All network administrators want to delegate as much of their network management functions as possible safely. It isn't only an issue of spreading out the workload (although that's important). Delegation allows people closer to the work in hand to make the necessary customizations and tweaks to make any project run better. Whenever you can enable your knowledge workers with tools, you have a happier and more productive staff.
The tendency in network operating systems is to move to a role-based assignment of capabilities using users and groups. Windows server technology offers three different tools for this purpose: the ACL Editor, the Delegation of Control Wizard, and the Authorization Manager. Each provides complementary functionalities, but the Authorization Manager (AM) is the newer and more powerful of the three.
To open the Authorization Manager:
- Enter azman.msc in the Run dialog box from the Start menu.
- Or with the Microsoft Management Console open, click on Authorization Manager in the console tree on the left.
You will probably first want to set the mode to either the Developer or Administrator mode in the Options dialog box. Developer mode lets you have unlimited access to work with applications, with no restrictions. Developers can create, install, and manage applications. The Administrator mode (the default) limits access to deployment and maintenance, with control over the AM. As an administrator you have some limitations
Not all applications support the concept of roles, but the important Microsoft enterprise applications do. Applications that maintain an authorization store contain a database that contains the AM policies.
For an introduction to AM, start with Microsoft's TechNet description.
Barrie Sosinsky is president of consulting company Sosinsky and Associates (Medfield MA). He has written extensively on a variety of computer topics. His company specializes in custom software (database and Web related), training and technical documentation.
This was first published in November 2003