| Server IP : 180.180.241.3 / Your IP : 216.73.216.252 Web Server : Microsoft-IIS/7.5 System : Windows NT NETWORK-NHRC 6.1 build 7601 (Windows Server 2008 R2 Standard Edition Service Pack 1) i586 User : IUSR ( 0) PHP Version : 5.3.28 Disable Function : NONE MySQL : ON | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : /Windows/Help/Windows/en-US/ |
Upload File : |
MZ����������������������������������������������������������@���PE��L��������������!
��������������������������@�����������������������0����� ��@����������������������������������������������������������������������������������������������������������������������������������������������������.rsrc��������������������������@��@.its�������� ��������������������@��@��������������������������������������������������������������������������������������������������������������������������������������������������������������0����������������� ��H���X��|����������|4���V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�������������������������������������������������������S�t�r�i�n�g�F�i�l�e�I�n�f�o������0�4�0�9�0�4�b�0���b�!��F�i�l�e�V�e�r�s�i�o�n�����1�.�0�0�.�0�0� � � � � � � � � � � � � � � � � � � � � � � � � �����l�"��F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�����C�o�m�p�i�l�e�d� �M�i�c�r�o�s�o�f�t� �H�e�l�p� �2�.�0� �T�i�t�l�e���B���F�i�l�e�S�t�a�m�p�����7�1�E�7�9�6�C�4�0�1�C�A�0�4�1�F���4�����J���C�o�m�p�i�l�e�r�V�e�r�s�i�o�n�����2�.�5�.�7�1�2�1�0�.�0���8�5�7�9�����V���C�o�m�p�i�l�e�D�a�t�e�����2�0�0�9�-�0�7�-�1�4�T�0�1�:�0�7�:�2�3��� � � � � � �����>���T�o�p�i�c�C�o�u�n�t���1�4�2���0�0�0�0�0�0�0�0�0�0�0�0������A��L�e�g�a�l�C�o�p�y�r�i�g�h�t���� �2�0�0�5� �M�i�c�r�o�s�o�f�t� �C�o�r�p�o�r�a�t�i�o�n�.� �A�l�l� �r�i�g�h�t�s� �r�e�s�e�r�v�e�d�.���C�C�C�C�C�C�C�C�C�C�C�C�C�����D����V�a�r�F�i�l�e�I�n�f�o�����$����T�r�a�n�s�l�a�t�i�o�n����� ��������������������������������������������ti����Ėq����ITOLITLS���(���������X쌡^�
V`������������������� ������������ ������x��������������������������������������������������������� ��������������������q�������������������������������������������������������������������������CAOL���P���HH��C��� �����������������������ITSF��� ������#������q ��������n�������������-Y쌡^�
VY쌡^�
VIFCM����������������AOLL��������������������������q�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������IFCM���� ������������AOLL
�������������������������/���/$FXFtiAttribute/���/$FXFtiAttribute/BTREEp/$FXFtiAttribute/DATA��/$FXFtiAttribute/PROPERTYN
/$FXFtiMain/���/$FXFtiMain/BTREE/$FXFtiMain/DATA /$FXFtiMain/PROPERTY"N/$Index/$ATTRNAME\/$Index/$PROPBAG</$Index/$STRINGSF/$Index/$SYSTEMzB
/$Index/$TOC/���/$Index/$TOC/$authm�|/$Index/$TOPICATTRV0/$Index/$TOPICS
p/$Index/$URLSTRZ@/$Index/$URLTBLp/$Index/$VTAIDXbT/$Index/AssetId/���/$Index/AssetId/$BL06�
/$Index/AssetId/$LEAF_COUNTS6/$Index/AssetId/$LEAVESF� /$OBJINST|
/assets/���0/assets/0516b760-e489-4048-a7ee-7219cc2d47ff.xml�tA0/assets/0dda9d4b-2711-4a45-b98b-3b18b5e5e163.xml�5<0/assets/0e8e5a95-1cdc-4876-b49c-f04a68f73128.xml�qw0/assets/11df9361-ad81-4d8b-90c2-19e599f621f0.xml�hm0/assets/11edca2e-bedf-4fc4-bf8b-3083efbbb5e3.xml�U0/assets/140e185a-d024-41da-a651-b681e8e6f6e2.xml�dh0/assets/1614b1cb-5f53-4175-a965-df24cf1982de.xml�Lk0/assets/1f8f1a16-af60-4e44-8836-a6373b48fa67.xml�7Y0/assets/1faebced-b2b3-4772-a8df-2d2f7b5e177b.xml�D0/assets/1fd01896-c118-4c0e-949b-aad87ea063e5.xml�T|0/assets/2193b1ca-331a-40fb-affe-9cf9abc2a6ae.xml�P 0/assets/28ecac39-9498-46d1-9670-8c166af88156.xml�p&0/assets/2fc7ad83-7967-44be-88ef-c2c517952043.xml�V0/assets/301eb3de-1084-49a3-9708-af750590b14a.xml�l0/assets/313c6deb-14c7-45d6-a90c-7a7bd5b32d43.xml�=0/assets/316142b3-d6d7-40ec-beb1-b2fd8f2e2521.xml�D0/assets/369a7869-3aed-43c2-ad99-8d6b9a40345c.xml�^0/assets/3d6661e4-d84b-4c9a-b09e-a04da656b0a9.xml�n
0/assets/41a112a6-1b0c-4994-a2b5-5fe1ccb81adb.xml�yJ0/assets/427ffef5-e054-44ce-949a-09be24b01728.xml�C0/assets/4996409a-af9f-4dc8-8bc0-e1aba2c98aea.xml�X0/assets/4a076990-699c-4c45-92b5-4e5eb50208d7.xml�[n0/assets/4c026431-c042-4ccc-9761-a32f465ae684.xml�I00/assets/5187d0f6-0e81-4128-a1a7-509444c77890.xml�y0/assets/57075178-e06b-44b9-a0cd-588c244fe704.xml�
)0/assets/5a9cbc58-21a6-4946-a0a1-373d5edc264a.xml�30/assets/5b03edb4-1a0e-4d2f-9b33-bf56e6c91369.xml�7-0/assets/5b73725f-7090-4f89-a50e-f5d4f1cabefb.xml�dM0/assets/6083e41e-0a7d-47ba-9a87-59c79990f745.xml�140/assets/63c53320-fbcd-42b3-ae6d-0a89d8228c62.xml�ea0/assets/6519a260-0c63-4172-a1a5-d576581eb07e.xml�F+0/assets/6568d6dc-df83-4716-b990-4aba2212e99a.xml�q00/assets/67e26497-3093-4aba-b524-3be32eea5612.xml�!n0/assets/684cf18f-a298-4fce-b942-2053616818e7.xml�0/assets/6857c310-c2fb-4f9d-9a4c-639f38ffab73.xml� t0/assets/6d2736d9-d803-423c-b376-29c04929d3ee.xml�%0/assets/7b83af3f-b3c8-481d-8558-e32a7447a367.xml�9j0/assets/7c373b4c-7124-420b-82b2-d62528ceec58.xml�#v0/assets/7ed13aea-4580-4ecd-93ef-9b09b504b87a.xml��0/assets/811e933b-a029-421e-9b55-81f2586fe2b2.xml�80/assets/87853750-cef8-4b95-ba9b-c865b9a792ae.xml�Q;0/assets/88a3d65b-8209-447c-8307-454c220accd8.xml�
0/assets/8bca0570-5905-483b-9e55-48e210089787.xml�!10/assets/8cf72d7f-b0ae-482f-b26c-9540c63cc8ec.xml�R0/assets/8eadb7c7-a89b-4aab-a565-5b21ad5b63cb.xml�j0/assets/93a693c7-e3de-4cf7-95e6-fb6491fc4f31.xml�m
0/assets/9bd3ff29-71de-466c-a0b9-30b225c1358e.xml�
0/assets/a1c72a61-31f7-4d5e-b8f5-0f6fb9c0bc90.xml��/assets/a1f5e7f1-97e2-4a67-a83f-7d869ef4aff4.xml�I#0/assets/a364ca04-413a-4681-971a-7b727c7e4fa4.xml�l?0/assets/a554bec2-7ce7-45fb-a84c-063133141635.xml�+0/assets/b03487c7-3ec6-46b6-9878-8a62bafbabfc.xml�B^0/assets/b083dda8-8bc3-4dff-b7e3-b9e41e9cd369.xml� 0/assets/b08e119e-2d1b-482d-8fdd-88d120a0ad3a.xml�!
0/assets/b42ada63-88c6-4924-aa45-c8abef160975.xml�.0/assets/b60f5e4e-2d89-410f-8564-489774028610.xml�2d0/assets/b89a3969-418e-4224-972d-d40bf5b3f7ed.xml�0/assets/c0568214-22d8-4d08-830b-2379d84c91da.xml�
0/assets/c4a6cb43-f98e-41c8-875d-c53d7b3b690a.xml�!#0/assets/c7365dce-f571-49d7-9524-2a9edf0451bf.xml�D0/assets/cda23592-f7c5-47d8-a6cc-e84d4210d431.xml�Y~0/assets/cf8cc355-d055-4536-92f6-22813ef42b3c.xml�WG0/assets/d1397e5e-8bdd-415d-b67d-bbb19aeeeee2.xml�
&0/assets/d528fb6e-616f-4c1d-bb4c-84b6a504c0c2.xml�DJ0/assets/d7145ff2-d560-498d-89e0-a10359799da5.xml�0/assets/df0924f5-2c0f-4e6e-b94c-a00a63c88160.xml�")0/assets/e0b4ddb8-6422-471c-8c5b-12e6fea7cb35.xml�Km0/assets/eb35e1cb-4840-40e2-b2e5-0e49562024b3.xml�8\0/assets/f27a7262-e5ff-4064-96ec-0fc0fe93c4c0.xml�0/assets/f431afc5-b4bd-4cab-b5f5-b84f3955e401.xml��0/assets/f7a6a421-89d5-4c3f-b5bd-6c4c0f4f41ac.xml�
/authm.h1c�.o
/authm.H1F�
/authm.H1T�f#
/authm.H1V�&@/authm_AssetId.H1K� k/authm_BestBet.H1K�tk/authm_LinkTerm.H1K�_l/authm_SubjectTerm.H1K�Ko::DataSpace/NameList��<(::DataSpace/Storage/MSCompressed/Content�:t,::DataSpace/Storage/MSCompressed/ControlData�T )::DataSpace/Storage/MSCompressed/SpanInfo�L/::DataSpace/Storage/MSCompressed/Transform/List�<_::DataSpace/Storage/MSCompressed/Transform/{8CEC5846-07A1-11D9-B15E-000D56BFE6EE}/InstanceData/���i::DataSpace/Storage/MSCompressed/Transform/{8CEC5846-07A1-11D9-B15E-000D56BFE6EE}/InstanceData/ResetTable�.h3::Transform/{8CEC5846-07A1-11D9-B15E-000D56BFE6EE}/��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
4
p]J7&CQ�q�q�
��
�U�n�c�o�m�p�r�e�s�s�e�d���
�M�S�C�o�m�p�r�e�s�s�e�d���FX쌡^�
V��������LZXC����������������HH��<maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title><Group Name> Property Sheet: Query Tab</maml:title><maml:introduction>
<maml:para>You can use this property tab to define the Lightweight Directory Access Protocol (LDAP) query used by an LDAP group in Authorization Manager.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>The <maml:ui>Query</maml:ui> tab only appears for LDAP groups.</maml:para>
</maml:alertSet>
<maml:para>The following table describes the UI elements for this property sheet.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>LDAP query that defines the members of this group</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Lists the LDAP query or queries that define the members of this application group.</maml:para>
<maml:para>You can type or paste an LDAP query into this box.</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Application Groups</maml:linkText><maml:uri href="mshelp://windows/?id=7c373b4c-7124-420b-82b2-d62528ceec58"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Add Groups Dialog Box</maml:title><maml:introduction>
<maml:para>The following table describes the UI elements for this dialog box.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Select the groups to add</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Lists the available groups that you can add. </maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>A group cannot be added to itself, either directly or indirectly. If you try to add a group to itself, you will receive an error message. </maml:para>
</maml:alertSet>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Role, Task, and Operation Definitions</maml:linkText><maml:uri href="mshelp://windows/?id=2fc7ad83-7967-44be-88ef-c2c517952043"></maml:uri></maml:navigationLink></maml:para></maml:listItem><maml:listItem><maml:para><maml:navigationLink><maml:linkText>User Interface: Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=d528fb6e-616f-4c1d-bb4c-84b6a504c0c2"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Connect to an SQL-based Authorization Store</maml:title><maml:introduction>
<maml:para>You can use a Microsoft SQL Server database as the repository for your authorization store. In order to connect to a SQL Server store, use the following procedure.</maml:para>
<maml:para>You must be a member of the Authorization Manager <maml:phrase>Administrator </maml:phrase>role to complete this procedure. By default, <maml:phrase>Administrators</maml:phrase> is the Windows group membership required to do so. Review the details in "Additional considerations" in this topic.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Connecting to an SQL-based authorization store</maml:title><maml:introduction>
<maml:para>When creating or opening an authorization store, type a URL beginning with the protocol prefix MSSQL://. </maml:para>
<maml:para>The syntax for the URL is:</maml:para>
<maml:para>mssql://<maml:replaceable><connection string>/<database name>/<policy store name></maml:replaceable></maml:para>
<maml:para>where:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:replaceable><connection string></maml:replaceable> is any valid SQL Server connection string, </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:replaceable><database name></maml:replaceable> is the name of the database where the store will be saved, and </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:replaceable><policy store name></maml:replaceable> is the name of the particular store.</maml:para>
</maml:listItem>
</maml:list>
<maml:para><maml:phrase>Examples</maml:phrase></maml:para>
<maml:para>mssql://<maml:replaceable>dsn=MyTestDataSource;/AzManDB/MyTestStore</maml:replaceable></maml:para>
<maml:para>mssql://<maml:replaceable>Driver={SQL Server};Server={server1-test};/AzManDB/MyTestStore</maml:replaceable></maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>Connections to a SQL store are not encrypted unless you explicitly set up SQL encryption for the connection or set up encryption of the network traffic that uses Internet Protocol security (IPsec). For information about configuring SQL encryption or configuring IPsec, see <maml:navigationLink><maml:linkText>SQL Server product documentation</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=131607"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=131607).</maml:para>
</maml:alertSet>
<maml:para><maml:phrase>Additional considerations</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>If the instance of SQL Server doesn't have the named Authorization Manager database, Authorization Manager will create a new database of this name. Otherwise, the new store will be created within the same named database.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>The database administrator responsible for the computer running SQL Server must configure security on the computer to allow the Authorization Manager database to be created and maintained.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>If you are not familiar with connection string syntax, see the documentation provided with Microsoft SQL Server 2008 or Microsoft SQL Server 2005, or visit the Microsoft Web site and see <maml:navigationLink><maml:linkText>Connection String Syntax</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=69663"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=69663).</maml:para>
</maml:listItem>
</maml:list>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Stores</maml:linkText><maml:uri href="mshelp://windows/?id=57075178-e06b-44b9-a0cd-588c244fe704"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>What's New in Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=1f8f1a16-af60-4e44-8836-a6373b48fa67"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title><Store Name> Property Sheet: General Tab</maml:title><maml:introduction>
<maml:para>The following table describes the UI elements for this dialog box.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Name</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Shows the name and location of the authorization store.</maml:para>
<maml:para>If the store is an XML file, the full path is displayed. If the store is in Active Directory Domain Services (AD DS), the Lightweight Directory Access Protocol (LDAP) distinguished name of the store is displayed. If the store is a Microsoft SQL Server store, the path to the store is displayed as a URL beginning with MSSQL://.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides a space for you to type a description of the authorization store.</maml:para>
<maml:para>The description does not affect the functionality of Authorization Manager. Choose a description that is meaningful to you.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Store Type</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Shows the store type. </maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>XML stores are file-based and do not support delegation. </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>AD DS stores keep their data in AD DS and are specified with an LDAP distinguished name or a URL beginning with MSLDAP://.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>SQL-based stores keep their data in a Microsoft SQL Server database and are specified with a URL beginning with MSSQL://</maml:para>
</maml:listItem>
</maml:list>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Store schema version</maml:para>
<maml:para></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Shows the schema version of the store. Version 2.0 was introduced in Windows Server 2008. </maml:para>
<maml:para>Applications written for version 1.0 cannot use authorization stores with schema version 2.0. </maml:para>
<maml:para>Applications written for version 2.0 can use older schemas as well.</maml:para>
<maml:para>If the store is a version 1.0 store, you can upgrade the schema from version 1.0 to version 2.0.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Upgrade Schema Version</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Allows you to upgrade the schema of the store to version 2.0. </maml:para>
<maml:alertSet class="caution"><maml:title>Caution </maml:title>
<maml:para>A schema upgrade cannot be reversed.</maml:para>
</maml:alertSet>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>This button does not appear if the store is already a schema version 2.0 store.</maml:para>
</maml:alertSet>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Stores</maml:linkText><maml:uri href="mshelp://windows/?id=57075178-e06b-44b9-a0cd-588c244fe704"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>What's New in Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=1f8f1a16-af60-4e44-8836-a6373b48fa67"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Change the Properties of an Authorization Store</maml:linkText><maml:uri href="mshelp://windows/?id=b03487c7-3ec6-46b6-9878-8a62bafbabfc"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understanding Authorization Manager Applications</maml:title><maml:introduction>
<maml:para>With Authorization Manager, you can manage application tasks and data access by creating Authorization Manager applications that access authorization stores.</maml:para>
<maml:para>An application is specific to an authorization store, and it is always located directly under its parent authorization store in Authorization Manager.</maml:para>
<maml:para>A single authorization store can contain authorization policy information for many applications. All applications in one authorization store can access all of the groups defined at the store level.</maml:para>
<maml:para>An authorization policy store must contain at least one application. For example, you may create one application to control access to a Web site and another application to control access to functions in a particular line-of-business software program. However, because both of these applications are used in the same company and may have similar requirements, it may make sense to include both applications in one authorization store.</maml:para>
<maml:para>You can control auditing at the application level. For more information, see "Additional references" in this topic.</maml:para>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Stores</maml:linkText><maml:uri href="mshelp://windows/?id=57075178-e06b-44b9-a0cd-588c244fe704"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Create an Authorization Manager Application</maml:linkText><maml:uri href="mshelp://windows/?id=a1c72a61-31f7-4d5e-b8f5-0f6fb9c0bc90"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Auditing</maml:linkText><maml:uri href="mshelp://windows/?id=6857c310-c2fb-4f9d-9a4c-639f38ffab73"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title><Store Name> Property Sheet: Security Tab</maml:title><maml:introduction>
<maml:para>The following table describes the UI elements for this dialog box.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item </maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Authorization Manager user role</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Click the arrow to choose either <maml:ui>Administrator</maml:ui> or <maml:ui>Reader</maml:ui>. The property sheet will then show the users and groups assigned as either Administrator or Reader for this store.</maml:para>
<maml:para>Readers can read the store and its attributes, and can perform access checks by using the data in the authorization store. </maml:para>
<maml:para>Administrators can do everything Readers can do, and they can also change the authorization store contents and content attributes. </maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Users and groups that are assigned to this role</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Lists the users and groups that are assigned to this role. </maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Add</maml:para>
<maml:para></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Click to add users or groups. </maml:para>
<maml:para>You can select security principals (users, security groups, and computers) from the local computer, the Active Directory forest, or other trusted domains.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Remove</maml:para>
<maml:para></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Click to remove the selected user or group. </maml:para>
<maml:para>To make the <maml:ui>Remove</maml:ui> button available, click an item in the list. </maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Role, Task, and Operation Definitions</maml:linkText><maml:uri href="mshelp://windows/?id=2fc7ad83-7967-44be-88ef-c2c517952043"></maml:uri></maml:navigationLink></maml:para></maml:listItem><maml:listItem><maml:para><maml:navigationLink><maml:linkText>User Interface: Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=d528fb6e-616f-4c1d-bb4c-84b6a504c0c2"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Add Definition Dialog Box: Tasks Tab</maml:title><maml:introduction>
<maml:para>A role can include tasks. A task can include other tasks. This tab shows the tasks defined in the application store.</maml:para>
<maml:para>The following table describes the UI elements for this dialog box.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Select the task definitions to add</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Lists the tasks defined in the authorization store. </maml:para>
<maml:para>To include a defined task, select the check box beside an existing task definition.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>A task cannot be added to itself, either directly or indirectly. If you try to add a task to itself, you will receive an error message</maml:para>
</maml:alertSet>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Role, Task, and Operation Definitions</maml:linkText><maml:uri href="mshelp://windows/?id=2fc7ad83-7967-44be-88ef-c2c517952043"></maml:uri></maml:navigationLink> </maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>What's New in Authorization Manager</maml:title><maml:introduction>
<maml:para>In Windows Server 2008, several new features were introduced in Authorization Manager. These include:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Authorization Manager stores can be stored in Microsoft SQL Server databases, Active Directory Domain Services (AD DS), Active Directory Lightweight Directory Services (AD LDS), or XML files. For more information, see <maml:navigationLink><maml:linkText>Connect to an SQL-based Authorization Store</maml:linkText><maml:uri href="mshelp://windows/?id=0e8e5a95-1cdc-4876-b49c-f04a68f73128"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Support for business rule groups (groups whose membership is determined at run time by a script) is available. For more information, see <maml:navigationLink><maml:linkText>Create an Application Group within an Authorization Store</maml:linkText><maml:uri href="mshelp://windows/?id=4a076990-699c-4c45-92b5-4e5eb50208d7"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Support is available for custom object pickers, so that application administrators can use Authorization Manager for applications that use AD LDS or SQL user accounts. For more information about using a custom object picker, see <maml:navigationLink><maml:linkText>Choose Users or Groups with a Custom Object Picker</maml:linkText><maml:uri href="mshelp://windows/?id=6d2736d9-d803-423c-b376-29c04929d3ee"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem>
</maml:list>
<maml:para>Many additional improvements and changes were made to Authorization Manager. Some of these are:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Improvements were made to the Authorization Manager application programming interface (API), including optimization of common functions and the introduction of simpler, faster versions of commonly used methods, such as AccessCheck.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>LDAP queries are not limited to only user objects.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Additional events are recorded in the log if auditing is active.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>The use of business rules and authorization rules is controlled by a registry setting. In Windows Server 2008 R2 and Windows Server 2008, rules are disabled by default. In earlier versions of Windows, rules were enabled by default.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Managing Groups, Roles, and Tasks</maml:title><maml:introduction>
<maml:para>In order to effectively use Authorization Manager for role-based access control, you must be familiar with groups, roles, tasks, and operations. </maml:para>
<maml:para>This section includes:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Assign a Windows User or Group to a Role</maml:linkText><maml:uri href="mshelp://windows/?id=a554bec2-7ce7-45fb-a84c-063133141635"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Assign an Application Group to a Role</maml:linkText><maml:uri href="mshelp://windows/?id=d1397e5e-8bdd-415d-b67d-bbb19aeeeee2"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Choose Users or Groups with a Custom Object Picker</maml:linkText><maml:uri href="mshelp://windows/?id=6d2736d9-d803-423c-b376-29c04929d3ee"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Define an Operation in Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=f7a6a421-89d5-4c3f-b5bd-6c4c0f4f41ac"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Application Groups</maml:linkText><maml:uri href="mshelp://windows/?id=7c373b4c-7124-420b-82b2-d62528ceec58"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Role, Task, and Operation Definitions</maml:linkText><maml:uri href="mshelp://windows/?id=2fc7ad83-7967-44be-88ef-c2c517952043"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Role Assignments</maml:linkText><maml:uri href="mshelp://windows/?id=41a112a6-1b0c-4994-a2b5-5fe1ccb81adb"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Resources for Authorization Manager</maml:title><maml:introduction>
<maml:para>Authorization Manager deployments can be simple or complex. In most cases, Authorization Manager is used in conjunction with custom code written specifically for your purposes.</maml:para>
<maml:para>In creating your solution, you may want to refer to some of the following resources:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Role-Based Access Control for Multi-tier Applications Using Authorization Manager</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=64287"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=64287)</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Authorization Manager Model</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?linkid=64027"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=64027)</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Using Dynamic Business Rules in Windows Server 2003 Authorization Manager</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=65965"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=65965)</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Dynamic Groups in Windows Server 2003 Authorization Manager</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?linkid=16262"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=16262)</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Use Role-Based Security in Your Middle Tier .NET Apps with Authorization Manager</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=65966"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=65966)</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Controlling Authorization by Using Authorization Rules and Business Rules</maml:title><maml:introduction>
<maml:para>Authorization Manager allows you to use authorization rules as part of your role-based authorization control strategy.</maml:para>
<maml:para>This section includes the following topics:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Add an Authorization Rule to a Task Definition</maml:linkText><maml:uri href="mshelp://windows/?id=c0568214-22d8-4d08-830b-2379d84c91da"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Add an Authorization Rule to a Role Definition</maml:linkText><maml:uri href="mshelp://windows/?id=8eadb7c7-a89b-4aab-a565-5b21ad5b63cb"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Rules and Business Rules</maml:linkText><maml:uri href="mshelp://windows/?id=cda23592-f7c5-47d8-a6cc-e84d4210d431"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Open Authorization Store Dialog Box</maml:title><maml:introduction>
<maml:para>The following table describes the UI elements for this dialog box.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Select the authorization store type</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the format of the authorization policy store to be opened. </maml:para>
