators that you support by creating Authorization Manager applications that access authorization stores.

An application is specific to an authorization store, and it is always located directly under its parent authorization store in Authorization Manager.

An authorization store can contain authorization policy information for many applications in a single policy store. All applications in one authorization store can access all of the groups defined at the store level.

An authorization policy store must contain at least one application. For example, you may create one application to control access to a Web site and another application to control access to functions in a particular line-of-business software program. However, since both of these applications are used in the same company, and may have similar requirements, it may make sense to have both applications in one authorization store.

You can control auditing at the application level. For more information, see "Additional references" in this topic.

Additional references