Updated: February 7, 2008
Applies To: Windows Server 2008
Access control is the process of authorizing users, groups, and computers to access objects on the network by using permissions, user rights, and object auditing. The technologies that support access control are described in the following sections.
This overview describes the security model for controlling access to Windows objects, such as files, and for controlling access to administrative functions, such as setting the system time or auditing user actions. It lists resources to descriptive topics, common access control tasks, and code samples.
Authorization Manager is a Microsoft Management Console (MMC) snap-in that can help provide effective control of access to resources with Windows Server 2008. This technology page contains links to information about Authorization Manager.
Security Watch: Tools for Managing ACLs
This July 2007 TechNet Magazine article by Jesper Johansson discusses the access control list (ACL) management tools available in Windows Server 2008, Windows Server 2003, Windows Vista, and Windows XP.
Security: New ACLs Improve Security in Windows Vista
This June 2007 TechNet Magazine article by Jesper Johansson discusses small but important changes to ACLs in Windows Server 2008 and Windows Vista. The article also covers the tighter controls on the Administrator account, trusted installer permissions, and modified users and groups.
Description of the Special Groups feature in Windows Vista and in Windows Server 2008
This article in the Microsoft Knowledge Base explains how an administrator can designate a group as special by adding the group security identifier (SID) to the registry. This enables an event to be logged in Event Viewer each time a member of that group logs on to the network.
Using Scripts to Manage Active Directory Security
This three-part series explains how to use scripts to manage security in Active Directory environments, including how to grant users permission to change or reset someone else's password, how to delegate the ability to read and write predefined user attributes, and how you can give a user the right to manage a single attribute for a user or set of users.