<maml:para>Authorization Manager supports the use of authorization policy stores based on Active Directory Domain Services (AD DS), Active Directory Lightweight Directory Services (AD LDS), XML files, or Microsoft SQL Server databases.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Store Name</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the URL or file system path to the authorization policy store to be opened.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Browse</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Allows you to locate or choose a store if the store type supports browsing.</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Stores</maml:linkText><maml:uri href="mshelp://windows/?id=57075178-e06b-44b9-a0cd-588c244fe704"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understanding Authorization Manager Role, Task, and Operation Definitions</maml:title><maml:introduction>
<maml:para>To use Authorization Manager effectively to control access to resources, you must first define roles, tasks, and operations. </maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>A role is a set of permissions that a user must have to do a job. Well-designed roles should correspond to a job category or responsibility (for example, receptionist, hiring manager, or archivist) and be named accordingly. With Authorization Manager, you can add users to a role to authorize them for the job.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>A task is a collection of operations and sometimes other tasks. Well-designed tasks are inclusive enough to represent work items that are recognizable (for example, "change password" or "submit expense").</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>An operation is a set of permissions that you associate with system-level or API-level security procedures such as WriteAttributes or ReadAttributes. You use operations as building blocks for tasks. </maml:para>
</maml:listItem>
</maml:list>
<maml:para>You can define roles, tasks, and operations only in developer mode, not in administrator mode. To set developer mode, see <maml:navigationLink><maml:linkText>Set Authorization Manager Options</maml:linkText><maml:uri href="mshelp://windows/?id=7b83af3f-b3c8-481d-8558-e32a7447a367"></maml:uri></maml:navigationLink>. </maml:para>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Role definitions</maml:title><maml:introduction>
<maml:para>Creating appropriate role definitions depends on the structure and goals of your organization. Roles support inheritance from other roles. </maml:para>
<maml:para>To define a role, you specify a name, a friendly description, and some specific tasks, roles, and operations that are part of the role. This provides a mechanism for role inheritance. For example, a Helpdesk role might include a Product Support role. </maml:para>
<maml:para>You can specify an authorization rule, which may be either VBScript or JScript. For more information, see <maml:navigationLink><maml:linkText>VBScript</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?linkid=65964"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=65964) and <maml:navigationLink><maml:linkText>JScript</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=65963"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=65963).</maml:para>
<maml:para>If there are several authorization rules associated with a role definition (for example, the role definition has several subroles and tasks), the authorization rules run synchronously. In Authorization Manager, the order has no effect on authorization.</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Task definitions</maml:title><maml:introduction>
<maml:para>A task definition is smaller than a role definition and can be used to define roles and other tasks.</maml:para>
<maml:para>With Authorization Manager, you associate tasks with roles in an intuitive way. For example, the Recruiter role might include the Interview task. </maml:para>
<maml:para>Tasks, like roles, are defined in a way that is appropriate to the organization. To define a task, you specify a name, a description, and some specific tasks and operations that are part of the task. You can also specify a VBScript or JScript authorization rule.</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Operation definitions</maml:title><maml:introduction>
<maml:para>Operations are small computer-level actions that are used to define tasks and usually are not relevant to an administrator. You define operations only in developer mode.</maml:para>
<maml:para>You can set operation definitions at the application level, but not at the authorization store level or the scope level. </maml:para>
<maml:para>An operation definition includes a name, a description, and an operation number. The operation number X must be an integer from 1 to 2,147,483,647 (that is, 1 ≤ X ≤ 2^31 - 1). The operation number is used by the application to identify the operation, so entering a wrong operation number will result in access being granted or denied incorrectly. This, in turn, could lead to security violations or undesired behavior of the client application. </maml:para>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title><Group Name> Property Sheet: Exclusions Tab</maml:title><maml:introduction>
<maml:para>You can use this property page to exclude specific users or groups from an Authorization Manager group.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>This tab only appears for basic groups.</maml:para>
</maml:alertSet>
<maml:para>The following table describes the UI elements for this property sheet.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Users and groups that are excluded from this group </maml:para>
</maml:entry>
<maml:entry>
<maml:para>Lists the users and groups that are excluded from this application group. Each user and group is listed with name, type, and description. </maml:para>
<maml:alertSet class="important"><maml:title>Important </maml:title>
<maml:para>Exclusion takes precedence over inclusion.</maml:para>
</maml:alertSet>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Remove</maml:para>
</maml:entry>
<maml:entry>
<maml:para>To remove a user or group from the exclusion list, select the user or group, and click <maml:ui>Remove</maml:ui>. </maml:para>
<maml:alertSet class="important"><maml:title>Important </maml:title>
<maml:para>Removing a user from the exclusion list will add them to the group only if they are included on the <maml:ui>Members</maml:ui> tab. Clicking <maml:ui>Remove</maml:ui> removes them from the exclusion list, not from the group.</maml:para>
</maml:alertSet>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Select additional members from</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the source of members:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Security principals from the computer or from Active Directory Domain Services (AD DS)</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Other groups defined in Authorization Manager</maml:para>
</maml:listItem>
</maml:list>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Select</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Click to open a dialog box and select specific member objects.</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Application Groups</maml:linkText><maml:uri href="mshelp://windows/?id=7c373b4c-7124-420b-82b2-d62528ceec58"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>New Scope Dialog Box</maml:title><maml:introduction>
<maml:para>A scope is a collection of objects or resources with their own authorization policy. A scope is used within an application to limit authorization policy. </maml:para>
<maml:para>The following table describes the UI elements for this dialog box.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Name</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides a space for you to type the name of the new scope (for example, *.txt, C:\temp, or Computers in Sales Department).</maml:para>
<maml:para>The scope name must be recognized by the application and must be resolvable by the application at the time of the access check. The name must contain only printable characters. </maml:para>
<maml:para>Scope names can be very long (maximum limit of 64 KB of information). Because scopes cannot be nested, some developers use a naming convention for scopes that results in long names. </maml:para>
<maml:para>However, if you try to enter a name that is longer than 64 KB, you will receive an error. In addition, the name cannot be a name that is already used by the application.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides a space for you to type the description of the new scope. </maml:para>
<maml:para>The description does not affect the functionality of Authorization Manager and should be meaningful to you. </maml:para>
<maml:para>The description has a maximum size limit of 1,024 bytes. </maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Scopes</maml:linkText><maml:uri href="mshelp://windows/?id=6083e41e-0a7d-47ba-9a87-59c79990f745"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title><Application Name> Property Sheet: General Tab</maml:title><maml:introduction>
<maml:para>This dialog box allows you to view and configure the properties of the Authorization Manager application.</maml:para>
<maml:para>The following table describes the UI elements for this property sheet.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Name </maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the name of the application, and provides a space for you to type the name (for example, expense reporting or information management). The name will be used to initialize Authorization Manager. The application name must be unique to the authorization store, and cannot contain any of the characters \ / : * ? " < > | and [Tab]. The name has a maximum size limit of 512 bytes.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the description of the application, and provides a space for you to type the description. The description does not affect the functionality of Authorization Manager. Choose a description that is meaningful to you. The description has a maximum size limit of 1,024 bytes.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Version Information</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the version of the application, and provides a space for you to type the version. The version is optional text that specifies the version of the application.</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Applications</maml:linkText><maml:uri href="mshelp://windows/?id=11edca2e-bedf-4fc4-bf8b-3083efbbb5e3"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>New Application Dialog Box</maml:title><maml:introduction>
<maml:para> The following table describes the UI elements for this dialog box.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Name</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides a space for you to type the name of the new application (for example, "expense reporting" or "information management"). The name will be used to initialize Authorization Manager. It must be the name that the managed application uses when initializing Authorization Manager. The application name has a maximum size limit of 512 bytes. It must be unique to the authorization store, and cannot contain any of the characters \ / : * ? " < > | and [Tab].</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>The application name specified here must be the name that the managed application uses when initializing Authorization Manager.</maml:para>
</maml:alertSet>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides a space for you to type a description of the new application. The description does not affect the functionality of Authorization Manager and should be meaningful to you. </maml:para>
<maml:para>The description has a maximum size limit of 1,024 bytes.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Version information </maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides a space for you to type the version of the new application. The version is an optional text string that allows you to specify different versions.</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Role, Task, and Operation Definitions</maml:linkText><maml:uri href="mshelp://windows/?id=2fc7ad83-7967-44be-88ef-c2c517952043"></maml:uri></maml:navigationLink></maml:para></maml:listItem><maml:listItem><maml:para><maml:navigationLink><maml:linkText>User Interface: Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=d528fb6e-616f-4c1d-bb4c-84b6a504c0c2"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Open Authorization Store Dialog Box: Active Directory Browse</maml:title><maml:introduction>
<maml:para>This dialog box displays the Authorization Manager stores available in Active Directory Domain Services (AD DS). </maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>In Authorization Manager, there is neither a default authorization store nor a default application.</maml:para></maml:alertSet>
<maml:para>Select the desired store, and click <maml:ui>OK</maml:ui>.</maml:para>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Stores</maml:linkText><maml:uri href="mshelp://windows/?id=57075178-e06b-44b9-a0cd-588c244fe704"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understanding Authorization Manager Role Assignments</maml:title><maml:introduction>
<maml:para>A role assignment is a virtual container for application groups whose members are authorized for the role. A role assignment is based on a single role definition, and a single role definition can be the basis of many role assignments. </maml:para>
<maml:para>The most common procedure that administrators carry out is the assignment of application groups, or Windows users and groups, to a role. For step-by-step instructions, see <maml:navigationLink><maml:linkText>Assign a Windows User or Group to a Role</maml:linkText><maml:uri href="mshelp://windows/?id=a554bec2-7ce7-45fb-a84c-063133141635"></maml:uri></maml:navigationLink> or <maml:navigationLink><maml:linkText>Assign an Application Group to a Role</maml:linkText><maml:uri href="mshelp://windows/?id=d1397e5e-8bdd-415d-b67d-bbb19aeeeee2"></maml:uri></maml:navigationLink>.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>If you have installed a custom object picker, additional choices will be available. For more information, see "Additional references" in this topic.</maml:para>
</maml:alertSet>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Assign a Windows User or Group to a Role</maml:linkText><maml:uri href="mshelp://windows/?id=a554bec2-7ce7-45fb-a84c-063133141635"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Assign an Application Group to a Role</maml:linkText><maml:uri href="mshelp://windows/?id=d1397e5e-8bdd-415d-b67d-bbb19aeeeee2"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Choose Users or Groups with a Custom Object Picker</maml:linkText><maml:uri href="mshelp://windows/?id=6d2736d9-d803-423c-b376-29c04929d3ee"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Authorization Manager</maml:title><maml:introduction>
<maml:para>Authorization Manager provides a flexible framework for integrating role-based access control into applications. It enables administrators who use those applications to provide access through assigned user roles that relate to job functions.</maml:para>
<maml:para>Authorization Manager applications store authorization policy in the form of authorization stores that are stored in Active Directory Domain Services (AD DS), Active Directory Lightweight Directory Services (AD LDS), XML files, or Microsoft SQL Server databases. These polices are then applied at run time. </maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Overview of Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=b42ada63-88c6-4924-aa45-c8abef160975"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>What's New in Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=1f8f1a16-af60-4e44-8836-a6373b48fa67"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Checklist: Before You Start Using Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=d7145ff2-d560-498d-89e0-a10359799da5"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Using and Managing the Authorization Manager Snap-In</maml:linkText><maml:uri href="mshelp://windows/?id=9bd3ff29-71de-466c-a0b9-30b225c1358e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Authorization Stores</maml:linkText><maml:uri href="mshelp://windows/?id=63c53320-fbcd-42b3-ae6d-0a89d8228c62"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Applications and Scopes</maml:linkText><maml:uri href="mshelp://windows/?id=6568d6dc-df83-4716-b990-4aba2212e99a"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Groups, Roles, and Tasks</maml:linkText><maml:uri href="mshelp://windows/?id=1faebced-b2b3-4772-a8df-2d2f7b5e177b"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Controlling Authorization by Using Authorization Rules and Business Rules</maml:linkText><maml:uri href="mshelp://windows/?id=2193b1ca-331a-40fb-affe-9cf9abc2a6ae"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Troubleshooting Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=5187d0f6-0e81-4128-a1a7-509444c77890"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Resources for Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=1fd01896-c118-4c0e-949b-aad87ea063e5"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>User Interface: Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=d528fb6e-616f-4c1d-bb4c-84b6a504c0c2"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>New Application Group Dialog Box</maml:title><maml:introduction>
<maml:para>The following table describes the UI elements for this dialog box.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Name</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides a space for you to type the name of the new application group. An application group is a group of users of the application (for example, "Building 40 Users"). </maml:para>
<maml:para>An application name must not already exist in the authorization store. It has a maximum size limit of 512 bytes. It cannot contain any of the characters \ / : * ? " < > | and [Tab].</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides a space for you to type the description of the new application group. The description does not affect the functionality of Authorization Manager and should be meaningful to you. The description has a maximum size limit of 1,024 bytes.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Group Type</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:phrase>Basic Application Group</maml:phrase></maml:para>
<maml:para>Specifies that the new application group is of the basic type. The basic type of application group is based on Windows users and groups, which might include local groups, and global or universal groups that are stored in Active Directory Domain Services (AD DS).</maml:para>
<maml:para><maml:phrase>LDAP Query Application Group</maml:phrase></maml:para>
<maml:para>Specifies that the new application group is defined by a Lightweight Directory Access Protocol (LDAP) query. LDAP queries are used to find objects in (AD DS) and other LDAP-compliant directories. For example, the query <maml:replaceable>(&(objectCategory=person)(objectClass=user)(!cn=andy))</maml:replaceable> finds everyone except Andy. The query <maml:replaceable>(memberOf=CN= StatusReports,OU=Distribution Lists,DC=northwindtraders,DC=com)</maml:replaceable> finds all members of the StatusReports alias at northwindtraders.com.</maml:para>
<maml:para><maml:phrase>Business Rule Application Group</maml:phrase></maml:para>
<maml:para>Specifies that the new application group will be defined by a business rule. Business rules are created by writing a script in VBScript or JScript.</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Application Groups</maml:linkText><maml:uri href="mshelp://windows/?id=7c373b4c-7124-420b-82b2-d62528ceec58"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Create an Application Group within an Authorization Store</maml:title><maml:introduction>
<maml:para>Before you can effectively use Authorization Manager to control access to resources, you must define groups of users. To define an application group, use the following procedure.</maml:para>
<maml:para>You must be assigned to the Authorization Manager <maml:phrase>Administrator</maml:phrase> user role to complete this procedure. By default, <maml:phrase>Administrators</maml:phrase> is the minimum Windows group membership assigned to this role. Review the details in "Additional considerations" in this topic.</maml:para>
<maml:procedure><maml:title>To create a group within an authorization store</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If necessary, open Authorization Manager.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, right-click <maml:ui>Groups</maml:ui>, and then click <maml:ui>New Application Group</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>New Application Group</maml:ui> dialog box, in <maml:ui>Name</maml:ui>, type a name for the group.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In <maml:ui>Description</maml:ui>, type a description for the group.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In <maml:ui>Group type</maml:ui>, click<maml:ui> Basic Application Group</maml:ui>, <maml:ui>LDAP Query Application Group</maml:ui>, or <maml:ui>Business Rule Application Group</maml:ui>. (For more information about the types of groups you can create, see "Additional references" in this topic.)</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:para><maml:phrase>Additional considerations</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To perform this procedure, you need to have access to an authorization store. By default, members of the <maml:phrase>Administrators</maml:phrase> group have the required access, but Authorization Manager allows you to delegate responsibility. </maml:para>
</maml:listItem>
</maml:list>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Application Groups</maml:linkText><maml:uri href="mshelp://windows/?id=7c373b4c-7124-420b-82b2-d62528ceec58"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText><Store Name> Property Sheet: Security Tab</maml:linkText><maml:uri href="mshelp://windows/?id=140e185a-d024-41da-a651-b681e8e6f6e2"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Start Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=4c026431-c042-4ccc-9761-a32f465ae684"></maml:uri></maml:navigationLink> </maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Start Authorization Manager</maml:title><maml:introduction>
<maml:para>Authorization Manager can be run as a stand-alone console or as a snap-in added to a Microsoft Management Console (MMC).</maml:para>
<maml:para><maml:phrase>Administrators</maml:phrase> is the minimum group membership required to complete this procedure. Review the details in "Additional considerations" in this topic.</maml:para>
<maml:procedure><maml:title>To start Authorization Manager </maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Start</maml:ui>, type <maml:computerOutputInline>azman.msc</maml:computerOutputInline> in the <maml:ui>Start Search</maml:ui> box, and then press ENTER.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If the <maml:ui>User Account Control</maml:ui> dialog box appears, provide the requested permission or credentials.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:para><maml:phrase>Additional considerations</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Authorization Manager opens without a default authorization store. To use Authorization Manager, you need to create or open an authorization store. </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>You can configure your own MMC that includes Authorization Manager as part of that console. For more information, refer to "Additional references" in this topic. </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Authorization Manager opens with the same configuration as at the time you closed the console. </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Depending on the configuration of your computer, the <maml:ui>User Account Control</maml:ui> dialog box may or may not appear. It will not appear if you are logged in with the built-in Administrator account (the local Administrator account is disabled by default in this version of Windows).</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>By default, members of the local <maml:phrase>Administrators </maml:phrase>group have sufficient rights and privileges to complete this task. In your environment, security may be managed so that non-administrators have additional rights. </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>If User Account Control is enabled, it can be configured to allow non-administrators to enter the credentials of an administrator to complete administrative tasks without being a member of the <maml:phrase>Administrators</maml:phrase> group. </maml:para>
</maml:listItem>
</maml:list>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Add the Authorization Manager Snap-In to MMC</maml:linkText><maml:uri href="mshelp://windows/?id=a364ca04-413a-4681-971a-7b727c7e4fa4"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Troubleshooting Authorization Manager</maml:title><maml:introduction>
<maml:para>Authorization Manager is used in conjunction with custom code created specifically for your environment. Therefore, troubleshooting Authorization Manager is a matter of troubleshooting and debugging that application.</maml:para>
<maml:para>For more information about the specific interfaces available and how they function, see the references listed in <maml:navigationLink><maml:linkText>Resources for Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=1fd01896-c118-4c0e-949b-aad87ea063e5"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understanding Authorization Manager Stores</maml:title><maml:introduction>
<maml:para>With Authorization Manager, you can provide authorization services to administrators that you support by creating Authorization Manager applications that access authorization stores.</maml:para>
<maml:para>In Authorization Manager, there is neither a default authorization store nor a default application. To create an authorization store, you must work in the Authorization Manager developer mode. For more information about working in developer mode, see <maml:navigationLink><maml:linkText>Set Authorization Manager Options</maml:linkText><maml:uri href="mshelp://windows/?id=7b83af3f-b3c8-481d-8558-e32a7447a367"></maml:uri></maml:navigationLink>.</maml:para>
<maml:para>You can store authorization stores in either XML files, Active Directory Domain Services (AD DS), Active Directory Lightweight Directory Services (AD LDS), or in Microsoft SQL Server databases. </maml:para>
<maml:para>The following table compares the different authorization store types.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Authorization store type</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Delegation support</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Authorization store is specified by</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Requirements</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>AD DS or AD LDS</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Supported at the authorization store, application, and scope levels</maml:para>
</maml:entry>
<maml:entry>
<maml:para>A URL, beginning with the protocol prefix <maml:replaceable>MSLDAP://</maml:replaceable> or an LDAP distinguished name (for example, <maml:replaceable>CN=myStore,CN=Program Data,DN=nwtraders,DN=com</maml:replaceable>)</maml:para>
</maml:entry>
<maml:entry>
<maml:para>The domain functional level must be Windows Server 2003 or higher.</maml:para><maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>In Windows 2000, Active Directory does not support authorization stores.</maml:para>
</maml:alertSet>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>XML</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Not supported</maml:para>
<maml:para>The XML file is secured as a whole by its NTFS file system access control entries (ACEs).</maml:para>
</maml:entry>
<maml:entry>
<maml:para>A URL beginning with the protocol prefix <maml:replaceable>MSXML://</maml:replaceable> or a path (for example, <maml:replaceable>C:\Temp\MyStore.xml or \\ServerName\ShareName\MyStore.xml</maml:replaceable>)</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Any NTFS partition</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>SQL Server</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Supported at the authorization store, application, and scope levels</maml:para>
