What's New in Authorization Manager

Applies To: Windows Server 2008

With this version of Windows, several new features are available in Authorization Manager. These include:

• Authorization Manager stores may now be stored in a Microsoft SQL Server database, as well as in Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS) or in an XML file. For more information, see Connect to an SQL-based Authorization Store.

• Support for business rule groups, that is, groups whose membership is determined at run-time by a script, is now available. For more information, see Create an Application Group within an Authorization Store.

• Support is now available for custom object pickers, so that application administrators can use the Authorization Manager MMC Snap-in for applications that use AD LDS or SQL user accounts. For more information about creating a custom object picker see Custom Object Picker at the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=64027). For more information about using a custom object picker, see Choose Users or Groups with a Custom Object Picker.

Many improvements and changes to Authorization Manager have been made as well. Some of these are:

• Improvements to the Authorization Manager Application Programming Interface (API), including optimizations of common functions and the introduction of simpler, faster versions of commonly used methods, such as AccessCheck.

• LDAP queries are not limited to only user objects.

• Additional events are recorded in the log if auditing is active.

• The use of business rules and authorization rules is controlled by a registry setting. In this version of Windows, rules are disabled by default. In earlier versions of Windows rules were enabled by default.