Creating an Authorization Policy Store in Authorization Manager

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

An authorization store is a database that stores Authorization Manager policy.

Important

You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".

Procedures

To create an authorization policy store in Authorization Manager

  1. Click Start, click Run, type

    Azman.msc

    and then click OK.

  2. In the console tree, right-click Authorization Manager and then click Options.

  3. Confirm that Developer mode is selected, and then click OK.

  4. In the console tree, right-click Authorization Manager and then click New Authorization Store.

  5. Click XML file and, in Store name, type the name of the store, for example, C:\MyStore.xml.

  6. Optionally, in Description, type information about the new store, and then click OK.

  7. In the console tree, right-click the store file you just created and then click New Application.

  8. In New Application, in Name, type the following text exactly as it appears below:

    IIS 6.0 URL Authorization

    If you do not type this text exactly as it appears, IIS URL authorization fails without sending a warning message.

  9. Optionally, in Description, type information about this usage of IIS URL Authorization, and then click OK.

  10. In the console tree, double-click Authorization Manager, double-click the store name, double-click the application name (IIS 6.0 URL Authorization), double-click Definitions, right-click Operation Definitions, and then click New Operation Definition.

  11. In New Operation Definition, in Name, type the following text exactly as it appears below:

    AccessURL

    In Operation number, type the numeral 1, and then click OK. If you do not type this text exactly as it appears, IIS URL authorization fails without sending a warning message.

  • For more information about Authorization Manager, see Help and Support Center in Windows Server 2003.