</maml:entry>
<maml:entry>
<maml:para>A URL beginning with the protocol prefix <maml:replaceable>MSSQL://</maml:replaceable> followed by a connection string, database name, and policy store name, in the format: <maml:replaceable>MSSQL://<connection string>/<database name>/<policy store name></maml:replaceable></maml:para>
</maml:entry>
<maml:entry>
<maml:para>At least Microsoft SQL Server 2000</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para>An application is specific to an authorization store, and it is always located directly under its parent authorization store in Authorization Manager. For more information, see <maml:navigationLink><maml:linkText>Create an Authorization Manager Application</maml:linkText><maml:uri href="mshelp://windows/?id=a1c72a61-31f7-4d5e-b8f5-0f6fb9c0bc90"></maml:uri></maml:navigationLink>.</maml:para>
<maml:para>Scopes, roles, tasks, and operations are always specific to an application. For more information, see <maml:navigationLink><maml:linkText>Understanding Authorization Manager Scopes</maml:linkText><maml:uri href="mshelp://windows/?id=6083e41e-0a7d-47ba-9a87-59c79990f745"></maml:uri></maml:navigationLink> and <maml:navigationLink><maml:linkText>Understanding Authorization Manager Role, Task, and Operation Definitions</maml:linkText><maml:uri href="mshelp://windows/?id=2fc7ad83-7967-44be-88ef-c2c517952043"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Using application groups</maml:title><maml:introduction>
<maml:para>An application group is a group of users of an Authorization Manager application. You can create application groups at any of the three levels in the Authorization Manager console. The following table lists the different Authorization Manager levels where you can create application groups.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Level</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Application group can be used in</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Authorization store</maml:para>
</maml:entry>
<maml:entry>
<maml:para>The authorization store, and applications and scopes within it</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Application</maml:para>
</maml:entry>
<maml:entry>
<maml:para>The application and scopes within it</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Scope</maml:para>
</maml:entry>
<maml:entry>
<maml:para>The scope</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para>For more information about application groups, see <maml:navigationLink><maml:linkText>Understanding Authorization Manager Application Groups</maml:linkText><maml:uri href="mshelp://windows/?id=7c373b4c-7124-420b-82b2-d62528ceec58"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Delegating authorization stores and applications</maml:title><maml:introduction>
<maml:para>Authorization stores that are stored in AD DS, AD LDS, or SQL Server support delegation. This means that you can authorize other people to administer those authorization stores or applications contained in those authorization stores.</maml:para>
<maml:para>For more information about performing delegation, see <maml:navigationLink><maml:linkText>Allow Other Users to Administer an Authorization Store</maml:linkText><maml:uri href="mshelp://windows/?id=a1f5e7f1-97e2-4a67-a83f-7d869ef4aff4"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Create an Authorization Store</maml:title><maml:introduction>
<maml:para>Before you can use Authorization Manager to control access to resources, you must create an authorization store.</maml:para>
<maml:para><maml:phrase>Administrators</maml:phrase> is the minimum group membership required to complete this procedure. Review the details in "Additional considerations" in this topic.</maml:para>
<maml:procedure><maml:title>To create an authorization store</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Authorization Manager.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If necessary, switch to developer mode by changing the Authorization Manager options.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, right-click <maml:ui>Authorization Manager</maml:ui>, and then click<maml:ui> New Authorization Store</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>New Authorization Store</maml:ui> dialog box, click <maml:ui>Active Directory</maml:ui>, <maml:ui>XML file</maml:ui>, or <maml:ui>Microsoft SQL</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In <maml:ui>Store name</maml:ui>, type the authorization store name or click <maml:ui>Locations</maml:ui> to find the authorization store. You cannot use <maml:ui>Locations</maml:ui> to browse for a computer running Microsoft SQL Server. You must know the location you want to use to create a store in SQL Server.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>(Optional) In <maml:ui>Description</maml:ui>, type a description for the new authorization store.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:para><maml:phrase>Additional considerations</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To perform this procedure, you must be working in developer mode. </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>To create an authorization store that is stored in Active Directory Domain Services (AD DS), use the Lightweight Directory Access Protocol (LDAP) name (for example, <maml:replaceable>CN=myStore,CN=Program Data,DN=nwtraders,DN=com</maml:replaceable>). A store may be created in an AD DS partition or in an Active Directory Lightweight Directory Services (AD LDS) partition. AD LDS was formerly known as Active Directory/Application Mode (ADAM).</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Any user or group who is assigned to the <maml:ui>Policy Administrator</maml:ui>, <maml:ui>Policy Reader</maml:ui>, or <maml:ui>Policy Delegated User</maml:ui> role at any level (store, application, or scope) for an Authorization Manager store that is stored in an AD LDS partition must also be added to the AD LDS <maml:ui>Reader</maml:ui> role of that AD LDS partition.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>To create an XML-based authorization store, use a path and file name that is valid at run time (for example, C:\<maml:replaceable>AuthStores\MyStore.xml</maml:replaceable>).</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>To create an SQL-based authorization store, use a URL beginning with the protocol prefix <maml:replaceable>MSSQL://. </maml:replaceable>See "Additional references" for details on how to format an SQL connection string as a URL.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>By default, members of the local <maml:phrase>Administrators</maml:phrase> group have sufficient rights and privileges to complete this task. In your environment, security may be managed so that non-administrators have additional rights. </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>If User Account Control is enabled, it can be configured to allow non-administrators to enter the credentials of an administrator to complete administrative tasks without being a member of the <maml:phrase>Administrators</maml:phrase> group. </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>If the store is being created on another computer, you must ensure that you have sufficient permissions to access and create the appropriate type of resources on that other computer.</maml:para>
</maml:listItem>
</maml:list>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Start Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=4c026431-c042-4ccc-9761-a32f465ae684"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Stores</maml:linkText><maml:uri href="mshelp://windows/?id=57075178-e06b-44b9-a0cd-588c244fe704"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Set Authorization Manager Options</maml:linkText><maml:uri href="mshelp://windows/?id=7b83af3f-b3c8-481d-8558-e32a7447a367"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Connect to an SQL-based Authorization Store</maml:linkText><maml:uri href="mshelp://windows/?id=0e8e5a95-1cdc-4876-b49c-f04a68f73128"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title><Scope Name> Property Sheet</maml:title><maml:introduction>
<maml:para>A scope is used within an application to limit authorization policy if that authorization policy should not be used outside the scope. </maml:para>
<maml:para>The following table describes the UI elements for this dialog box.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Name </maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides a space for you to type the name of the scope (for example, "*.txt, C:\temp, and Computers in Sales Department").</maml:para>
<maml:para>The scope name must be recognized by the application and must be resolvable by the application at the time of the access check. The name must contain only printable characters. </maml:para>
<maml:para>Scope names can be very long. They have a maximum size limit of 64 KB. </maml:para>
<maml:para>Because scopes cannot be nested, some developers use a naming convention for scopes that results in long names. However, if you try to enter a name that is longer than 64 KB, you will receive an error. </maml:para>
<maml:para>The name also cannot be already in use in the application.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides a space for you to type the description of the scope. </maml:para>
<maml:para>The description does not affect the functionality of Authorization Manager. Choose a description that is meaningful to you. The description has a maximum size limit of 1,024 bytes.</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Scopes</maml:linkText><maml:uri href="mshelp://windows/?id=6083e41e-0a7d-47ba-9a87-59c79990f745"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title><Role Assignment> Property Sheet</maml:title><maml:introduction>
<maml:para>The following table describes the UI elements for this dialog box.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Name</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides a space for you to type the name of the role assignment. </maml:para>
<maml:para>The name does not affect the functionality of Authorization Manager and should be meaningful to you. </maml:para>
<maml:para>A role assignment name has a size limit of 64 bytes. You are prevented from entering a name that is too long.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Description </maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides a space for you to type the description of the role assignment. </maml:para>
<maml:para>The description does not affect the functionality of Authorization Manager and should be meaningful to you. </maml:para>
<maml:para>A description has a size limit of 1,024 bytes. You are prevented from entering a description that is too long.</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Role Assignments</maml:linkText><maml:uri href="mshelp://windows/?id=41a112a6-1b0c-4994-a2b5-5fe1ccb81adb"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understanding Authorization Manager Scopes</maml:title><maml:introduction>
<maml:para>A scope is a virtual subdivision within an application that separates some resources from other resources that are used by that application. You can use scopes to prevent unintended resource sharing and to support auditing and delegation. You do not have to use scopes. </maml:para>
<maml:para>A scope can represent a folder, a container in Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS), a file-masked collection of files (for example, *.doc), a URL, or any item that can be accessed by the application and its underlying authorization store. However, a scope is an abstraction; it is a definition created in Authorization Manager, but it is not a physical folder in the file system or an actual container in AD DS, for example. </maml:para>
<maml:para>If you have Authorization Manager groups, role assignments, role definitions, or task definitions that you do not want to apply to an entire application, you can create them at the scope level. The application that contains the scope must be able to recognize the scope name. For example, file-based applications might have scope names that include file names or paths. Web-based applications might have URL-based scope names. Registry applications might have scope names based on registry hives, and Active Directory scope names could specify organizational units. You cannot define operations at the scope level.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Auditing scopes</maml:title><maml:introduction>
<maml:para>You cannot control Authorization Manager run-time auditing at the scope level. You can control Authorization Manager authorization store-change auditing on scopes contained in authorization stores that are stored in AD DS. For more information, see <maml:navigationLink><maml:linkText>Understanding Authorization Manager Auditing</maml:linkText><maml:uri href="mshelp://windows/?id=6857c310-c2fb-4f9d-9a4c-639f38ffab73"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Delegating scopes</maml:title><maml:introduction>
<maml:para>You can delegate the administration of scopes to other people if both of the following conditions are met:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>The authorization store must be stored in AD DS, AD LDS, or Microsoft SQL Server.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Authorization rules are not used in any task or role definitions defined within the scope you want to delegate.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Managing Authorization Stores</maml:title><maml:introduction>
<maml:para>Before you can use Authorization Manager to control access to resources, you must create the definitions required to describe the environment you want to create. All of these settings are kept in one or more authorization stores. </maml:para>
<maml:para>An authorization store is sometimes called a policy store or an authorization policy store.</maml:para>
<maml:para>This section contains: </maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Create an Authorization Store</maml:linkText><maml:uri href="mshelp://windows/?id=5a9cbc58-21a6-4946-a0a1-373d5edc264a"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Change the Properties of an Authorization Store</maml:linkText><maml:uri href="mshelp://windows/?id=b03487c7-3ec6-46b6-9878-8a62bafbabfc"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Allow Other Users to Administer an Authorization Store</maml:linkText><maml:uri href="mshelp://windows/?id=a1f5e7f1-97e2-4a67-a83f-7d869ef4aff4"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Activate Auditing for an Authorization Store</maml:linkText><maml:uri href="mshelp://windows/?id=f27a7262-e5ff-4064-96ec-0fc0fe93c4c0"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Connect to an SQL-based Authorization Store</maml:linkText><maml:uri href="mshelp://windows/?id=0e8e5a95-1cdc-4876-b49c-f04a68f73128"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Stores</maml:linkText><maml:uri href="mshelp://windows/?id=57075178-e06b-44b9-a0cd-588c244fe704"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Store Limits</maml:linkText><maml:uri href="mshelp://windows/?id=93a693c7-e3de-4cf7-95e6-fb6491fc4f31"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title><Group Name> Property Sheet: General Tab</maml:title><maml:introduction>
<maml:para>The following table describes the UI elements for this property sheet.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Name</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the name of the application group, and provides a space for you to type the name. </maml:para>
<maml:para>An application group is a group of users of the application. An application group can be composed of security groups, Lightweight Directory Access Protocol (LDAP) query groups, and other application groups. </maml:para>
<maml:para>The application group name must be unique to the authorization store, and cannot contain any of the characters \ / : * ? " < > | and [Tab]. The name of a group has a maximum size limit of 64 bytes.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the description of the application group, and provides a space for you to type the description.</maml:para>
<maml:para>The description does not affect the functionality of Authorization Manager. Choose a description that is meaningful to you. The description has a maximum size limit of 1,024 bytes.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Group Type</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the application group type:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>A basic group is defined by a list of members and a list of nonmembers, which are excluded from the application group.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>An LDAP query group is built from a query in Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS).</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>A business rule application group has membership defined by a script written in either VBScript or JScript. </maml:para>
</maml:listItem>
</maml:list>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Application Groups</maml:linkText><maml:uri href="mshelp://windows/?id=7c373b4c-7124-420b-82b2-d62528ceec58"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Managing Applications and Scopes</maml:title><maml:introduction>
<maml:para>You can use Authorization Manager applications and scopes to group related definitions together and to limit how particular policies are applied. </maml:para>
<maml:para>This section contains:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Create an Application Group within an Authorization Store</maml:linkText><maml:uri href="mshelp://windows/?id=4a076990-699c-4c45-92b5-4e5eb50208d7"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Change the Properties of a Group within an Authorization Store</maml:linkText><maml:uri href="mshelp://windows/?id=df0924f5-2c0f-4e6e-b94c-a00a63c88160"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Create an Authorization Manager Application</maml:linkText><maml:uri href="mshelp://windows/?id=a1c72a61-31f7-4d5e-b8f5-0f6fb9c0bc90"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Applications</maml:linkText><maml:uri href="mshelp://windows/?id=11edca2e-bedf-4fc4-bf8b-3083efbbb5e3"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Scopes</maml:linkText><maml:uri href="mshelp://windows/?id=6083e41e-0a7d-47ba-9a87-59c79990f745"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Auditing</maml:linkText><maml:uri href="mshelp://windows/?id=6857c310-c2fb-4f9d-9a4c-639f38ffab73"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title><Task Name> Definition Property Sheet: Definition Tab</maml:title><maml:introduction>
<maml:para>The following table describes the UI elements for this dialog box. </maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>The operations and lower-level tasks that define this task</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Lists the operations and specific tasks that define this task.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Add</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Click to add a task. A task is a collection of operations required to do work that requires authorization.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Remove</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Click to remove the selected task or operation. To make the <maml:ui>Remove</maml:ui> button available, click an item in the list.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Authorization Rule</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Click to set the authorization rule for the task.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>OK</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Click to close the dialog box and save any changes you have made.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Cancel</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Click to close the dialog box without saving any changes you have made.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Apply</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Click to save all the changes you have made without closing the dialog box.</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Role, Task, and Operation Definitions</maml:linkText><maml:uri href="mshelp://windows/?id=2fc7ad83-7967-44be-88ef-c2c517952043"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title><Role Name> Property Sheet: Definition Tab</maml:title><maml:introduction>
<maml:para>The following table describes the UI elements for this dialog box.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>The tasks and lower-level roles that define this role</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Lists the tasks and specific roles that define this role.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Add</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Adds a task to the list.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Remove</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Removes the selected task or role from the list. </maml:para>
<maml:para>To make this button available, click an item in the list.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Authorization Rule</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Allows you to set an authorization rule for the role definition. An authorization rule determines whether the role is allowed (for example, the following VBScript always grants permission: </maml:para>
<maml:para><maml:replaceable>AzBizRuleContext.BusinessRuleResult = True</maml:replaceable>)</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Role, Task, and Operation Definitions</maml:linkText><maml:uri href="mshelp://windows/?id=2fc7ad83-7967-44be-88ef-c2c517952043"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understanding Authorization Manager Auditing</maml:title><maml:introduction>
<maml:para>Monitoring the access to controlled resources and any changes to an authorization policy gives you a way to track potential security problems, helps to ensure user accountability, and provides evidence in the event of a security breach.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Types of auditing</maml:title><maml:introduction>
<maml:para>With Authorization Manager, you can use two kinds of auditing: run-time auditing and authorization store change auditing. </maml:para>
</maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Run-time auditing</maml:title><maml:introduction>
<maml:para>There are two aspects to run-time auditing:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Run-time application initialization auditing, which generates audits when an application is opened.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Run-time client context and access check auditing, which generates audits when a client context is created and each time that the client calls for an access check. Access checks are based on the AccessCheck method described in the Authorization section of the Platform SDK. For more information about authorization-related application programming interfaces (APIs), see <maml:navigationLink><maml:linkText>Authorization</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?linkid=64031"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=64031).</maml:para>
</maml:listItem>
</maml:list>
<maml:para>You can configure run-time auditing to log successes, failures, or both successes and failures. </maml:para>
</maml:introduction></maml:section>
<maml:section>
<maml:title>Authorization store change auditing</maml:title><maml:introduction>
<maml:para>When you enable authorization store change auditing, audits are generated every time the authorization store is modified. The audit logs all events, successes, and failures.</maml:para>
<maml:para>For authorization store change auditing, Authorization Manager supports the NTFS file system (for XML-based authorization stores), Active Directory Domain Services (AD DS), Active Directory Lightweight Directory Services (AD LDS), and Microsoft SQL Server.</maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section><maml:section>
<maml:title>Locating audit events</maml:title><maml:introduction>
<maml:para>To view audit events generated by Authorization Manager, view the event logs on the appropriate computer:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Run-time auditing events are in the security log of the client computer where the application is running.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Authorization store change auditing events are in the security log of the computer where the store resides. </maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>In the case of an XML-based authorization store, the audit records will be found in the Event Viewer of the computer where the XML file is stored.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>In the case of an authorization store that uses AD DS or AD LDS, audit records will be found on the Event Viewer of the domain controller or AD LDS server being accessed. </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>In the case of a SQL-based authorization store, audit records will be found in the Event Viewer of the computer hosting SQL Server.</maml:para>
</maml:listItem>
</maml:list>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section><maml:section>
<maml:title>Auditing availability</maml:title><maml:introduction>
<maml:para>The availability of auditing depends on the following:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Whether the authorization store is based on AD DS, AD LDS, XML, or SQL.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Whether auditing is configured at the authorization store level, the application level, or the scope level.</maml:para>
</maml:listItem>
</maml:list>
<maml:para>The following table describes the availability of the two auditing types.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Level</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Run-time auditing is available in</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Run-time auditing can be configured at this level in</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Authorization store change auditing is available in</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Authorization store</maml:para>
</maml:entry>
<maml:entry>
<maml:list class="unordered">
<maml:listItem>
<maml:para>XML</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>AD DS and AD LDS</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>SQL Server</maml:para>
</maml:listItem>
</maml:list>
</maml:entry>
<maml:entry>
<maml:list class="unordered">
<maml:listItem>
<maml:para>XML</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>AD DS and AD LDS</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>SQL Server</maml:para>
</maml:listItem>
</maml:list>
</maml:entry>
<maml:entry>
<maml:list class="unordered">
<maml:listItem>
<maml:para>XML</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>AD DS and AD LDS</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>SQL Server</maml:para>
</maml:listItem>
</maml:list>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Application</maml:para>
</maml:entry>
<maml:entry>
<maml:list class="unordered">
<maml:listItem>
<maml:para>XML</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>AD DS and AD LDS</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>SQL Server</maml:para>
</maml:listItem>
</maml:list>
</maml:entry>
<maml:entry>
<maml:list class="unordered">
<maml:listItem>
<maml:para>XML</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>AD DS and AD LDS</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>SQL Server</maml:para>
</maml:listItem>
</maml:list>
</maml:entry>
<maml:entry>
<maml:list class="unordered">
<maml:listItem>
<maml:para>AD DS and AD LDS</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>SQL Server</maml:para>
</maml:listItem>
</maml:list>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Scope</maml:para>
</maml:entry>
<maml:entry>
<maml:list class="unordered">
<maml:listItem>
<maml:para>XML</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>AD DS and AD LDS</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>SQL Server</maml:para>
</maml:listItem>
</maml:list>
</maml:entry>
<maml:entry>
<maml:para>Not available (configured at the application level)</maml:para>
</maml:entry>
<maml:entry>
<maml:list class="unordered">
<maml:listItem>
<maml:para>AD DS and AD LDS</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>SQL Server</maml:para>
</maml:listItem>
</maml:list>
</maml:entry></maml:row>
</maml:table>
<maml:para>To use auditing, you have to select the appropriate check box on the <maml:ui>Auditing</maml:ui> tab. To enable run-time auditing, select the <maml:ui>Runtime application initialization auditing</maml:ui> check box. To enable authorization store change auditing, select the <maml:ui>Runtime client context and access check auditing</maml:ui> check box.</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Configuring the system to allow auditing</maml:title><maml:introduction>
<maml:para>Before you implement auditing, you must decide on an auditing policy. An auditing policy specifies categories of security-related events that you want to audit. By default, when Windows is first installed, all auditing categories are disabled. </maml:para>
<maml:para>In order to configure which application and scopes are to be audited, you must have the <maml:ui>Manage auditing and security log</maml:ui> privilege on the computer where the authorization store resides. This is usually accomplished by being logged on as a member of the built-in Administrators group, or providing an administrator's password when prompted.</maml:para>
<maml:para>If the authorization store is based on XML, you have to specify object access auditing. If the authorization store is based on AD DS or AD LDS, you have to specify directory service access auditing.</maml:para>
<maml:para>In order to generate run-time client context and access check audits, users of applications that use Authorization Manager must be granted the <maml:ui>Generate security audits </maml:ui>privilege. If users of the application do not hold this privilege, no audit events will be recorded.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Enabling object access auditing</maml:title><maml:introduction>
<maml:para>By default, object access auditing is turned off. To turn it on, you need to use Group Policy at the domain, domain controller, or other applicable organizational-unit level in AD DS or AD LDS. You can also use the local security policy. </maml:para>
<maml:para>If the XML-based authorization store is located on a domain controller, the <maml:ui>Default Domain Controllers Policy</maml:ui> Group Policy object (GPO) is the most appropriate place to turn on object access auditing. If the XML-based authorization store is located on a workstation or member server, you can edit the local GPO for that computer to set the local security policy, but those settings will only apply until the next refresh of Group Policy security settings. This may be useful if you are only generating the audits one time. However, if you plan to generate security audits regularly you should edit another GPO that applies to the computer through AD DS. </maml:para>
<maml:para>To enable object access auditing, configure the following objects: </maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:phrase>For a local computer</maml:phrase></maml:para>
<maml:list class="ordered">
<maml:listItem>
<maml:para>Open the Local Group Policy Editor.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>In the console tree, double-click <maml:ui>Computer Configuration</maml:ui>, <maml:ui>Windows Settings</maml:ui>, <maml:ui>Security Settings</maml:ui>, <maml:ui>Local Policies</maml:ui>, and <maml:ui>Audit Policy.</maml:ui></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Click <maml:ui>Audit object access.</maml:ui></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>In the details pane, select the <maml:ui>Define these policy settings</maml:ui> check box, select the <maml:ui>Success</maml:ui> check box, and then select the <maml:ui>Failure</maml:ui> check box.</maml:para>
</maml:listItem>
</maml:list>
</maml:listItem>
<maml:listItem>
<maml:para><maml:phrase>For only domain controllers</maml:phrase></maml:para>
<maml:list class="ordered">
<maml:listItem>
<maml:para>Click <maml:ui>Start</maml:ui>, click <maml:ui>All Programs</maml:ui>, click <maml:ui>Administrative Tools</maml:ui>, and then double-click <maml:ui>Domain Controller Security Policy</maml:ui> .</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>In the console tree, double-click<maml:ui> Computer Configuration</maml:ui>, <maml:ui>Windows Settings</maml:ui>, <maml:ui>Security Settings</maml:ui>, <maml:ui>Local Policies</maml:ui>, and <maml:ui>Audit Policy.</maml:ui></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Click <maml:ui>Audit object access.</maml:ui></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>In the details pane, select the <maml:ui>Define these policy settings</maml:ui> check box, select the <maml:ui>Success</maml:ui> check box, and then select the <maml:ui>Failure</maml:ui> check box.</maml:para>
</maml:listItem>
</maml:list>
</maml:listItem>
<maml:listItem>
<maml:para><maml:phrase>For a domain or organizational unit</maml:phrase></maml:para>
<maml:list class="ordered">
<maml:listItem>
<maml:para>Open the Group Policy Management Console (GPMC). </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Right-click the GPO that you want to audit, and then click <maml:ui>Edit</maml:ui>. </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>In the console tree, double-click <maml:ui>Computer Configuration</maml:ui>, <maml:ui>Policies</maml:ui>, <maml:ui>Security Settings</maml:ui>, <maml:ui>Local Policies</maml:ui>, and <maml:ui>Audit Policy.</maml:ui></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Click <maml:ui>Audit object access.</maml:ui></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>In the details pane, select the <maml:ui>Define these policy settings</maml:ui> check box, select the <maml:ui>Success</maml:ui> check box, and then select the <maml:ui>Failure</maml:ui> check box.</maml:para>
</maml:listItem>
</maml:list>
</maml:listItem>
</maml:list>
<maml:para><maml:phrase>Additional considerations</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>You must install the GPMC to edit domain-based policy settings. The GPMC is an additional feature of Windows Server 2008 that you can install by using Server Manager.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>If you are editing the local GPO, the <maml:ui>Define these policy settings</maml:ui> check box does not appear in the Local Group Policy Editor. It only appears if you are editing GPOs that are stored in AD DS.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>If the <maml:ui>Success</maml:ui> and <maml:ui>Failure</maml:ui> auditing check boxes are unavailable, the <maml:ui>Define these policy settings</maml:ui> check box has probably been selected through security policy that is acting at a higher level in the AD DS structure. In this situation, you need to find out where the <maml:ui>Define these policy settings</maml:ui> check box is selected and clear this setting. To find this setting, look in the GPOs that affect this computer.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
<maml:section>
<maml:title>Enabling directory access auditing</maml:title><maml:introduction>
<maml:para>By default, directory service access auditing is turned off. To turn it on, you need to use Group Policy at the domain, domain controller, or other applicable organizational unit level in AD DS.</maml:para>
<maml:para>To enable object access auditing, expand the following nodes: <maml:ui>Computer Configuration</maml:ui>, <maml:ui>Windows Settings</maml:ui>, <maml:ui>Security Settings</maml:ui>, <maml:ui>Local Policies</maml:ui>, <maml:ui>Audit Policy</maml:ui>, and then double-click <maml:ui>Audit directory service access</maml:ui>.</maml:para>
<maml:para>Select the <maml:ui>Define these policy settings </maml:ui>check box, select the <maml:ui>Success</maml:ui> check box, and then select the <maml:ui>Failure</maml:ui> check box.</maml:para>
<maml:para><maml:phrase>Additional considerations</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>If the <maml:ui>Success</maml:ui> and <maml:ui>Failure</maml:ui> auditing check boxes are unavailable, the <maml:ui>Define these policy settings</maml:ui> check box has probably been selected through a security policy that is acting at a higher level in AD DS. In this situation, you need to find out where the <maml:ui>Define these policy settings</maml:ui> check box is selected and clear the check box. To find this setting, look in the GPOs that affect the domain controller.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>After editing the GPOs, run the <maml:computerOutputInline>gpupdate</maml:computerOutputInline> command to ensure that the changes take effect immediately. </maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section><maml:section>
<maml:title>Auditing that is enabled by inheritance</maml:title><maml:introduction>
<maml:para>Any auditing obtained through inheritance takes place regardless of the local setting. For example, in the case of an authorization store that is stored in AD DS, auditing policy can be inherited from a parent organizational unit in AD DS. In the case of an XML-based authorization store, audit policy on the folder containing the XML file is applicable.</maml:para>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Choose Users or Groups with a Custom Object Picker</maml:title><maml:introduction>
<maml:para>With Authorization Manager, you can include users or groups from any source that can be defined or referenced by the Authorization Manager application programming interface (API). In order to include users and groups from external sources, you must write or acquire a custom object picker. A custom object picker is a software component that can be installed on your system to allow an Authorization Manager administrator to access data stored in an external application.</maml:para>
<maml:para>For more information, see <maml:navigationLink><maml:linkText>Authorization Manager Model</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkID=64027"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=64027).</maml:para>
<maml:para>The permissions required to perform this task will vary for each custom object picker.</maml:para>
<maml:procedure><maml:title>Choose users or groups with a custom object picker</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Install the custom object picker according to the instructions provided with the non-Microsoft software.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>The custom object picker will be added to the <maml:ui>Assign users and groups from</maml:ui> menu choices under the <maml:ui>Role Assignments</maml:ui> node and to the drop-down list in the <maml:ui>Members</maml:ui> and <maml:ui>Exclusions</maml:ui> tab of the properties sheet for basic application groups. Choose the entry installed by the custom object picker installation process.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Select users from the external source, according to the instructions provided with the custom object picker.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Resources for Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=1fd01896-c118-4c0e-949b-aad87ea063e5"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Set Authorization Manager Options</maml:title><maml:introduction>
<maml:para>Authorization Manager can operate in two modes: developer mode and administrator mode. </maml:para>
<maml:para>Administrator mode is the default, but before you can effectively use administrator mode, you need to define an application that includes all of the necessary group, role, operation, and task definitions. You do this in developer mode.</maml:para>
<maml:para>After you set up an application in developer mode, you do not have to use Authorization Manager in developer mode for that application. </maml:para>
<maml:para>To complete the following tasks, you must be in developer mode:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Create new authorization stores</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Create new applications</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Define or modify operations</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Change an application name</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Change the version information for an application</maml:para>
</maml:listItem>
</maml:list>
<maml:para>To change between administrator mode and developer mode, use the <maml:ui>Options</maml:ui> dialog box.</maml:para>
<maml:para><maml:phrase>Administrators</maml:phrase> is the minimum group membership required to complete this procedure. Review the details in "Additional considerations" in this topic.</maml:para>
<maml:procedure><maml:title>Set Authorization Manager options</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If necessary, start Authorization Manager.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, select the <maml:ui>Authorization Manager</maml:ui> node (the root node).</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Action</maml:ui> menu, click <maml:ui>Options</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click either <maml:ui>Developer mode</maml:ui> or <maml:ui>Administrator mode</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:para><maml:phrase>Additional considerations</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>By default, members of the local <maml:phrase>Administrators</maml:phrase> group have sufficient rights and privileges to complete this task. In your environment, security may be managed so that non-administrators have additional rights. </maml:para>
</maml:listItem>
</maml:list>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Start Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=4c026431-c042-4ccc-9761-a32f465ae684"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understanding Authorization Manager Application Groups</maml:title><maml:introduction>
<maml:para>In Authorization Manager, recipients of authorization policy are represented by the following different kinds of groups:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:phrase>Windows users and groups.</maml:phrase> These groups include users, computers, and built-in groups for security principals. Windows users and groups are used throughout Windows, not only in Authorization Manager.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:phrase>Application groups.</maml:phrase> These groups include basic application groups and Lightweight Directory Access Protocol (LDAP) query groups. Application groups are specific to Authorization Manager role-based administration. </maml:para>
</maml:listItem>
</maml:list>
<maml:alertSet class="important"><maml:title>Important </maml:title>
<maml:para>An application group is a group of users, computers, or other security principals. An application group is not a group of applications.</maml:para>
</maml:alertSet>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:phrase>LDAP query groups.</maml:phrase> Membership in these groups is dynamically calculated as needed from LDAP queries. An LDAP query group is a type of application group.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:phrase>Basic application groups.</maml:phrase> These groups are defined in terms of LDAP query groups, Windows users and groups, and other basic application groups. A basic application group is a type of application group.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:phrase>Business rule application group.</maml:phrase> These groups are defined by a script written in either VBScript or JScript, and result in group membership being determined dynamically at run time according to criteria you define.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Windows users and groups</maml:title><maml:introduction>
<maml:para>For more information about groups in Active Directory Domain Services (AD DS), see <maml:navigationLink><maml:linkText>Role-Based Access Control for Multi-tier Applications Using Authorization Manager</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=64287"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=64287). For more information about security principals that are not stored in AD DS, see the <maml:navigationLink><maml:linkText>Security Principals Technical Reference</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=129213"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=129213).</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Application groups</maml:title><maml:introduction>
<maml:para>When you create a new application group, you need to determine whether you want it to be an LDAP query group or a basic application group. For Authorization Manager role-based applications, any authorization you can do with Windows users and groups can also be done with application groups. </maml:para>
<maml:para>Circular membership definitions are not allowed, and result in the error message "Cannot add <Group name>. The following problem occurred: A loop has been detected."</maml:para>
</maml:introduction>
<maml:sections>
<maml:section>
<maml:title>LDAP query groups</maml:title><maml:introduction>
<maml:para>In Authorization Manager, you can use LDAP queries to find objects in AD DS, Active Directory Lightweight Directory Services (AD LDS), and other LDAP-compliant directories.</maml:para>
<maml:para>You can use an LDAP query to specify an LDAP query group by typing the desired LDAP query in the space provided on the <maml:ui>Query</maml:ui> tab of the <maml:ui>Properties</maml:ui> dialog box of the application group.</maml:para>
<maml:para>Authorization Manager supports two types of LDAP queries that can be used to define an LDAP query group: Authorization Manager version 1 queries and LDAP URL queries.</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:phrase>Authorization Manager version 1 LDAP queries</maml:phrase></maml:para>
<maml:para>Version 1 LDAP queries provide limited support for the LDAP URL query syntax described in RFC 2255. These queries are limited to querying the attribute list of the user object specified in the current client context.</maml:para>
<maml:para>For example, the following query finds everyone except Andy:</maml:para>
<maml:para><maml:replaceable>(&(objectCategory=person)(objectClass=user)(!cn=andy))</maml:replaceable>.</maml:para>
<maml:para>This query evaluates if the client is a member of the StatusReports alias at northwindtraders.com:</maml:para>
<maml:para><maml:replaceable>(memberOf=CN=StatusReports,OU=Distribution Lists,DC=nwtraders,DC=com)</maml:replaceable></maml:para>
<maml:para>Authorization Manager continues to support version 1 queries so that solutions developed by using earlier versions of Authorization Manager can be upgraded with less effort.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:phrase>LDAP URL queries</maml:phrase></maml:para>
<maml:para>In order to remove limitations on objects and attributes that can be searched, Authorization Manager supports an LDAP URL query syntax based on RFC 2255. This allows you to create LDAP query groups that use directory objects other than the current user object as the root of the search.</maml:para>
<maml:para>An LDAP URL begins with the protocol prefix "ldap" and follows this format:</maml:para>
</maml:listItem>
</maml:list>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para> Distinguished name is also known as DN.</maml:para>
</maml:alertSet>
<maml:para><maml:replaceable>ldap://<server:port>/<baseObjectDN>?<attributes>?<queryScope>?<Filter></maml:replaceable></maml:para>
<maml:para>Specifically, the following grammar is supported:</maml:para>
<dev:code> ldapurl = scheme "://" [hostport] ["/"<br xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5" xmlns:xlink="http://www.w3.org/1999/xlink" /> [dn ["?" [attributes] ["?" [scope]<br xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5" xmlns:xlink="http://www.w3.org/1999/xlink" /> ["?" [filter]]]]]]<br xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5" xmlns:xlink="http://www.w3.org/1999/xlink" /> scheme = "ldap"<br xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5" xmlns:xlink="http://www.w3.org/1999/xlink" /> attributes = attrdesc *("," attrdesc)<br xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5" xmlns:xlink="http://www.w3.org/1999/xlink" /> scope = "base" / "one" / "sub"<br xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5" xmlns:xlink="http://www.w3.org/1999/xlink" /> dn = distinguishedName <br xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5" xmlns:xlink="http://www.w3.org/1999/xlink" /> hostport = hostport <br xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5" xmlns:xlink="http://www.w3.org/1999/xlink" /> attrdesc = AttributeDescription <br xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5" xmlns:xlink="http://www.w3.org/1999/xlink" /> filter = filter </dev:code>
<maml:para>For example, the following query returns users whose company attribute is set to "FabCo," from the LDAP server running on port 389 on a host named "fabserver":</maml:para>
<maml:para><maml:replaceable>ldap://fabserver:389/OU=Customers,DC=FABCO-PN,DC=com?*?sub?(&(company=FabCo)(objectClass=user)(objectCategory=user))</maml:replaceable></maml:para>
<maml:para>When using an LDAP URL query, you can use the special placeholder value <maml:replaceable>%AZ_CLIENT_DN%.</maml:replaceable> This placeholder is replaced with the distinguished name (DN) of the client making the access check. This allows you to construct queries which return objects from the directory based on their relationship to the distinguished name of the client making the request. </maml:para>
<maml:para>In this example, the LDAP query tests whether the user is a member of the "Customers" OU:</maml:para>
<maml:para><maml:replaceable>ldap://server:<port>/OU=Customers,DC=FABCO-PN,DC=com?(objectclass=*)?sub?(& (objectClass=user)(objectCategory=user) (distinguishedName= %AZ_CLIENT_DN% ))</maml:replaceable></maml:para>
<maml:para>In this example, the LDAP query tests whether the user is a direct report of a manager named "SomeManager" and that the "searchattribute" of SomeManager is equal to the particular value "searchvalue":</maml:para>
<maml:para><maml:replaceable>ldap://server:port/Cn=SomeManager,OU=Users,DC=FABCO-PN,DC=com?(objectclass=*)?base?(&(searchattribute= searchvalue) (directreports = %AZ_CLIENT_DN%))</maml:replaceable></maml:para>
<maml:para>For more information about the syntax of an LDAP URL query, refer to the text of <maml:navigationLink><maml:linkText>RFC 2255</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?linkid=65973"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=65973). </maml:para>
<maml:alertSet class="important"><maml:title>Important </maml:title>
<maml:para>If the LDAP query starts with "ldap," it is treated as an LDAP URL query. If it starts with anything else, it is treated as a version 1 query.</maml:para>
</maml:alertSet>
</maml:introduction></maml:section>
<maml:section>
<maml:title>Basic application groups</maml:title><maml:introduction>
<maml:para>Basic application groups are specific to Authorization Manager.</maml:para>
<maml:para>To define basic application group membership, you need to:</maml:para>
<maml:list class="ordered">
<maml:listItem>
<maml:para>Define who is a member.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Define who is not a member.</maml:para>
</maml:listItem>
</maml:list>
<maml:para>Both of these steps are carried out in the same way: </maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>First, you specify zero or more Windows users and groups, previously defined basic application groups, or LDAP query groups. </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Second, the membership of the basic application group is calculated by removing any nonmembers from the group. Authorization Manager does this automatically at run time.</maml:para>
</maml:listItem>
</maml:list>
<maml:alertSet class="important"><maml:title>Important </maml:title>
<maml:para>Non-membership in a basic application group takes precedence over membership.</maml:para>
</maml:alertSet>
</maml:introduction></maml:section>
<maml:section>
<maml:title>Business rule application groups</maml:title><maml:introduction>
<maml:para>Business rule application groups are specific to Authorization Manager.</maml:para>
<maml:para>To define business rule application group membership, you must write a script in either VBScript or JScript. The script source code is loaded from a text file on the <maml:ui>Properties</maml:ui> page of the business rule application group.</maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Command-line syntax notation</maml:title><maml:introduction>
<maml:para>The following table describes the notation used to indicate command-line syntax.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Notation</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Text without brackets or braces</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Items you must type as shown</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><Text inside angle brackets></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Placeholder for which you must supply a value</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>[Text inside square brackets]</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Optional items</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>{Text inside braces}</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Set of required items; choose one</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Vertical bar (|)</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Separator for mutually exclusive items; choose one</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Ellipsis (…)</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Items that can be repeated</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Synchronize the Authorization Manager Console</maml:title><maml:introduction>
<maml:para>If more than one user or process is modifying an authorization store, you will not see changes immediately in all instances of the Authorization Manager console. This occurs because the Authorization Manager console keeps a cached copy of the authorization store in memory.</maml:para>
<maml:para>Two commands are available to synchronize the view seen in the Authorization Manager console: refresh and reload.</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>The refresh command synchronizes the console view with the cached copy. </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>The reload command synchronizes the cached copy with the actual authorization store, and synchronizes the console view with the new cached copy.</maml:para>
</maml:listItem>
</maml:list>
<maml:para>Any account that can run the Authorization Manager console can complete this task.</maml:para>
<maml:procedure><maml:title>Refresh the Authorization Manager console</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, right-click the item that you want to refresh, and then click <maml:ui>Refresh</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:procedure><maml:title>Reload an authorization store</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, right-click the name of the authorization store, and then click <maml:ui>Reload</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Checklist: Before You Start Using Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=d7145ff2-d560-498d-89e0-a10359799da5"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Stores</maml:linkText><maml:uri href="mshelp://windows/?id=57075178-e06b-44b9-a0cd-588c244fe704"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Start Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=4c026431-c042-4ccc-9761-a32f465ae684"></maml:uri></maml:navigationLink> </maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>New Role Definition Dialog Box</maml:title><maml:introduction>
<maml:para>The following table describes the UI elements for this dialog box.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Name</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides a space for you to type the name of the new role definition (for example, Account Manager). </maml:para>
<maml:para>A role definition is a collection of permissions in tasks and operations. You are prevented from entering a name that already exists in this scope. It cannot contain any of the characters \ / : * ? " < > | and [Tab]. The name of a role definition has a maximum size limit of 64 bytes.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides a space for you to type the description of the new role definition. </maml:para>
<maml:para>The description does not affect the functionality of Authorization Manager and should be meaningful to you. The description has a maximum size limit of 1,024 bytes.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Add</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Adds a task to the role definition (for example, "Change Password"). </maml:para>
<maml:para>A task is a collection of operations required to do specific types of work that are meaningful to the administrator.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Remove</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Removes the selected task or role from the definition. To make this button available, click an item in the list.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>The tasks and lower-level roles that define this role</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Lists the tasks and specific roles that define this role. For example, a task called "Reset Password" might be part of a role called "Account Manager."</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Authorization Rule</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Click to create an authorization rule for the role definition. An authorization rule is written in VBscript or JScript, and makes an authorization decision based on application group membership and the application-specific data that is relevant and current when the script is run.</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Role, Task, and Operation Definitions</maml:linkText><maml:uri href="mshelp://windows/?id=2fc7ad83-7967-44be-88ef-c2c517952043"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title><Authorization Rule or Business Rule> Property Sheet</maml:title><maml:introduction>
<maml:para>The following table describes the UI elements for this dialog box.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Script source code</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Shows the source code for the rule. You cannot edit the code in this field, so you must write your scripts in a text editor and then upload them.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Script path</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides a space for you to type the path to a file containing the script code for the rule. Once you load the script into the authorization store, its source code will be displayed.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Browse</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Opens the <maml:ui>Browse</maml:ui> dialog box so that you can browse to the file containing the script for the rule.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Script type</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the scripting language used to create the rule.</maml:para>
<maml:para><maml:ui>VBScript</maml:ui></maml:para>
<maml:para>Specifies that the VBScript language is being used for the rule. </maml:para>
<maml:para>For example, the following VBscript code always grants permission:</maml:para>
<maml:para><maml:computerOutputInline>AzBizRuleContext.BusinessRuleResult = True</maml:computerOutputInline></maml:para>
<maml:para><maml:ui>JScript</maml:ui></maml:para>
<maml:para>Specifies that the JScript language is being used for the rule. For example, the following JScript always grants permission: </maml:para>
<maml:para><maml:computerOutputInline>AzBizRuleContext.BusinessRuleResult = true;</maml:computerOutputInline></maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Reload Rule into Store</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Reloads the rule into the store from the file provided in the <maml:ui>Script path</maml:ui>, and displays the source code.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Clear Rule from Store</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Removes the rule from the store.</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional considerations</maml:phrase></maml:para>
<maml:list class="unordered"><maml:listItem><maml:para>When used to define members of an application group, a script is called a <maml:ui>business rule</maml:ui>. When used to define a role or task, a script is called an <maml:ui>authorization rule</maml:ui>.</maml:para></maml:listItem>
<maml:listItem><maml:para>The use of business rules and authorization rules on each client computer is controlled by a registry setting. In this version of Windows, rules are disabled by default. In versions of Windows earlier than Windows Server 2008, they are enabled by default. For more information, see <maml:navigationLink><maml:linkText>Controlling Authorization by Using Authorization Rules and Business Rules</maml:linkText><maml:uri href="mshelp://windows/?id=2193b1ca-331a-40fb-affe-9cf9abc2a6ae"></maml:uri></maml:navigationLink>.</maml:para></maml:listItem>
<maml:listItem><maml:para>In addition, you can also disable rules entirely for an authorization store on the <maml:ui>Limits</maml:ui> tab of the authorization store properties sheet. For more information, see <maml:navigationLink><maml:linkText>Understanding Authorization Manager Store Limits</maml:linkText><maml:uri href="mshelp://windows/?id=93a693c7-e3de-4cf7-95e6-fb6491fc4f31"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Rules and Business Rules</maml:linkText><maml:uri href="mshelp://windows/?id=cda23592-f7c5-47d8-a6cc-e84d4210d431"></maml:uri></maml:navigationLink> </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Controlling Authorization by Using Authorization Rules and Business Rules</maml:linkText><maml:uri href="mshelp://windows/?id=2193b1ca-331a-40fb-affe-9cf9abc2a6ae"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Store Limits</maml:linkText><maml:uri href="mshelp://windows/?id=93a693c7-e3de-4cf7-95e6-fb6491fc4f31"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title><Task Name> Definition Property Sheet: General Tab</maml:title><maml:introduction>
<maml:para>The following table describes the UI elements for this dialog box.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Name</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides a space for you to type the name of the task.</maml:para>
<maml:para>You are prevented from entering a name that already exists in this scope. The name of a task has a maximum size limit of 64 bytes.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides a space for you to type the description of the task. </maml:para>
<maml:para>The description does not affect the functionality of Authorization Manager. Choose a description that is meaningful to you. The description has a maximum size limit of 1,024 bytes.</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Role, Task, and Operation Definitions</maml:linkText><maml:uri href="mshelp://windows/?id=2fc7ad83-7967-44be-88ef-c2c517952043"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Add Definition Dialog Box: Roles Tab</maml:title><maml:introduction>
<maml:para>A role can include other roles. For example, the role of "shapes" might include the role of "square" along with the role of "triangle" and the role of "circle."</maml:para>
<maml:para>The following table describes the UI elements for this dialog box.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Select the role definitions to add</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Lists the roles defined in the authorization store. </maml:para>
<maml:para>To include a defined role, select the check box beside an existing role definition.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>A role cannot be added to itself, either directly or indirectly. If you try to add a role to itself, you will receive an error message. </maml:para>
</maml:alertSet>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Role, Task, and Operation Definitions</maml:linkText><maml:uri href="mshelp://windows/?id=2fc7ad83-7967-44be-88ef-c2c517952043"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Add an Authorization Rule to a Role Definition</maml:title><maml:introduction>
<maml:para>Authorization rules can be used to define a task or a role. For information about using rules, see "Additional references" in this topic.</maml:para>
<maml:para>You must be assigned to the Authorization Manager <maml:phrase>Administrator</maml:phrase> user role to complete this procedure. By default, <maml:phrase>Administrators</maml:phrase> is the minimum Windows group membership assigned to this role. Review the details in "Additional considerations" in this topic.</maml:para>
<maml:procedure><maml:title>Add an authorization rule to a task definition</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If necessary, open Authorization Manager.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If necessary, open or create an authorization store containing an application.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, expand the application, expand the <maml:ui>Definitions</maml:ui> folder, and then click <maml:ui>Role Definitions</maml:ui>. Rules may be used with either application-level or scope-level roles.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the list of tasks, right-click a role, and click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the property sheet, click the <maml:ui>Definition</maml:ui> tab.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Authorization Rule</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Script path</maml:ui> box, type the location and name of a text file containing the source code for the script you want to load, or click <maml:ui>Browse</maml:ui> to locate the file.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click either <maml:ui>VBScript</maml:ui> or <maml:ui>Jscript</maml:ui> as the <maml:ui>Script type</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Reload Rule into Store</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:para><maml:phrase>Additional considerations</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To perform this procedure, you need to have access to an authorization store. By default, members of the <maml:phrase>Administrators</maml:phrase> group have the required access, but Authorization Manager allows you to delegate responsibility. For more information, see <maml:navigationLink><maml:linkText>Allow Other Users to Administer an Authorization Store</maml:linkText><maml:uri href="mshelp://windows/?id=a1f5e7f1-97e2-4a67-a83f-7d869ef4aff4"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>To perform this procedure by using the Authorization Manager snap-in, you must be using developer mode.</maml:para>
</maml:listItem>
</maml:list>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Rules and Business Rules</maml:linkText><maml:uri href="mshelp://windows/?id=cda23592-f7c5-47d8-a6cc-e84d4210d431"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Role, Task, and Operation Definitions</maml:linkText><maml:uri href="mshelp://windows/?id=2fc7ad83-7967-44be-88ef-c2c517952043"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understanding Authorization Manager Store Limits</maml:title><maml:introduction>
<maml:para>You can configure each Authorization Manager store with several specific limits. This allows you to fine-tune the performance of Authorization Manager in your own environment. The default values are recommended unless you have a specific requirement.</maml:para>
<maml:para>You can configure limits on authorization rules and on Lightweight Directory Access Protocol (LDAP) query timeouts. </maml:para>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Authorization rule limits</maml:title><maml:introduction>
<maml:para>You can choose to disable all authorization rules. If rules are enabled, you can specify a timeout value to limit the amount of time the system will wait for an authorization rule or business rule script to complete.</maml:para>
<maml:para>If you disable authorization rules by using this setting, all clients using this Authorization Manager store are affected. Individual clients are also affected by the registry setting described in <maml:navigationLink><maml:linkText>Understanding Authorization Rules and Business Rules</maml:linkText><maml:uri href="mshelp://windows/?id=cda23592-f7c5-47d8-a6cc-e84d4210d431"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Using and Managing the Authorization Manager Snap-In</maml:title><maml:introduction>
<maml:para>The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console, or add it to any MMC console. </maml:para>
<maml:para>This section contains:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Add the Authorization Manager Snap-In to MMC</maml:linkText><maml:uri href="mshelp://windows/?id=a364ca04-413a-4681-971a-7b727c7e4fa4"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Start Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=4c026431-c042-4ccc-9761-a32f465ae684"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Set Authorization Manager Options</maml:linkText><maml:uri href="mshelp://windows/?id=7b83af3f-b3c8-481d-8558-e32a7447a367"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Synchronize the Authorization Manager Console</maml:linkText><maml:uri href="mshelp://windows/?id=811e933b-a029-421e-9b55-81f2586fe2b2"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Create an Authorization Manager Application</maml:title><maml:introduction>
<maml:para>An authorization store can contain authorization policy information for many applications in a single policy store. All applications in one authorization store can access all of the groups defined at the store level.</maml:para>
<maml:para>You must be assigned to the Authorization Manager <maml:phrase>Administrator</maml:phrase> user role to complete this procedure. By default, <maml:phrase>Administrators</maml:phrase> is the minimum Windows group membership assigned to this role. Review the details in "Additional considerations" in this topic.</maml:para>
<maml:procedure><maml:title>Create an Authorization Manager application</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If necessary, open Authorization Manager.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If necessary, open or create an authorization store.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If Authorization Manager is in administrator mode, switch to developer mode.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, right-click the name of the authorization store, and then click <maml:ui>New Application</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Name</maml:ui> box, type a name for your application. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If desired, type a description and version information.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:para><maml:phrase>Additional considerations</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To perform this procedure, you need to have access to an authorization store. By default, members of the <maml:phrase>Administrators</maml:phrase> group have the required access, but Authorization Manager allows you to delegate responsibility. For more information, see <maml:navigationLink><maml:linkText>Allow Other Users to Administer an Authorization Store</maml:linkText><maml:uri href="mshelp://windows/?id=a1f5e7f1-97e2-4a67-a83f-7d869ef4aff4"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem>
</maml:list>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Applications</maml:linkText><maml:uri href="mshelp://windows/?id=11edca2e-bedf-4fc4-bf8b-3083efbbb5e3"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText><Application Name> Property Sheet: General Tab</maml:linkText><maml:uri href="mshelp://windows/?id=316142b3-d6d7-40ec-beb1-b2fd8f2e2521"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Allow Other Users to Administer an Authorization Store</maml:title><maml:introduction>
<maml:para>You may want to allow additional people to manage your authorization store without granting them additional rights in the operating system. To do so, use the following procedure.</maml:para>
<maml:para>You must be assigned to the Authorization Manager <maml:phrase>Administrator</maml:phrase> user role to complete this procedure. By default, <maml:phrase>Administrators</maml:phrase> is the minimum Windows group membership assigned to this role. Review the details in "Additional considerations" in this topic.</maml:para>
<maml:procedure><maml:title>Allow other users to administer an authorization store</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If necessary, open Authorization Manager.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If necessary, create or open an authorization store.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, right-click the authorization store, and then click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Properties</maml:ui> dialog box, click the <maml:ui>Security</maml:ui> tab.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Under <maml:ui>Authorization Manager user role</maml:ui>, click <maml:ui>Administrator</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Under <maml:ui>Users and groups that are assigned to this role</maml:ui>, click <maml:ui>Add</maml:ui> or <maml:ui>Remove</maml:ui> to add or remove users and groups to which you want to assign the Administrator role.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:para><maml:phrase>Additional considerations</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To perform this procedure, you need to have access to an authorization store. By default, members of the <maml:phrase>Administrators</maml:phrase> group have the required access, but Authorization Manager allows you to delegate responsibility. For more information, see "Additional references" in this topic.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Any user or group who is assigned to the <maml:ui>Policy Administrator</maml:ui>, <maml:ui>Policy Reader,</maml:ui> or <maml:ui>Policy Delegated User</maml:ui> role at any level (store, application, or scope) for an Authorization Manager store that is stored in an Active Directory Lightweight Directory Services (AD LDS) partition must also be added to the AD LDS <maml:ui>Reader</maml:ui> role of that AD LDS partition. AD LDS was formerly known as Active Directory/Application Mode (ADAM).</maml:para>
</maml:listItem>
</maml:list>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText><Store Name> Property Sheet: Security Tab</maml:linkText><maml:uri href="mshelp://windows/?id=140e185a-d024-41da-a651-b681e8e6f6e2"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Stores</maml:linkText><maml:uri href="mshelp://windows/?id=57075178-e06b-44b9-a0cd-588c244fe704"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Applications</maml:linkText><maml:uri href="mshelp://windows/?id=11edca2e-bedf-4fc4-bf8b-3083efbbb5e3"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Start Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=4c026431-c042-4ccc-9761-a32f465ae684"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Add the Authorization Manager Snap-In to MMC</maml:title><maml:introduction>
<maml:para>The Authorization Manager console is a Microsoft Management Console (MMC) snap-in. You can run the Authorization Manager console as a stand-alone console, or add it to any MMC console.</maml:para>
<maml:para><maml:phrase>Administrators</maml:phrase> is the minimum group membership required to complete this procedure. Review the details in "Additional considerations" in this topic.</maml:para>
<maml:procedure><maml:title>Add the Authorization Manager snap-in to MMC</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Start</maml:ui>, type <maml:computerOutputInline>mmc</maml:computerOutputInline> in the <maml:ui>Start Search</maml:ui> box, and press ENTER.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If the <maml:ui>User Account Control</maml:ui> dialog box appears, verify the information presented, and then provide the requested permission or credentials.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>File</maml:ui> menu, click <maml:ui>Add/Remove Snap-in</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Available snap-ins</maml:ui> box, click <maml:ui>Authorization Manager</maml:ui>, and then click <maml:ui>Add</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:para><maml:phrase>Additional considerations</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Depending on the configuration of your computer, the <maml:ui>User Account Control</maml:ui> dialog box may or may not appear. It will not appear if you are logged in with the built-in Administrator account (the local Administrator account is disabled by default in this version of Windows).</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>By default, members of the local <maml:phrase>Administrators</maml:phrase> group have sufficient rights and privileges to complete this task. In your environment, security may be managed so that non-administrators have additional rights. </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>If User Account Control is enabled, it can be configured to allow non-administrators to enter the credentials of an administrator to complete administrative tasks without being a member of the <maml:phrase>Administrators</maml:phrase> group. </maml:para>
</maml:listItem>
</maml:list><maml:para><maml:phrase>Additional references</maml:phrase></maml:para><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Start Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=4c026431-c042-4ccc-9761-a32f465ae684"></maml:uri></maml:navigationLink></maml:para></maml:listItem><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Set Authorization Manager Options</maml:linkText><maml:uri href="mshelp://windows/?id=7b83af3f-b3c8-481d-8558-e32a7447a367"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Assign a Windows User or Group to a Role</maml:title><maml:introduction>
<maml:para>To effectively use Authorization Manager to control access to resources, you must define which groups of users are associated with which roles. To assign a Windows user or group to a role, use the following procedure.</maml:para>
<maml:para>You must be assigned to the Authorization Manager <maml:phrase>Administrator</maml:phrase> user role to complete this procedure. By default, <maml:phrase>Administrators</maml:phrase> is the minimum Windows group membership assigned to this role. Review the details in "Additional considerations" in this topic.</maml:para>
<maml:procedure><maml:title>Assign a Windows user or group to a role</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If necessary, open Authorization Manager.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If necessary, open or create an authorization store.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, right-click <maml:ui>Role Assignments</maml:ui>, under either an application or a scope, and click <maml:ui>New role assignment</maml:ui>. The Role Assignments folder is used as a container to link groups to roles. Not all roles have groups associated with them because roles can be combined into larger roles.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Select the role to which you want to assign groups by selecting the check box beside the name of the appropriate role definition, and then click <maml:ui>OK</maml:ui>. The same role definition can be added to the Role Assignments container more than once. This allows flexibility in managing your assignments.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If desired, change the display name of the role assignment by right-clicking it in the list of role assignments, click <maml:ui>Properties</maml:ui>, and type the new display name.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the list of role assignments, right-click the role assignment from the previous steps, point to <maml:ui>Assign Users and Groups</maml:ui>, and then click <maml:ui>From Windows and Active Directory</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Enter the object names to select</maml:ui> box, type the user names of the desired members. Alternatively, you can search Active Directory Domain Services (AD DS) by clicking <maml:ui>Advanced</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:para><maml:phrase>Additional considerations</maml:phrase></maml:para>
<maml:list class="unordered"><maml:listItem><maml:para>To perform this procedure, you need to have access to an authorization store. By default, members of the <maml:phrase>Administrators</maml:phrase> group have the required access, but Authorization Manager allows you to delegate responsibility. For more information, see "Additional references" in this topic.</maml:para></maml:listItem></maml:list>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Role Assignments</maml:linkText><maml:uri href="mshelp://windows/?id=41a112a6-1b0c-4994-a2b5-5fe1ccb81adb"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Assign an Application Group to a Role</maml:linkText><maml:uri href="mshelp://windows/?id=d1397e5e-8bdd-415d-b67d-bbb19aeeeee2"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Application Groups</maml:linkText><maml:uri href="mshelp://windows/?id=7c373b4c-7124-420b-82b2-d62528ceec58"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Change the Properties of an Authorization Store</maml:title><maml:introduction>
<maml:para>Each authorization store has a number of properties that can be changed. To view or change the properties of an authorization store, use the following procedure.</maml:para>
<maml:para>You must be assigned to the Authorization Manager <maml:phrase>Administrator</maml:phrase> user role to complete this procedure. By default, <maml:phrase>Administrators</maml:phrase> is the minimum Windows group membership assigned to this role. Review the details in "Additional considerations" in this topic.</maml:para>
<maml:procedure><maml:title>To edit the properties of an authorization store </maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Authorization Manager.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, right-click the authorization store that you want to edit, and then click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Properties</maml:ui> dialog box, modify the settings that you want to change. For information about each property setting, see "Additional references" in this topic.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:para><maml:phrase>Additional considerations</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To perform this procedure, you need to have access to an authorization store. By default, members of the <maml:phrase>Administrators</maml:phrase> group have the required access, but Authorization Manager allows you to delegate responsibility. For more information, see "Additional references" in this topic.</maml:para>
</maml:listItem>
</maml:list>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Stores</maml:linkText><maml:uri href="mshelp://windows/?id=57075178-e06b-44b9-a0cd-588c244fe704"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText><Store Name> Property Sheet: General Tab</maml:linkText><maml:uri href="mshelp://windows/?id=11df9361-ad81-4d8b-90c2-19e599f621f0"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText><Store Name> Property Sheet: Limits Tab</maml:linkText><maml:uri href="mshelp://windows/?id=b89a3969-418e-4224-972d-d40bf5b3f7ed"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText><Store Name> Property Sheet: Security Tab</maml:linkText><maml:uri href="mshelp://windows/?id=140e185a-d024-41da-a651-b681e8e6f6e2"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText><Application or Store Name> Property Sheet: Auditing Tab</maml:linkText><maml:uri href="mshelp://windows/?id=cf8cc355-d055-4536-92f6-22813ef42b3c"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Start Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=4c026431-c042-4ccc-9761-a32f465ae684"></maml:uri></maml:navigationLink> </maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Options Dialog Box</maml:title><maml:introduction>
<maml:para>The Authorization Manager console operates in either developer mode or administrator mode. Administrator mode is the default.</maml:para>
<maml:para>Before you can use administrator mode, you need to provide an application that supports roles, includes all of the necessary operation and task definitions, includes its own authorization store, and is ready for use in Authorization Manager. </maml:para>
<maml:para>After you set up an application in developer mode, you do not have to use Authorization Manager in developer mode for that application.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Developer mode</maml:title><maml:introduction>
<maml:para>In developer mode, you can create, deploy, and maintain applications. With developer mode, you have unrestricted access to all features. </maml:para>
<maml:para>You must be in developer mode to do any of the following tasks:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Create new authorization stores</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Create new applications</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Define or modify operations</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Change an application name</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Change the version information for an application</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Delete an application</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section><maml:section>
<maml:title>Administrator mode</maml:title><maml:introduction>
<maml:para>In administrator mode, you can deploy and maintain applications.</maml:para>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Set Authorization Manager Options</maml:linkText><maml:uri href="mshelp://windows/?id=7b83af3f-b3c8-481d-8558-e32a7447a367"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Overview of Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=b42ada63-88c6-4924-aa45-c8abef160975"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>New Task Dialog Box</maml:title><maml:introduction>
<maml:para>A task is a collection of operations or other tasks that are meaningful to an administrator as a unit of work requiring authorization. By contrast, operations might be meaningful only to application developers. </maml:para>
<maml:para>The following table describes the UI elements for this dialog box.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Name</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides a space for you to type the name of the new task.</maml:para>
<maml:para>You are prevented from entering a name that already exists in this scope. It cannot contain any of the characters \ / : * ? " < > | and [Tab]. The name of a task has a maximum size limit of 64 bytes.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides a space for you to type the description of the new task. </maml:para>
<maml:para>The description does not affect the functionality of Authorization Manager and should be meaningful to you. The description has a maximum size limit of 1,024 bytes.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>The operations and lower-level tasks that define this task</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Lists the operations and specific tasks that define this task.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Add</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Adds a task to the list.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Remove</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Removes the selected task or operation from the list. To make this button available, select an item in the list.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Authorization Rule</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Click to set an authorization rule for the task definition. An authorization rule determines whether the task is allowed. For example, the following VBScript always grants permission: </maml:para>
<maml:para><maml:replaceable>AzBizRuleContext.BusinessRuleResult = True</maml:replaceable></maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Role, Task, and Operation Definitions</maml:linkText><maml:uri href="mshelp://windows/?id=2fc7ad83-7967-44be-88ef-c2c517952043"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Overview of Authorization Manager</maml:title><maml:introduction>
<maml:para>Role-based access control enables you to assign users to roles and to keep track of what permissions have been given to each role. You can also apply very specific control by using scripts called authorization rules. Authorization rules enable you to control the relationship between access control and the structure of your organization.</maml:para>
<maml:para>Authorization Manager can help provide effective control of access to resources in many situations. Generally, two categories of roles often benefit from role-based administration: user authorization roles and computer configuration roles.</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:phrase>User authorization roles</maml:phrase> are based on a user's job function. You can use authorization roles to authorize access, to delegate administrative privileges, or to manage interaction with computer-based resources. For example, you might define a Treasurer role that includes the right to authorize expenditures and audit account transactions. </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:phrase>Computer configuration roles</maml:phrase> are based on a computer's function. You can use computer configuration roles to select features that you want to install, to enable services, and to select options. For example, computer configuration roles for servers might be defined for Web servers, domain controllers, file servers, and custom server configurations that are appropriate to your organization.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections><maml:section address="azman_modes_target">
<maml:title>Using developer mode and administrator mode in Authorization Manager</maml:title><maml:introduction>
<maml:para>With Authorization Manager, you can use the following two modes: </maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:phrase>Developer mode.</maml:phrase> In developer mode, you can create, deploy, and maintain applications. You have unrestricted access to all Authorization Manager features.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:phrase>Administrator mode.</maml:phrase> This is the default mode. In administrator mode, you can deploy and maintain applications. You have access to all Authorization Manager features, but you cannot create new applications or define operations.</maml:para>
</maml:listItem>
</maml:list>
<maml:para>Commonly, Authorization Manager is used by custom applications written for a specific purpose in your environment. These applications usually create, manage, and use an authorization store by calling the Authorization Manager application programming interfaces (APIs). In that case, you do not need to use developer mode. For more information about using Authorization Manager programmatically, see <maml:navigationLink><maml:linkText>Resources for Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=1fd01896-c118-4c0e-949b-aad87ea063e5"></maml:uri></maml:navigationLink>.</maml:para>
<maml:para>When you use developer mode, it is recommended that you run Authorization Manager in developer mode only until the authorization store, application, and other necessary objects are created and configured. After you initially set up Authorization Manager, run Authorization Manager in administrator mode. For more information about using developer or administrator mode, see <maml:navigationLink><maml:linkText>Set Authorization Manager Options</maml:linkText><maml:uri href="mshelp://windows/?id=7b83af3f-b3c8-481d-8558-e32a7447a367"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction></maml:section><maml:section address="azman_compared_target">
<maml:title>Comparing Authorization Manager to other management tools</maml:title><maml:introduction>
<maml:para>You can use Authorization Manager to implement multiple configuration and permission changes at once. Other management tools available with this version of Windows can also be used to configure access permissions, sometimes in ways comparable to Authorization Manager. These include:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:phrase>Access control lists.</maml:phrase> Access control lists (ACLs) on the <maml:ui>Security</maml:ui> properties tab can be used to manage access control policy for objects stored in Active Directory Domain Services (AD DS), Active Directory Lightweight Directory Services (AD LDS), and Windows objects. Authorization Manager differs from the Security properties tab by letting you base your access control on roles (usually based on particular job tasks), not just on group membership, and by tracking the permissions that have been granted.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:phrase>Delegation of Control Wizard.</maml:phrase> The Delegation of Control Wizard also sets multiple permissions automatically; however, unlike Authorization Manager, it does not provide a method to track or remove permissions that have been granted. </maml:para>
</maml:listItem>
</maml:list>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Resources for Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=1fd01896-c118-4c0e-949b-aad87ea063e5"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>What's New in Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=1f8f1a16-af60-4e44-8836-a6373b48fa67"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Checklist: Before You Start Using Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=d7145ff2-d560-498d-89e0-a10359799da5"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title><Operation Name> Properties Dialog Box</maml:title><maml:introduction>
<maml:para>Operations are permissions that are associated with security procedures. Operations are meaningful to authorization application developers, but might not be meaningful to administrators (for example, to read or write attributes of an object). </maml:para>
<maml:para>The following table describes the UI elements for this dialog box.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Name</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides a space to type the name of the operation definition. </maml:para>
<maml:para>The operation name must be unique to the authorization store. The name of an operation has a maximum size limit of 64 bytes.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides a space to type the description of the operation. The description does not affect the operation of Authorization Manager, so you should enter text that is meaningful to you.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Operation number</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides a space to type the operation number of the operation definition.</maml:para>
<maml:para>The application uses the operation number to identify the operation. </maml:para>
<maml:para>The value can range from 1 to 2,147,483,647.</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Role, Task, and Operation Definitions</maml:linkText><maml:uri href="mshelp://windows/?id=2fc7ad83-7967-44be-88ef-c2c517952043"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title><Store Name> Property Sheet: Limits Tab</maml:title><maml:introduction>
<maml:para>The following table describes the UI elements for this dialog box.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Authorization rules</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Allows you to specify the behavior of authorization rules defined in this store.</maml:para>
<maml:para>You can choose to disable all authorization rules. If rules are enabled, you can specify a timeout value to limit the amount of time the system will wait for an authorization rule script to complete. The following settings are available:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:ui>Disable</maml:ui></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:ui>Enable with no timeout value</maml:ui></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:ui>Enable with specified timeout value</maml:ui></maml:para>
</maml:listItem>
</maml:list>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Authorization rule timeout</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the authorization rule timeout, and provides a space for you to type the authorization rule timeout. </maml:para>
<maml:para>The value is specified in milliseconds. The value can range from 5,000 to 2,147,483,647. The default value of 45,000 milliseconds (45 seconds) or less is recommended.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>If you set the authorization rule timeout to 0, Authorization Manager will not use any authorization rules.</maml:para>
</maml:alertSet>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Maximum number of cached authorization rules</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the maximum number of cached authorization rules, and provides a space for you to type the maximum number of cached authorization rules. The value can range from 0 to 2,147,483,647. The default value of 120 is recommended.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>LDAP query timeout</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the Lightweight Directory Access Protocol (LDAP) query timeout, and provides a space for you to type the LDAP query timeout. The value is specified in milliseconds. The value can range from 500 to 2,147,483,647. The default value of 15,000 milliseconds (15 seconds) is recommended.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Use Default values</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Sets the LDAP query timeout, the authorization rule timeout, and the maximum number of cached authorization rules to their default values.</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Stores</maml:linkText><maml:uri href="mshelp://windows/?id=57075178-e06b-44b9-a0cd-588c244fe704"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Store Limits</maml:linkText><maml:uri href="mshelp://windows/?id=93a693c7-e3de-4cf7-95e6-fb6491fc4f31"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Add an Authorization Rule to a Task Definition</maml:title><maml:introduction>
<maml:para>Authorization rules can be used to define a task or a role. For information about using rules, see "Additional references" in this topic.</maml:para>
<maml:para>You must be assigned to the Authorization Manager <maml:phrase>Administrator</maml:phrase> user role to complete this procedure. By default, <maml:phrase>Administrators</maml:phrase> is the minimum Windows group membership assigned to this role. Review the details in "Additional considerations" in this topic.</maml:para>
<maml:procedure><maml:title>Add an authorization rule to a task definition</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If necessary, open Authorization Manager.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If necessary, open or create an authorization store containing an application.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, expand the application, expand the <maml:ui>Definitions</maml:ui> folder, and then click <maml:ui>Task Definitions</maml:ui>. Rules may be used with either application-level or scope-level tasks.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the list of tasks, right-click a task, and click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the property sheet, click the <maml:ui>Definition</maml:ui> tab.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Authorization Rule</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Script path</maml:ui> box, type the location and name of a text file containing the source code for the script you want to load, or click <maml:ui>Browse</maml:ui> to locate the file.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click either <maml:ui>VBScript</maml:ui> or <maml:ui>Jscript</maml:ui> as the <maml:ui>Script type</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Reload Rule into Store</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:para><maml:phrase>Additional considerations</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To perform this procedure, you need to have access to an authorization store. By default, members of the <maml:phrase>Administrators</maml:phrase> group have the required access, but Authorization Manager allows you to delegate responsibility. For more information, see <maml:navigationLink><maml:linkText>Allow Other Users to Administer an Authorization Store</maml:linkText><maml:uri href="mshelp://windows/?id=a1f5e7f1-97e2-4a67-a83f-7d869ef4aff4"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>To perform this procedure by using the Authorization Manager snap-in, you must be using developer mode.</maml:para>
</maml:listItem>
</maml:list>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Rules and Business Rules</maml:linkText><maml:uri href="mshelp://windows/?id=cda23592-f7c5-47d8-a6cc-e84d4210d431"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Role, Task, and Operation Definitions</maml:linkText><maml:uri href="mshelp://windows/?id=2fc7ad83-7967-44be-88ef-c2c517952043"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title><Group Name> Property Sheet: Members Tab</maml:title><maml:introduction>
<maml:para>The following table describes the UI elements for this property sheet.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Users and groups that are members of this group</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Lists the users and groups that are members of this group by name, type, and description.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Remove</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Removes the selected user, group, or application group. </maml:para>
<maml:para>To make the <maml:ui>Remove</maml:ui> button available, select an item in the list.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Select additional members from</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the source of members:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Security principals from the computer or from Active Directory Domain Services (AD DS)</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Other groups defined in Authorization Manager</maml:para>
</maml:listItem>
</maml:list>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>If you have installed a custom object picker, additional choices will be available. For more information, see "Additional references" in this topic.</maml:para>
</maml:alertSet>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Select</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Click to open a dialog box and select specific member objects.</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Choose Users or Groups with a Custom Object Picker</maml:linkText><maml:uri href="mshelp://windows/?id=6d2736d9-d803-423c-b376-29c04929d3ee"></maml:uri></maml:navigationLink> </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Application Groups</maml:linkText><maml:uri href="mshelp://windows/?id=7c373b4c-7124-420b-82b2-d62528ceec58"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>New Authorization Store Dialog Box</maml:title><maml:introduction>
<maml:para>This dialog box allows you to create a new authorization policy store.</maml:para>
<maml:para>The following table describes the UI elements for this dialog box.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Select the authorization store type</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:phrase>Active Directory</maml:phrase></maml:para>
<maml:para>Specifies that the new authorization store is in Active Directory Domain Services (AD DS). This type of authorization store is specified with a Lightweigt Directory Access Protocol (LDAP) distinguished name such as <maml:replaceable>CN=myStore,CN=Program Data,DN=nwtraders,DN=com</maml:replaceable>. You can also use a URL beginning with MSLDAP:// or MSXML://.</maml:para>
<maml:para><maml:phrase>XML file</maml:phrase></maml:para>
<maml:para>Specifies that the new authorization store is an XML file. </maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>XML stores do not support delegation.</maml:para>
</maml:alertSet>
<maml:para><maml:phrase>Microsoft SQL</maml:phrase></maml:para>
<maml:para>Specifies that the store is in a Microsoft SQL Server database. SQL Server database stores are specified with a URL beginning with the protocol prefix MSSQL:// followed by a connection string, database name, and policy store name in the format:</maml:para>
<maml:para>MSSQL<maml:replaceable>://<connection string>/<database name>/<policy store name></maml:replaceable></maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Authorization store schema</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Selects between a version 1.0 schema and a version 2.0 schema. If you have client applications that have been written for version 1, you should select <maml:ui>Schema version 1.0</maml:ui>. For more information about schema differences, see <maml:navigationLink><maml:linkText>What's New in Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=1f8f1a16-af60-4e44-8836-a6373b48fa67"></maml:uri></maml:navigationLink>.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Store Name</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides a space for you to type the store name.</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para> If the store is an XML file, the current working directory is displayed (for example, <maml:replaceable>C:\My Documents</maml:replaceable>) and you can type the rest of the path and file name. If you do not type the .xml extension, it is appended when saved. </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>If the store is in AD DS, type the LDAP distinguished name (for example, <maml:replaceable>CN=myStore,CN=Program Data,OU=sales,DC=northwindtraders,DC=com).</maml:replaceable> The distinguished name must be valid in AD DS. You can also use a URL beginning with MSLDAP:// or MSXML://.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>If the store is in an SQL Server database, type the URL used to access the database, in the format:</maml:para>
<maml:para>mssql<maml:replaceable>://<connection string>/<database name>/<policy store name></maml:replaceable></maml:para>
</maml:listItem>
</maml:list>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Locations…</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Click to browse to an authorization store location.</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Create an Authorization Store</maml:linkText><maml:uri href="mshelp://windows/?id=5a9cbc58-21a6-4946-a0a1-373d5edc264a"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Connect to an SQL-based Authorization Store</maml:linkText><maml:uri href="mshelp://windows/?id=0e8e5a95-1cdc-4876-b49c-f04a68f73128"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Stores</maml:linkText><maml:uri href="mshelp://windows/?id=57075178-e06b-44b9-a0cd-588c244fe704"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understanding Authorization Rules and Business Rules</maml:title><maml:introduction>
<maml:para>Authorization rules are scripts written in VBScript or JScript that you can include in role definitions and task definitions. An authorization rule determines whether the role or task is allowed. </maml:para>
<maml:para>By using authorization rules, you can base authorization decisions on any condition that a script can test. These may include privileges and permissions, time of day, billable expense limits, account balances, or other criteria.</maml:para>
<maml:para>Authorization Manager is not designed for writing or debugging authorization rules. You can write your scripts in a text editor (for example, Notepad), in an integrated development environment such as Visual Studio .NET, or in another application of your choice. Authorization rules are usually written by professional developers. </maml:para>
<maml:para>More information about creating authorization rules and using the Authorization Manager application programming interfaces (APIs, see <maml:navigationLink><maml:linkText>Authorization Manager Model</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?linkid=64027"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=64027). For additional suggested links, see <maml:navigationLink><maml:linkText>Resources for Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=1fd01896-c118-4c0e-949b-aad87ea063e5"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Controlling the use of business rules and authorization rules</maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Controlling use on each client</maml:title><maml:introduction>
<maml:para>Beginning with Windows Server 2008, the use of business rules and authorization rules can be controlled by a registry setting. Rules are disabled by default. Previous versions of Windows did not support this functionality. </maml:para>
<maml:para>Generally, you will use a setup program or a script run by the operating system to enable authorization rules and business rules if they are in use in your environment. </maml:para>
<maml:alertSet class="important"><maml:title>Important </maml:title>
<maml:para>This setting is controlled individually for each Authorization Manager application on each client.</maml:para>
</maml:alertSet>
<maml:para>The following is a sample script that enables or disables business rules and application rules for an application:</maml:para>
<maml:para><maml:codeInline>'</maml:codeInline></maml:para>
<maml:para><maml:codeInline>' Enabling or disabling BizRules</maml:codeInline><maml:codeInline> for an application</maml:codeInline></maml:para>
<maml:para><maml:codeInline>' This script uses Authorization Manager Administrative interfaces to enable or disable</maml:codeInline></maml:para>
<maml:para><maml:codeInline>' BizRules for a specified Authorization Manager application in a specified Authorization Manager policy store</maml:codeInline></maml:para>
<maml:para></maml:para>
<maml:para><maml:codeInline>On Error Resume Next</maml:codeInline></maml:para>
<maml:para></maml:para>
<maml:para><maml:codeInline>Set objArgs = WScript.Arguments</maml:codeInline></maml:para>
<maml:para></maml:para>
<maml:para><maml:codeInline>If objArgs.count <> 3 then</maml:codeInline></maml:para>
<maml:para><maml:codeInline> wscript.echo "Usage: SetBizRule ""AzManStoreURL"" ""AzApplicaitonName"" True/False"</maml:codeInline></maml:para>
<maml:para><maml:codeInline> wscript.echo "Example: SetBizRule ""msxml://d:\inetpub\wwwroot\AzStore.xml"" ""MyApp"" True"</maml:codeInline></maml:para>
<maml:para><maml:codeInline> wscript.echo "Run with 'cscript' command in cmd.exe to avoid msg boxes"</maml:codeInline></maml:para>
<maml:para><maml:codeInline>Else</maml:codeInline></maml:para>
<maml:para></maml:para>
<maml:para></maml:para>
<maml:para><maml:codeInline> ' VBScript source code</maml:codeInline></maml:para>
<maml:para><maml:codeInline> Dim AzStoreObj</maml:codeInline></maml:para>
<maml:para><maml:codeInline> Dim AzManStoreURL : AzManStoreURL = objArgs(0)</maml:codeInline></maml:para>
<maml:para><maml:codeInline> Dim AzManAppName : AzManAppName = objArgs(1)</maml:codeInline></maml:para>
<maml:para><maml:codeInline> Dim BizRulesEnabled : BizRulesEnabled = objArgs(2)</maml:codeInline></maml:para>
<maml:para></maml:para>
<maml:para></maml:para>
<maml:para><maml:codeInline> ' create azman object</maml:codeInline></maml:para>
<maml:para><maml:codeInline> Set AzStoreObj = CreateObject("AzRoles.AzAuthorizationStore")</maml:codeInline></maml:para>
<maml:para></maml:para>
<maml:para><maml:codeInline> If Err.Number > 0 Then</maml:codeInline></maml:para>
<maml:para><maml:codeInline> WScript.Echo "Can not create AzRoles.AzAuthorizationStore. Check Authorization Manager installation"</maml:codeInline></maml:para>
<maml:para><maml:codeInline> WScript.Quit</maml:codeInline></maml:para>
<maml:para><maml:codeInline> End If</maml:codeInline></maml:para>
<maml:para></maml:para>
<maml:para><maml:codeInline> ' initialize store for Administration</maml:codeInline></maml:para>
<maml:para><maml:codeInline> ' assumes store exists - if store is being created (e.g. an installing applicaion)</maml:codeInline></maml:para>
<maml:para><maml:codeInline> ' use the value 3 instead of 2 in the call to IAzAuthorizationStore::initialize</maml:codeInline></maml:para>
<maml:para></maml:para>
<maml:para><maml:codeInline> Err.Clear</maml:codeInline></maml:para>
<maml:para></maml:para>
<maml:para><maml:codeInline> AzStoreObj.Initialize 2, AzManStoreURL</maml:codeInline></maml:para>
<maml:para></maml:para>
<maml:para><maml:codeInline> If Err.Number <> 0 Then</maml:codeInline></maml:para>
<maml:para><maml:codeInline> WScript.Echo "AzRoles.AzAuthorizationStore failed to initialize. Check store URL"</maml:codeInline></maml:para>
<maml:para><maml:codeInline> WScript.Quit</maml:codeInline></maml:para>
<maml:para><maml:codeInline> End If</maml:codeInline></maml:para>
<maml:para><maml:codeInline> ' open applicaion</maml:codeInline></maml:para>
<maml:para><maml:codeInline> set AzApp = AzStoreObj.OpenApplication(AzManAppName)</maml:codeInline></maml:para>
<maml:para><maml:codeInline> If Err.Number <> 0 Then</maml:codeInline></maml:para>
<maml:para><maml:codeInline> WScript.Echo "AzRoles.AzAuthorizationStore failed to open application: " + AzManAppName + ". Check application Name."</maml:codeInline></maml:para>
<maml:para><maml:codeInline> WScript.Quit</maml:codeInline></maml:para>
<maml:para><maml:codeInline> End If</maml:codeInline></maml:para>
<maml:para></maml:para>
<maml:para><maml:codeInline> ' set BizRulesEnabled property</maml:codeInline></maml:para>
<maml:para><maml:codeInline> WSCript.Echo "App BizRule Before:" & AzApp.BizRulesEnabled</maml:codeInline></maml:para>
<maml:para><maml:codeInline> AzApp.BizRulesEnabled = BizRulesEnabled</maml:codeInline></maml:para>
<maml:para><maml:codeInline> WSCript.Echo "App BizRule After:" & AzApp.BizRulesEnabled</maml:codeInline></maml:para>
<maml:para></maml:para>
<maml:para><maml:codeInline> If Err.Number = 0 Then</maml:codeInline></maml:para>
<maml:para><maml:codeInline> WScript.Echo "BizRulesEnabled is updated successfully."</maml:codeInline></maml:para>
<maml:para><maml:codeInline> Else</maml:codeInline></maml:para>
<maml:para><maml:codeInline> WScript.Echo "BizRulesEnabled is NOT updated successfully."</maml:codeInline></maml:para>
<maml:para><maml:codeInline> End If</maml:codeInline></maml:para>
<maml:para></maml:para>
<maml:para><maml:codeInline>End if</maml:codeInline></maml:para>
</maml:introduction></maml:section>
<maml:section>
<maml:title>Controlling use for the entire authorization store</maml:title><maml:introduction>
<maml:para>By configuring the authorization rule limits on the <maml:ui>Limits</maml:ui> tab of the authorization store properties sheet, you can:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Disable authorization rules and business rules for the store.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Set a timeout value to limit the maximum length of time to allow a script to run.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Allow scripts to run with no timeout.</maml:para>
</maml:listItem>
</maml:list>
<maml:para> For more information, see <maml:navigationLink><maml:linkText>Understanding Authorization Manager Store Limits</maml:linkText><maml:uri href="mshelp://windows/?id=93a693c7-e3de-4cf7-95e6-fb6491fc4f31"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section><maml:section>
<maml:title>VBScript example</maml:title><maml:introduction>
<maml:para>The following is a VBScript authorization rule that always grants permission: </maml:para>
<maml:para><maml:replaceable>AzBizRuleContext.BusinessRuleResult = True</maml:replaceable></maml:para>
<maml:para>For more information about VBScript, see <maml:navigationLink><maml:linkText>VBScript</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?linkid=65964"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=65964). </maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>JScript example</maml:title><maml:introduction>
<maml:para>The following is a JScript authorization rule that always grants permission: </maml:para>
<maml:para><maml:replaceable>AzBizRuleContext.BusinessRuleResult = true;</maml:replaceable></maml:para>
<maml:para>For more information about JScript, see <maml:navigationLink><maml:linkText>JScript</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?linkid=65963"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=65963). </maml:para>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title><Application or Store Name> Property Sheet: Auditing Tab</maml:title><maml:introduction>
<maml:para>The following table describes the UI elements for this dialog box that you can enable when you configure auditing of an Authorization Manager store.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Runtime application initialization auditing</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies whether run-time auditing is enabled. </maml:para>
<maml:para>When you select this check box, the applications within the store generate both success audits and failure audits when they use policy from the store. </maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Authorization store change auditing </maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies whether policy store change auditing is enabled. </maml:para>
<maml:para>When you select this check box, only modifications to the authorization store itself are audited. The use of the policy does not generate an audit. Success and failure audits are both requested.</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para>The following table describes the UI elements for this dialog box that you can enable when you configure auditing of an Authorization Manager application. </maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Runtime client context and access check auditing</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies whether run-time auditing is enabled. </maml:para>
<maml:para>When you select this check box, Authorization Manager asks the application to generate both success and failure audits for each time client contexts are initialized or deleted, and for each time a client application calls for an access check.</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Auditing</maml:linkText><maml:uri href="mshelp://windows/?id=6857c310-c2fb-4f9d-9a4c-639f38ffab73"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Assign an Application Group to a Role</maml:title><maml:introduction>
<maml:para>To effectively use Authorization Manager to control access to resources, you must define which groups of users are associated with which roles. To assign an application group to a role, use the following procedure.</maml:para>
<maml:para>You must be assigned to the Authorization Manager <maml:phrase>Administrator</maml:phrase> user role to complete this procedure. By default, <maml:phrase>Administrators</maml:phrase> is the minimum Windows group membership assigned to this role. Review the details in "Additional considerations" in this topic.</maml:para>
<maml:procedure><maml:title>Assign an application group to a role</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If necessary, open Authorization Manager.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If necessary, open or create an authorization store.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, right-click <maml:ui>Role Assignments</maml:ui>, under either an application or a scope, and click <maml:ui>New role assignment</maml:ui>. The Role Assignments folder is used as a container to link groups to roles. Not all roles have groups associated with them because roles can be combined into larger roles.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Select the role to which you want to assign groups by selecting the check box beside the name of the role definitions, and then click <maml:ui>OK</maml:ui>. The same role definition can be added to the Role Assignments container more than once. This allows flexibility in managing your assignments.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If desired, change the display name of the role assignment by right-clicking it in the list of role assignments, click <maml:ui>Properties</maml:ui>, and type the new display name.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the list of role assignments, right-click the role assignment from the previous steps, point to <maml:ui>Assign Users and Groups</maml:ui>, and then click <maml:ui>From Authorization Manager</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Select the desired members from the <maml:ui>Add Groups</maml:ui> dialog box by selecting the check box beside each desired member.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:para><maml:phrase>Additional considerations</maml:phrase></maml:para>
<maml:list class="unordered"><maml:listItem><maml:para>To perform this procedure, you need to have access to an authorization store. By default, members of the <maml:phrase>Administrators</maml:phrase> group have the required access, but Authorization Manager allows you to delegate responsibility. For more information, see "Additional references" in this topic.</maml:para></maml:listItem></maml:list>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Role Assignments</maml:linkText><maml:uri href="mshelp://windows/?id=41a112a6-1b0c-4994-a2b5-5fe1ccb81adb"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Assign a Windows User or Group to a Role</maml:linkText><maml:uri href="mshelp://windows/?id=a554bec2-7ce7-45fb-a84c-063133141635"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Application Groups</maml:linkText><maml:uri href="mshelp://windows/?id=7c373b4c-7124-420b-82b2-d62528ceec58"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>User Interface: Authorization Manager</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Add Definition Dialog Box: Roles Tab</maml:linkText><maml:uri href="mshelp://windows/?id=8cf72d7f-b0ae-482f-b26c-9540c63cc8ec"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Add Definition Dialog Box: Tasks Tab</maml:linkText><maml:uri href="mshelp://windows/?id=1614b1cb-5f53-4175-a965-df24cf1982de"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Add Definition Dialog Box: Operations Tab</maml:linkText><maml:uri href="mshelp://windows/?id=e0b4ddb8-6422-471c-8c5b-12e6fea7cb35"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Add Groups Dialog Box</maml:linkText><maml:uri href="mshelp://windows/?id=0dda9d4b-2711-4a45-b98b-3b18b5e5e163"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText><Application Name> Property Sheet: General Tab</maml:linkText><maml:uri href="mshelp://windows/?id=316142b3-d6d7-40ec-beb1-b2fd8f2e2521"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText><Application or Store Name> Property Sheet: Auditing Tab</maml:linkText><maml:uri href="mshelp://windows/?id=cf8cc355-d055-4536-92f6-22813ef42b3c"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText><Authorization Rule or Business Rule> Property Sheet</maml:linkText><maml:uri href="mshelp://windows/?id=88a3d65b-8209-447c-8307-454c220accd8"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText><Group Name> Property Sheet: General Tab</maml:linkText><maml:uri href="mshelp://windows/?id=6519a260-0c63-4172-a1a5-d576581eb07e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText><Group Name> Property Sheet: Exclusions Tab</maml:linkText><maml:uri href="mshelp://windows/?id=301eb3de-1084-49a3-9708-af750590b14a"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText><Group Name> Property Sheet: Members Tab</maml:linkText><maml:uri href="mshelp://windows/?id=c4a6cb43-f98e-41c8-875d-c53d7b3b690a"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText><Group Name> Property Sheet: Query Tab</maml:linkText><maml:uri href="mshelp://windows/?id=0516b760-e489-4048-a7ee-7219cc2d47ff"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>New Application Dialog Box</maml:linkText><maml:uri href="mshelp://windows/?id=369a7869-3aed-43c2-ad99-8d6b9a40345c"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>New Application Group Dialog Box</maml:linkText><maml:uri href="mshelp://windows/?id=4996409a-af9f-4dc8-8bc0-e1aba2c98aea"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>New Authorization Store Dialog Box</maml:linkText><maml:uri href="mshelp://windows/?id=c7365dce-f571-49d7-9524-2a9edf0451bf"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>New Operation Definition Dialog Box</maml:linkText><maml:uri href="mshelp://windows/?id=eb35e1cb-4840-40e2-b2e5-0e49562024b3"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>New Role Definition Dialog Box</maml:linkText><maml:uri href="mshelp://windows/?id=87853750-cef8-4b95-ba9b-c865b9a792ae"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>New Scope Dialog Box</maml:linkText><maml:uri href="mshelp://windows/?id=313c6deb-14c7-45d6-a90c-7a7bd5b32d43"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>New Task Dialog Box</maml:linkText><maml:uri href="mshelp://windows/?id=b08e119e-2d1b-482d-8fdd-88d120a0ad3a"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Open Authorization Store Dialog Box: Active Directory Browse</maml:linkText><maml:uri href="mshelp://windows/?id=3d6661e4-d84b-4c9a-b09e-a04da656b0a9"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Open Authorization Store Dialog Box</maml:linkText><maml:uri href="mshelp://windows/?id=28ecac39-9498-46d1-9670-8c166af88156"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText><Operation Name> Properties Dialog Box</maml:linkText><maml:uri href="mshelp://windows/?id=b60f5e4e-2d89-410f-8564-489774028610"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Options Dialog Box</maml:linkText><maml:uri href="mshelp://windows/?id=b083dda8-8bc3-4dff-b7e3-b9e41e9cd369"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText><Role Name> Property Sheet: General Tab</maml:linkText><maml:uri href="mshelp://windows/?id=f431afc5-b4bd-4cab-b5f5-b84f3955e401"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText><Role Name> Property Sheet: Definition Tab</maml:linkText><maml:uri href="mshelp://windows/?id=684cf18f-a298-4fce-b942-2053616818e7"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText><Role Assignment> Property Sheet</maml:linkText><maml:uri href="mshelp://windows/?id=5b73725f-7090-4f89-a50e-f5d4f1cabefb"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText><Scope Name> Property Sheet</maml:linkText><maml:uri href="mshelp://windows/?id=5b03edb4-1a0e-4d2f-9b33-bf56e6c91369"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText><Store Name> Property Sheet: General Tab</maml:linkText><maml:uri href="mshelp://windows/?id=11df9361-ad81-4d8b-90c2-19e599f621f0"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText><Store Name> Property Sheet: Limits Tab</maml:linkText><maml:uri href="mshelp://windows/?id=b89a3969-418e-4224-972d-d40bf5b3f7ed"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText><Store Name> Property Sheet: Security Tab</maml:linkText><maml:uri href="mshelp://windows/?id=140e185a-d024-41da-a651-b681e8e6f6e2"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText><Task Name> Definition Property Sheet: General Tab</maml:linkText><maml:uri href="mshelp://windows/?id=8bca0570-5905-483b-9e55-48e210089787"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText><Task Name> Definition Property Sheet: Definition Tab</maml:linkText><maml:uri href="mshelp://windows/?id=67e26497-3093-4aba-b524-3be32eea5612"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Checklist: Before You Start Using Authorization Manager</maml:title><maml:introduction>
<maml:para>Before using Authorization Manager, review the following items.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Step</maml:para>
</maml:entry>
<maml:entry>
<maml:para>References</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Review fundamental security concepts.</maml:para>
</maml:entry>
<maml:entry>
<maml:para>For more information about security information for developers, see the <maml:navigationLink><maml:linkText>Security Developer Center</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=65843"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=65843). </maml:para>
<maml:para>For more general security information, see <maml:navigationLink><maml:linkText>Security Central</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=64028"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=64028).</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Read background material about Authorization Manager.</maml:para>
</maml:entry>
<maml:entry>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Overview of Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=b42ada63-88c6-4924-aa45-c8abef160975"></maml:uri></maml:navigationLink> </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>What's New in Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=1f8f1a16-af60-4e44-8836-a6373b48fa67"></maml:uri></maml:navigationLink> </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Resources for Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=1fd01896-c118-4c0e-949b-aad87ea063e5"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Read about the difference between administrator mode and developer mode in Authorization Manager.</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Set Authorization Manager Options</maml:linkText><maml:uri href="mshelp://windows/?id=7b83af3f-b3c8-481d-8558-e32a7447a367"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Learn about authorization stores and applications, and about the difference between authorization stores that are stored as XML files, authorization stores that are stored in Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS), and authorization stores that are stored in a Microsoft SQL Server database.</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Stores</maml:linkText><maml:uri href="mshelp://windows/?id=57075178-e06b-44b9-a0cd-588c244fe704"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>(For developers) Review the latest information about Authorization Manager and authorization-related application programming interfaces (APIs) in the Platform SDK.</maml:para>
</maml:entry>
<maml:entry>
<maml:para>For more information, see <maml:navigationLink><maml:linkText>Authorization</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=64031"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=64031).</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Before you can use Authorization Manager for authorization stores that are stored in AD DS, you must raise the domain functional level to Windows Server 2003 or newer.</maml:para>
<maml:para>Raising the domain functional level is an irreversible step.</maml:para>
</maml:entry>
<maml:entry>
<maml:para>For more information, see<maml:navigationLink><maml:linkText> Raise the domain functional level</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?linkid=64029"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?linkid=64029)</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Start Authorization Manager.</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Start Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=4c026431-c042-4ccc-9761-a32f465ae684"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Change the Properties of a Group within an Authorization Store</maml:title><maml:introduction>
<maml:para>The properties of a group define the group and its membership. To view or change the properties of a group, use the following procedure.</maml:para>
<maml:para>You must be assigned to the Authorization Manager <maml:phrase>Administrator</maml:phrase> user role to complete this procedure. By default, <maml:phrase>Administrators</maml:phrase> is the minimum Windows group membership assigned to this role. Review the details in "Additional considerations" in this topic.</maml:para>
<maml:procedure><maml:title>Change the properties of a group within an authorization store</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If necessary, open Authorization Manager.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, right-click the group that you want to edit, and then click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Properties</maml:ui> dialog box, modify the settings that you want to change. (For more information about the properties you can change, see "Additional references.")</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:para><maml:phrase>Additional considerations</maml:phrase></maml:para>
<maml:list class="unordered"><maml:listItem><maml:para>To perform this procedure, you need to have access to an authorization store. By default, members of the <maml:phrase>Administrators</maml:phrase> group have the required access, but Authorization Manager allows you to delegate responsibility.</maml:para></maml:listItem></maml:list>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Application Groups</maml:linkText><maml:uri href="mshelp://windows/?id=7c373b4c-7124-420b-82b2-d62528ceec58"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText><Store Name> Property Sheet: Security Tab</maml:linkText><maml:uri href="mshelp://windows/?id=140e185a-d024-41da-a651-b681e8e6f6e2"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText><Group Name> Property Sheet: General Tab</maml:linkText><maml:uri href="mshelp://windows/?id=6519a260-0c63-4172-a1a5-d576581eb07e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText><Group Name> Property Sheet: Exclusions Tab</maml:linkText><maml:uri href="mshelp://windows/?id=301eb3de-1084-49a3-9708-af750590b14a"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText><Group Name> Property Sheet: Members Tab</maml:linkText><maml:uri href="mshelp://windows/?id=c4a6cb43-f98e-41c8-875d-c53d7b3b690a"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText><Group Name> Property Sheet: Query Tab</maml:linkText><maml:uri href="mshelp://windows/?id=0516b760-e489-4048-a7ee-7219cc2d47ff"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Add Definition Dialog Box: Operations Tab</maml:title><maml:introduction>
<maml:para>A role or task can include operations. This tab shows the operations defined in the application store. </maml:para>
<maml:para>The following table describes the UI elements for this dialog box.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Select the operation definitions to add</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Lists the operations defined in the authorization store. </maml:para>
<maml:para>To include a defined operation, select the check box beside an existing operation definition.</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para>To include operations, select the check box beside an existing definition.</maml:para>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Role, Task, and Operation Definitions</maml:linkText><maml:uri href="mshelp://windows/?id=2fc7ad83-7967-44be-88ef-c2c517952043"></maml:uri></maml:navigationLink> </maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>New Operation Definition Dialog Box</maml:title><maml:introduction>
<maml:para>This dialog box allows you to define a new operation. The following table describes the UI elements for this dialog box. </maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Name</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides a space for you to type the name of the new operation definition (for example, "Read Attributes").</maml:para>
<maml:para>Operations are permissions associated with security procedures. Operations are meaningful to authorization application developers, but might not be meaningful to administrators. </maml:para>
<maml:para>You are prevented from entering a name that already exists in this scope or that is too long. An operation name has a maximum size limit of 64 bytes. It cannot contain any of the characters \ / : * ? " < > | and [Tab].</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides a space for you to type the description of the new operation definition.</maml:para>
<maml:para>The description does not affect the functionality of Authorization Manager and should be meaningful to you. </maml:para>
<maml:para>You are prevented from entering a description that is too long. A description has a maximum size limit of 1,024 bytes. It cannot contain any of the characters \ / : * ? " < > | and [Tab].</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Operation Number</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides a space for you to type the operation number of the new operation definition. </maml:para>
<maml:para>The valid range of values is 0 through 2,147,483,647. The application uses the operation number to identify the operation.</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Role, Task, and Operation Definitions</maml:linkText><maml:uri href="mshelp://windows/?id=2fc7ad83-7967-44be-88ef-c2c517952043"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Activate Auditing for an Authorization Store</maml:title><maml:introduction>
<maml:para>To control which Authorization Manager actions or activities are audited, use the following procedure. </maml:para>
<maml:para>You must be assigned to the Authorization Manager <maml:phrase>Administrator</maml:phrase> user role to complete this procedure. By default, <maml:phrase>Administrators</maml:phrase> is the minimum Windows group membership assigned to this role. Review the details in "Additional considerations" in this topic.</maml:para>
<maml:procedure><maml:title>Activate auditing for an authorization store</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If necessary, open Authorization Manager.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, right-click the authorization store that you want to audit, and then click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Properties</maml:ui> dialog box, click the <maml:ui>Auditing</maml:ui> tab, and then do one or both of the following: </maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To audit run-time application initialization, select the <maml:ui>Runtime application initialization auditing</maml:ui> check box.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>To audit authorization store changes, select the <maml:ui>Authorization store change auditing</maml:ui> check box.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:para><maml:phrase>Additional considerations</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To perform this procedure, you need to have access to an authorization store. By default, members of the <maml:phrase>Administrators</maml:phrase> group have the required access, but Authorization Manager allows you to delegate responsibility. For more information, see "Additional references" in this topic. </maml:para>
</maml:listItem>
</maml:list>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Stores</maml:linkText><maml:uri href="mshelp://windows/?id=57075178-e06b-44b9-a0cd-588c244fe704"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText><Application or Store Name> Property Sheet: Auditing Tab</maml:linkText><maml:uri href="mshelp://windows/?id=cf8cc355-d055-4536-92f6-22813ef42b3c"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText><Store Name> Property Sheet: Security Tab</maml:linkText><maml:uri href="mshelp://windows/?id=140e185a-d024-41da-a651-b681e8e6f6e2"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Start Authorization Manager</maml:linkText><maml:uri href="mshelp://windows/?id=4c026431-c042-4ccc-9761-a32f465ae684"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title><Role Name> Property Sheet: General Tab</maml:title><maml:introduction>
<maml:para>The following table describes the UI elements for this dialog box.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Name</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides a space for you to type the name of the role definition. </maml:para>
<maml:para>You are prevented from entering a name that already exists in this scope or that is too long. A role name has a size limit of 64 bytes.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides a space for you to type the description of the role definition.</maml:para>
<maml:para>The description does not affect the functionality of Authorization Manager and should be meaningful to you.</maml:para>
<maml:para>A description has a size limit of 1,024 bytes. You are prevented from entering a description that is too long.</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Role, Task, and Operation Definitions</maml:linkText><maml:uri href="mshelp://windows/?id=2fc7ad83-7967-44be-88ef-c2c517952043"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Define an Operation in Authorization Manager</maml:title><maml:introduction>
<maml:para>An operation is a particular action or access that needs to be controlled or restricted by Authorization Manager. Operations are defined at the application level. Operations are combined into tasks at either the application or scope level.</maml:para>
<maml:para>You must be assigned to the Authorization Manager <maml:phrase>Administrator</maml:phrase> user role to complete this procedure. By default, <maml:phrase>Administrators</maml:phrase> is the minimum Windows group membership assigned to this role. Review the details in "Additional considerations" in this topic. </maml:para>
<maml:procedure><maml:title>Define an operation in Authorization Manager</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If necessary, open Authorization Manager.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If necessary, open or create an authorization store that contains an application.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, expand the application, and then expand <maml:ui>Definitions</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Right-click <maml:ui>Operation Definitions</maml:ui>, and click<maml:ui> New Operation Definition</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Define the operation by providing a name, description, and operation number. The name and description are for your convenience. The operation number must be used by the calling program. The operation number is called an OperationID in the application programming interface (API). The number must be a positive integer, greater than zero (0). For more information, see "Additional references" in this topic.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:para><maml:phrase>Additional considerations</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To perform this procedure, you need to have access to an authorization store. By default, members of the <maml:phrase>Administrators</maml:phrase> group have the required access, but Authorization Manager allows you to delegate responsibility. For more information, see <maml:navigationLink><maml:linkText>Allow Other Users to Administer an Authorization Store</maml:linkText><maml:uri href="mshelp://windows/?id=a1f5e7f1-97e2-4a67-a83f-7d869ef4aff4"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>To define an operation by using the Authorization Manager console, you must use developer mode.</maml:para>
</maml:listItem>
</maml:list>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Authorization Manager Role, Task, and Operation Definitions</maml:linkText><maml:uri href="mshelp://windows/?id=2fc7ad83-7967-44be-88ef-c2c517952043"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Set Authorization Manager Options</maml:linkText><maml:uri href="mshelp://windows/?id=7b83af3f-b3c8-481d-8558-e32a7447a367"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>New Operation Definition Dialog Box</maml:linkText><maml:uri href="mshelp://windows/?id=eb35e1cb-4840-40e2-b2e5-0e49562024b3"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><?xml version="1.0" encoding="utf-8"?>
<HelpCollection Id="authm" DTDVersion="1.0" FileVersion="" LangId="1033" Copyright="© 2005 Microsoft Corporation. All rights reserved." Title="Authorization Manager" xmlns="http://schemas.microsoft.com/help/collection/2004/11">
<CompilerOptions CompileResult="H1S" CreateFullTextIndex="Yes" BreakerId="Microsoft.NLG.en.WordBreaker">
<IncludeFile File="authm.H1F" />
</CompilerOptions>
<TOCDef File="authm.H1T" Id="authm_TOC" />
<VTopicDef File="authm.H1V" />
<KeywordIndexDef File="authm_AssetId.H1K" />
<KeywordIndexDef File="authm_BestBet.H1K" />
<KeywordIndexDef File="authm_LinkTerm.H1K" />
<KeywordIndexDef File="authm_SubjectTerm.H1K" />
<ItemMoniker Name="!DefaultTOC" ProgId="HxDs.HxHierarchy" InitData="AnyString" />
<ItemMoniker Name="!DefaultFullTextSearch" ProgId="HxDs.HxFullTextSearch" InitData="AnyString" />
<ItemMoniker Name="!DefaultAssetIdIndex" ProgId="HxDs.HxIndex" InitData="AssetId" />
<ItemMoniker Name="!DefaultBestBetIndex" ProgId="HxDs.HxIndex" InitData="BestBet" />
<ItemMoniker Name="!DefaultAssociativeIndex" ProgId="HxDs.HxIndex" InitData="LinkTerm" />
<ItemMoniker Name="!DefaultKeywordIndex" ProgId="HxDs.HxIndex" InitData="SubjectTerm" />
</HelpCollection><?xml version="1.0" encoding="utf-8"?>
<HelpFileList xmlns="http://schemas.microsoft.com/help/filelist/2004/11">
<File Url="assets\0516b760-e489-4048-a7ee-7219cc2d47ff.xml" />
<File Url="assets\0dda9d4b-2711-4a45-b98b-3b18b5e5e163.xml" />
<File Url="assets\0e8e5a95-1cdc-4876-b49c-f04a68f73128.xml" />
<File Url="assets\11df9361-ad81-4d8b-90c2-19e599f621f0.xml" />
<File Url="assets\11edca2e-bedf-4fc4-bf8b-3083efbbb5e3.xml" />
<File Url="assets\140e185a-d024-41da-a651-b681e8e6f6e2.xml" />
<File Url="assets\1614b1cb-5f53-4175-a965-df24cf1982de.xml" />
<File Url="assets\1f8f1a16-af60-4e44-8836-a6373b48fa67.xml" />
<File Url="assets\1faebced-b2b3-4772-a8df-2d2f7b5e177b.xml" />
<File Url="assets\1fd01896-c118-4c0e-949b-aad87ea063e5.xml" />
<File Url="assets\2193b1ca-331a-40fb-affe-9cf9abc2a6ae.xml" />
<File Url="assets\28ecac39-9498-46d1-9670-8c166af88156.xml" />
<File Url="assets\2fc7ad83-7967-44be-88ef-c2c517952043.xml" />
<File Url="assets\301eb3de-1084-49a3-9708-af750590b14a.xml" />
<File Url="assets\313c6deb-14c7-45d6-a90c-7a7bd5b32d43.xml" />
<File Url="assets\316142b3-d6d7-40ec-beb1-b2fd8f2e2521.xml" />
<File Url="assets\369a7869-3aed-43c2-ad99-8d6b9a40345c.xml" />
<File Url="assets\3d6661e4-d84b-4c9a-b09e-a04da656b0a9.xml" />
<File Url="assets\41a112a6-1b0c-4994-a2b5-5fe1ccb81adb.xml" />
<File Url="assets\427ffef5-e054-44ce-949a-09be24b01728.xml" />
<File Url="assets\4996409a-af9f-4dc8-8bc0-e1aba2c98aea.xml" />
<File Url="assets\4a076990-699c-4c45-92b5-4e5eb50208d7.xml" />
<File Url="assets\4c026431-c042-4ccc-9761-a32f465ae684.xml" />
<File Url="assets\5187d0f6-0e81-4128-a1a7-509444c77890.xml" />
<File Url="assets\57075178-e06b-44b9-a0cd-588c244fe704.xml" />
<File Url="assets\5a9cbc58-21a6-4946-a0a1-373d5edc264a.xml" />
<File Url="assets\5b03edb4-1a0e-4d2f-9b33-bf56e6c91369.xml" />
<File Url="assets\5b73725f-7090-4f89-a50e-f5d4f1cabefb.xml" />
<File Url="assets\6083e41e-0a7d-47ba-9a87-59c79990f745.xml" />
<File Url="assets\63c53320-fbcd-42b3-ae6d-0a89d8228c62.xml" />
<File Url="assets\6519a260-0c63-4172-a1a5-d576581eb07e.xml" />
<File Url="assets\6568d6dc-df83-4716-b990-4aba2212e99a.xml" />
<File Url="assets\67e26497-3093-4aba-b524-3be32eea5612.xml" />
<File Url="assets\684cf18f-a298-4fce-b942-2053616818e7.xml" />
<File Url="assets\6857c310-c2fb-4f9d-9a4c-639f38ffab73.xml" />
<File Url="assets\6d2736d9-d803-423c-b376-29c04929d3ee.xml" />
<File Url="assets\7b83af3f-b3c8-481d-8558-e32a7447a367.xml" />
<File Url="assets\7c373b4c-7124-420b-82b2-d62528ceec58.xml" />
<File Url="assets\7ed13aea-4580-4ecd-93ef-9b09b504b87a.xml" />
<File Url="assets\811e933b-a029-421e-9b55-81f2586fe2b2.xml" />
<File Url="assets\87853750-cef8-4b95-ba9b-c865b9a792ae.xml" />
<File Url="assets\88a3d65b-8209-447c-8307-454c220accd8.xml" />
<File Url="assets\8bca0570-5905-483b-9e55-48e210089787.xml" />
<File Url="assets\8cf72d7f-b0ae-482f-b26c-9540c63cc8ec.xml" />
<File Url="assets\8eadb7c7-a89b-4aab-a565-5b21ad5b63cb.xml" />
<File Url="assets\93a693c7-e3de-4cf7-95e6-fb6491fc4f31.xml" />
<File Url="assets\9bd3ff29-71de-466c-a0b9-30b225c1358e.xml" />
<File Url="assets\a1c72a61-31f7-4d5e-b8f5-0f6fb9c0bc90.xml" />
<File Url="assets\a1f5e7f1-97e2-4a67-a83f-7d869ef4aff4.xml" />
<File Url="assets\a364ca04-413a-4681-971a-7b727c7e4fa4.xml" />
<File Url="assets\a554bec2-7ce7-45fb-a84c-063133141635.xml" />
<File Url="assets\b03487c7-3ec6-46b6-9878-8a62bafbabfc.xml" />
<File Url="assets\b083dda8-8bc3-4dff-b7e3-b9e41e9cd369.xml" />
<File Url="assets\b08e119e-2d1b-482d-8fdd-88d120a0ad3a.xml" />
<File Url="assets\b42ada63-88c6-4924-aa45-c8abef160975.xml" />
<File Url="assets\b60f5e4e-2d89-410f-8564-489774028610.xml" />
<File Url="assets\b89a3969-418e-4224-972d-d40bf5b3f7ed.xml" />
<File Url="assets\c0568214-22d8-4d08-830b-2379d84c91da.xml" />
<File Url="assets\c4a6cb43-f98e-41c8-875d-c53d7b3b690a.xml" />
<File Url="assets\c7365dce-f571-49d7-9524-2a9edf0451bf.xml" />
<File Url="assets\cda23592-f7c5-47d8-a6cc-e84d4210d431.xml" />
<File Url="assets\cf8cc355-d055-4536-92f6-22813ef42b3c.xml" />
<File Url="assets\d1397e5e-8bdd-415d-b67d-bbb19aeeeee2.xml" />
<File Url="assets\d528fb6e-616f-4c1d-bb4c-84b6a504c0c2.xml" />
<File Url="assets\d7145ff2-d560-498d-89e0-a10359799da5.xml" />
<File Url="assets\df0924f5-2c0f-4e6e-b94c-a00a63c88160.xml" />
<File Url="assets\e0b4ddb8-6422-471c-8c5b-12e6fea7cb35.xml" />
<File Url="assets\eb35e1cb-4840-40e2-b2e5-0e49562024b3.xml" />
<File Url="assets\f27a7262-e5ff-4064-96ec-0fc0fe93c4c0.xml" />
<File Url="assets\f431afc5-b4bd-4cab-b5f5-b84f3955e401.xml" />
<File Url="assets\f7a6a421-89d5-4c3f-b5bd-6c4c0f4f41ac.xml" />
</HelpFileList><?xml version="1.0" encoding="utf-8"?>
<VTopicSet DTDVersion="1.0" xmlns="http://schemas.microsoft.com/help/vtopic/2004/11">
<Vtopic Url="assets\0516b760-e489-4048-a7ee-7219cc2d47ff.xml" RLTitle="<Group Name> Property Sheet: Query Tab">
<Attr Name="assetid" Value="0516b760-e489-4048-a7ee-7219cc2d47ff" />
<Keyword Index="AssetId" Term="0516b760-e489-4048-a7ee-7219cc2d47ff" />
<Keyword Index="AssetId" Term="0516b760-e489-4048-a7ee-7219cc2d47ff1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="0516b760-e489-4048-a7ee-7219cc2d47ff" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\0dda9d4b-2711-4a45-b98b-3b18b5e5e163.xml" RLTitle="Add Groups Dialog Box">
<Attr Name="assetid" Value="0dda9d4b-2711-4a45-b98b-3b18b5e5e163" />
<Keyword Index="AssetId" Term="0dda9d4b-2711-4a45-b98b-3b18b5e5e163" />
<Keyword Index="AssetId" Term="0dda9d4b-2711-4a45-b98b-3b18b5e5e1631033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="0dda9d4b-2711-4a45-b98b-3b18b5e5e163" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\0e8e5a95-1cdc-4876-b49c-f04a68f73128.xml" RLTitle="Connect to an SQL-based Authorization Store">
<Attr Name="assetid" Value="0e8e5a95-1cdc-4876-b49c-f04a68f73128" />
<Keyword Index="AssetId" Term="0e8e5a95-1cdc-4876-b49c-f04a68f73128" />
<Keyword Index="AssetId" Term="0e8e5a95-1cdc-4876-b49c-f04a68f731281033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="0e8e5a95-1cdc-4876-b49c-f04a68f73128" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\11df9361-ad81-4d8b-90c2-19e599f621f0.xml" RLTitle="<Store Name> Property Sheet: General Tab">
<Attr Name="assetid" Value="11df9361-ad81-4d8b-90c2-19e599f621f0" />
<Keyword Index="AssetId" Term="11df9361-ad81-4d8b-90c2-19e599f621f0" />
<Keyword Index="AssetId" Term="11df9361-ad81-4d8b-90c2-19e599f621f01033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="11df9361-ad81-4d8b-90c2-19e599f621f0" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\11edca2e-bedf-4fc4-bf8b-3083efbbb5e3.xml" RLTitle="Understanding Authorization Manager Applications">
<Attr Name="assetid" Value="11edca2e-bedf-4fc4-bf8b-3083efbbb5e3" />
<Keyword Index="AssetId" Term="11edca2e-bedf-4fc4-bf8b-3083efbbb5e3" />
<Keyword Index="AssetId" Term="11edca2e-bedf-4fc4-bf8b-3083efbbb5e31033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="11edca2e-bedf-4fc4-bf8b-3083efbbb5e3" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\140e185a-d024-41da-a651-b681e8e6f6e2.xml" RLTitle="<Store Name> Property Sheet: Security Tab">
<Attr Name="assetid" Value="140e185a-d024-41da-a651-b681e8e6f6e2" />
<Keyword Index="AssetId" Term="140e185a-d024-41da-a651-b681e8e6f6e2" />
<Keyword Index="AssetId" Term="140e185a-d024-41da-a651-b681e8e6f6e21033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="140e185a-d024-41da-a651-b681e8e6f6e2" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\1614b1cb-5f53-4175-a965-df24cf1982de.xml" RLTitle="Add Definition Dialog Box: Tasks Tab">
<Attr Name="assetid" Value="1614b1cb-5f53-4175-a965-df24cf1982de" />
<Keyword Index="AssetId" Term="1614b1cb-5f53-4175-a965-df24cf1982de" />
<Keyword Index="AssetId" Term="1614b1cb-5f53-4175-a965-df24cf1982de1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="1614b1cb-5f53-4175-a965-df24cf1982de" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\1f8f1a16-af60-4e44-8836-a6373b48fa67.xml" RLTitle="What's New in Authorization Manager">
<Attr Name="assetid" Value="1f8f1a16-af60-4e44-8836-a6373b48fa67" />
<Keyword Index="AssetId" Term="1f8f1a16-af60-4e44-8836-a6373b48fa67" />
<Keyword Index="AssetId" Term="1f8f1a16-af60-4e44-8836-a6373b48fa671033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="1f8f1a16-af60-4e44-8836-a6373b48fa67" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\1faebced-b2b3-4772-a8df-2d2f7b5e177b.xml" RLTitle="Managing Groups, Roles, and Tasks">
<Attr Name="assetid" Value="1faebced-b2b3-4772-a8df-2d2f7b5e177b" />
<Keyword Index="AssetId" Term="1faebced-b2b3-4772-a8df-2d2f7b5e177b" />
<Keyword Index="AssetId" Term="1faebced-b2b3-4772-a8df-2d2f7b5e177b1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="1faebced-b2b3-4772-a8df-2d2f7b5e177b" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\1fd01896-c118-4c0e-949b-aad87ea063e5.xml" RLTitle="Resources for Authorization Manager">
<Attr Name="assetid" Value="1fd01896-c118-4c0e-949b-aad87ea063e5" />
<Keyword Index="AssetId" Term="1fd01896-c118-4c0e-949b-aad87ea063e5" />
<Keyword Index="AssetId" Term="1fd01896-c118-4c0e-949b-aad87ea063e51033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="1fd01896-c118-4c0e-949b-aad87ea063e5" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\2193b1ca-331a-40fb-affe-9cf9abc2a6ae.xml" RLTitle="Controlling Authorization by Using Authorization Rules and Business Rules">
<Attr Name="assetid" Value="2193b1ca-331a-40fb-affe-9cf9abc2a6ae" />
<Keyword Index="AssetId" Term="2193b1ca-331a-40fb-affe-9cf9abc2a6ae" />
<Keyword Index="AssetId" Term="2193b1ca-331a-40fb-affe-9cf9abc2a6ae1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="2193b1ca-331a-40fb-affe-9cf9abc2a6ae" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\28ecac39-9498-46d1-9670-8c166af88156.xml" RLTitle="Open Authorization Store Dialog Box">
<Attr Name="assetid" Value="28ecac39-9498-46d1-9670-8c166af88156" />
<Keyword Index="AssetId" Term="28ecac39-9498-46d1-9670-8c166af88156" />
<Keyword Index="AssetId" Term="28ecac39-9498-46d1-9670-8c166af881561033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="28ecac39-9498-46d1-9670-8c166af88156" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\2fc7ad83-7967-44be-88ef-c2c517952043.xml" RLTitle="Understanding Authorization Manager Role, Task, and Operation Definitions">
<Attr Name="assetid" Value="2fc7ad83-7967-44be-88ef-c2c517952043" />
<Keyword Index="AssetId" Term="2fc7ad83-7967-44be-88ef-c2c517952043" />
<Keyword Index="AssetId" Term="2fc7ad83-7967-44be-88ef-c2c5179520431033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="2fc7ad83-7967-44be-88ef-c2c517952043" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\301eb3de-1084-49a3-9708-af750590b14a.xml" RLTitle="<Group Name> Property Sheet: Exclusions Tab">
<Attr Name="assetid" Value="301eb3de-1084-49a3-9708-af750590b14a" />
<Keyword Index="AssetId" Term="301eb3de-1084-49a3-9708-af750590b14a" />
<Keyword Index="AssetId" Term="301eb3de-1084-49a3-9708-af750590b14a1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="301eb3de-1084-49a3-9708-af750590b14a" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\313c6deb-14c7-45d6-a90c-7a7bd5b32d43.xml" RLTitle="New Scope Dialog Box">
<Attr Name="assetid" Value="313c6deb-14c7-45d6-a90c-7a7bd5b32d43" />
<Keyword Index="AssetId" Term="313c6deb-14c7-45d6-a90c-7a7bd5b32d43" />
<Keyword Index="AssetId" Term="313c6deb-14c7-45d6-a90c-7a7bd5b32d431033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="313c6deb-14c7-45d6-a90c-7a7bd5b32d43" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\316142b3-d6d7-40ec-beb1-b2fd8f2e2521.xml" RLTitle="<Application Name> Property Sheet: General Tab">
<Attr Name="assetid" Value="316142b3-d6d7-40ec-beb1-b2fd8f2e2521" />
<Keyword Index="AssetId" Term="316142b3-d6d7-40ec-beb1-b2fd8f2e2521" />
<Keyword Index="AssetId" Term="316142b3-d6d7-40ec-beb1-b2fd8f2e25211033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="316142b3-d6d7-40ec-beb1-b2fd8f2e2521" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\369a7869-3aed-43c2-ad99-8d6b9a40345c.xml" RLTitle="New Application Dialog Box">
<Attr Name="assetid" Value="369a7869-3aed-43c2-ad99-8d6b9a40345c" />
<Keyword Index="AssetId" Term="369a7869-3aed-43c2-ad99-8d6b9a40345c" />
<Keyword Index="AssetId" Term="369a7869-3aed-43c2-ad99-8d6b9a40345c1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="369a7869-3aed-43c2-ad99-8d6b9a40345c" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\3d6661e4-d84b-4c9a-b09e-a04da656b0a9.xml" RLTitle="Open Authorization Store Dialog Box: Active Directory Browse">
<Attr Name="assetid" Value="3d6661e4-d84b-4c9a-b09e-a04da656b0a9" />
<Keyword Index="AssetId" Term="3d6661e4-d84b-4c9a-b09e-a04da656b0a9" />
<Keyword Index="AssetId" Term="3d6661e4-d84b-4c9a-b09e-a04da656b0a91033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="3d6661e4-d84b-4c9a-b09e-a04da656b0a9" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\41a112a6-1b0c-4994-a2b5-5fe1ccb81adb.xml" RLTitle="Understanding Authorization Manager Role Assignments">
<Attr Name="assetid" Value="41a112a6-1b0c-4994-a2b5-5fe1ccb81adb" />
<Keyword Index="AssetId" Term="41a112a6-1b0c-4994-a2b5-5fe1ccb81adb" />
<Keyword Index="AssetId" Term="41a112a6-1b0c-4994-a2b5-5fe1ccb81adb1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="41a112a6-1b0c-4994-a2b5-5fe1ccb81adb" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\427ffef5-e054-44ce-949a-09be24b01728.xml" RLTitle="Authorization Manager">
<Attr Name="assetid" Value="427ffef5-e054-44ce-949a-09be24b01728" />
<Keyword Index="AssetId" Term="427ffef5-e054-44ce-949a-09be24b01728" />
<Keyword Index="AssetId" Term="427ffef5-e054-44ce-949a-09be24b017281033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="427ffef5-e054-44ce-949a-09be24b01728" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\4996409a-af9f-4dc8-8bc0-e1aba2c98aea.xml" RLTitle="New Application Group Dialog Box">
<Attr Name="assetid" Value="4996409a-af9f-4dc8-8bc0-e1aba2c98aea" />
<Keyword Index="AssetId" Term="4996409a-af9f-4dc8-8bc0-e1aba2c98aea" />
<Keyword Index="AssetId" Term="4996409a-af9f-4dc8-8bc0-e1aba2c98aea1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="4996409a-af9f-4dc8-8bc0-e1aba2c98aea" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\4a076990-699c-4c45-92b5-4e5eb50208d7.xml" RLTitle="Create an Application Group within an Authorization Store">
<Attr Name="assetid" Value="4a076990-699c-4c45-92b5-4e5eb50208d7" />
<Keyword Index="AssetId" Term="4a076990-699c-4c45-92b5-4e5eb50208d7" />
<Keyword Index="AssetId" Term="4a076990-699c-4c45-92b5-4e5eb50208d71033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="4a076990-699c-4c45-92b5-4e5eb50208d7" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\4c026431-c042-4ccc-9761-a32f465ae684.xml" RLTitle="Start Authorization Manager">
<Attr Name="assetid" Value="4c026431-c042-4ccc-9761-a32f465ae684" />
<Keyword Index="AssetId" Term="4c026431-c042-4ccc-9761-a32f465ae684" />
<Keyword Index="AssetId" Term="4c026431-c042-4ccc-9761-a32f465ae6841033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="4c026431-c042-4ccc-9761-a32f465ae684" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\5187d0f6-0e81-4128-a1a7-509444c77890.xml" RLTitle="Troubleshooting Authorization Manager">
<Attr Name="assetid" Value="5187d0f6-0e81-4128-a1a7-509444c77890" />
<Keyword Index="AssetId" Term="5187d0f6-0e81-4128-a1a7-509444c77890" />
<Keyword Index="AssetId" Term="5187d0f6-0e81-4128-a1a7-509444c778901033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="5187d0f6-0e81-4128-a1a7-509444c77890" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\57075178-e06b-44b9-a0cd-588c244fe704.xml" RLTitle="Understanding Authorization Manager Stores">
<Attr Name="assetid" Value="57075178-e06b-44b9-a0cd-588c244fe704" />
<Keyword Index="AssetId" Term="57075178-e06b-44b9-a0cd-588c244fe704" />
<Keyword Index="AssetId" Term="57075178-e06b-44b9-a0cd-588c244fe7041033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="57075178-e06b-44b9-a0cd-588c244fe704" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\5a9cbc58-21a6-4946-a0a1-373d5edc264a.xml" RLTitle="Create an Authorization Store">
<Attr Name="assetid" Value="5a9cbc58-21a6-4946-a0a1-373d5edc264a" />
<Keyword Index="AssetId" Term="5a9cbc58-21a6-4946-a0a1-373d5edc264a" />
<Keyword Index="AssetId" Term="5a9cbc58-21a6-4946-a0a1-373d5edc264a1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="5a9cbc58-21a6-4946-a0a1-373d5edc264a" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\5b03edb4-1a0e-4d2f-9b33-bf56e6c91369.xml" RLTitle="<Scope Name> Property Sheet">
<Attr Name="assetid" Value="5b03edb4-1a0e-4d2f-9b33-bf56e6c91369" />
<Keyword Index="AssetId" Term="5b03edb4-1a0e-4d2f-9b33-bf56e6c91369" />
<Keyword Index="AssetId" Term="5b03edb4-1a0e-4d2f-9b33-bf56e6c913691033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="5b03edb4-1a0e-4d2f-9b33-bf56e6c91369" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\5b73725f-7090-4f89-a50e-f5d4f1cabefb.xml" RLTitle="<Role Assignment> Property Sheet">
<Attr Name="assetid" Value="5b73725f-7090-4f89-a50e-f5d4f1cabefb" />
<Keyword Index="AssetId" Term="5b73725f-7090-4f89-a50e-f5d4f1cabefb" />
<Keyword Index="AssetId" Term="5b73725f-7090-4f89-a50e-f5d4f1cabefb1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="5b73725f-7090-4f89-a50e-f5d4f1cabefb" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\6083e41e-0a7d-47ba-9a87-59c79990f745.xml" RLTitle="Understanding Authorization Manager Scopes">
<Attr Name="assetid" Value="6083e41e-0a7d-47ba-9a87-59c79990f745" />
<Keyword Index="AssetId" Term="6083e41e-0a7d-47ba-9a87-59c79990f745" />
<Keyword Index="AssetId" Term="6083e41e-0a7d-47ba-9a87-59c79990f7451033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="6083e41e-0a7d-47ba-9a87-59c79990f745" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\63c53320-fbcd-42b3-ae6d-0a89d8228c62.xml" RLTitle="Managing Authorization Stores">
<Attr Name="assetid" Value="63c53320-fbcd-42b3-ae6d-0a89d8228c62" />
<Keyword Index="AssetId" Term="63c53320-fbcd-42b3-ae6d-0a89d8228c62" />
<Keyword Index="AssetId" Term="63c53320-fbcd-42b3-ae6d-0a89d8228c621033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="63c53320-fbcd-42b3-ae6d-0a89d8228c62" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\6519a260-0c63-4172-a1a5-d576581eb07e.xml" RLTitle="<Group Name> Property Sheet: General Tab">
<Attr Name="assetid" Value="6519a260-0c63-4172-a1a5-d576581eb07e" />
<Keyword Index="AssetId" Term="6519a260-0c63-4172-a1a5-d576581eb07e" />
<Keyword Index="AssetId" Term="6519a260-0c63-4172-a1a5-d576581eb07e1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="6519a260-0c63-4172-a1a5-d576581eb07e" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\6568d6dc-df83-4716-b990-4aba2212e99a.xml" RLTitle="Managing Applications and Scopes">
<Attr Name="assetid" Value="6568d6dc-df83-4716-b990-4aba2212e99a" />
<Keyword Index="AssetId" Term="6568d6dc-df83-4716-b990-4aba2212e99a" />
<Keyword Index="AssetId" Term="6568d6dc-df83-4716-b990-4aba2212e99a1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="6568d6dc-df83-4716-b990-4aba2212e99a" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\67e26497-3093-4aba-b524-3be32eea5612.xml" RLTitle="<Task Name> Definition Property Sheet: Definition Tab">
<Attr Name="assetid" Value="67e26497-3093-4aba-b524-3be32eea5612" />
<Keyword Index="AssetId" Term="67e26497-3093-4aba-b524-3be32eea5612" />
<Keyword Index="AssetId" Term="67e26497-3093-4aba-b524-3be32eea56121033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="67e26497-3093-4aba-b524-3be32eea5612" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\684cf18f-a298-4fce-b942-2053616818e7.xml" RLTitle="<Role Name> Property Sheet: Definition Tab">
<Attr Name="assetid" Value="684cf18f-a298-4fce-b942-2053616818e7" />
<Keyword Index="AssetId" Term="684cf18f-a298-4fce-b942-2053616818e7" />
<Keyword Index="AssetId" Term="684cf18f-a298-4fce-b942-2053616818e71033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="684cf18f-a298-4fce-b942-2053616818e7" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\6857c310-c2fb-4f9d-9a4c-639f38ffab73.xml" RLTitle="Understanding Authorization Manager Auditing">
<Attr Name="assetid" Value="6857c310-c2fb-4f9d-9a4c-639f38ffab73" />
<Keyword Index="AssetId" Term="6857c310-c2fb-4f9d-9a4c-639f38ffab73" />
<Keyword Index="AssetId" Term="6857c310-c2fb-4f9d-9a4c-639f38ffab731033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="6857c310-c2fb-4f9d-9a4c-639f38ffab73" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\6d2736d9-d803-423c-b376-29c04929d3ee.xml" RLTitle="Choose Users or Groups with a Custom Object Picker">
<Attr Name="assetid" Value="6d2736d9-d803-423c-b376-29c04929d3ee" />
<Keyword Index="AssetId" Term="6d2736d9-d803-423c-b376-29c04929d3ee" />
<Keyword Index="AssetId" Term="6d2736d9-d803-423c-b376-29c04929d3ee1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="6d2736d9-d803-423c-b376-29c04929d3ee" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\7b83af3f-b3c8-481d-8558-e32a7447a367.xml" RLTitle="Set Authorization Manager Options">
<Attr Name="assetid" Value="7b83af3f-b3c8-481d-8558-e32a7447a367" />
<Keyword Index="AssetId" Term="7b83af3f-b3c8-481d-8558-e32a7447a367" />
<Keyword Index="AssetId" Term="7b83af3f-b3c8-481d-8558-e32a7447a3671033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="7b83af3f-b3c8-481d-8558-e32a7447a367" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\7c373b4c-7124-420b-82b2-d62528ceec58.xml" RLTitle="Understanding Authorization Manager Application Groups">
<Attr Name="assetid" Value="7c373b4c-7124-420b-82b2-d62528ceec58" />
<Keyword Index="AssetId" Term="7c373b4c-7124-420b-82b2-d62528ceec58" />
<Keyword Index="AssetId" Term="7c373b4c-7124-420b-82b2-d62528ceec581033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="7c373b4c-7124-420b-82b2-d62528ceec58" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\7ed13aea-4580-4ecd-93ef-9b09b504b87a.xml" RLTitle="Command-line syntax notation">
<Attr Name="assetid" Value="7ed13aea-4580-4ecd-93ef-9b09b504b87a" />
<Keyword Index="AssetId" Term="7ed13aea-4580-4ecd-93ef-9b09b504b87a" />
<Keyword Index="AssetId" Term="7ed13aea-4580-4ecd-93ef-9b09b504b87a1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="appliesToProduct" Value="Windows Vista" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISENOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="appliesToSite" Value="VistaITPro" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="7ed13aea-4580-4ecd-93ef-9b09b504b87a" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\811e933b-a029-421e-9b55-81f2586fe2b2.xml" RLTitle="Synchronize the Authorization Manager Console">
<Attr Name="assetid" Value="811e933b-a029-421e-9b55-81f2586fe2b2" />
<Keyword Index="AssetId" Term="811e933b-a029-421e-9b55-81f2586fe2b2" />
<Keyword Index="AssetId" Term="811e933b-a029-421e-9b55-81f2586fe2b21033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="811e933b-a029-421e-9b55-81f2586fe2b2" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\87853750-cef8-4b95-ba9b-c865b9a792ae.xml" RLTitle="New Role Definition Dialog Box">
<Attr Name="assetid" Value="87853750-cef8-4b95-ba9b-c865b9a792ae" />
<Keyword Index="AssetId" Term="87853750-cef8-4b95-ba9b-c865b9a792ae" />
<Keyword Index="AssetId" Term="87853750-cef8-4b95-ba9b-c865b9a792ae1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="87853750-cef8-4b95-ba9b-c865b9a792ae" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\88a3d65b-8209-447c-8307-454c220accd8.xml" RLTitle="<Authorization Rule or Business Rule> Property Sheet">
<Attr Name="assetid" Value="88a3d65b-8209-447c-8307-454c220accd8" />
<Keyword Index="AssetId" Term="88a3d65b-8209-447c-8307-454c220accd8" />
<Keyword Index="AssetId" Term="88a3d65b-8209-447c-8307-454c220accd81033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="88a3d65b-8209-447c-8307-454c220accd8" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\8bca0570-5905-483b-9e55-48e210089787.xml" RLTitle="<Task Name> Definition Property Sheet: General Tab">
<Attr Name="assetid" Value="8bca0570-5905-483b-9e55-48e210089787" />
<Keyword Index="AssetId" Term="8bca0570-5905-483b-9e55-48e210089787" />
<Keyword Index="AssetId" Term="8bca0570-5905-483b-9e55-48e2100897871033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="8bca0570-5905-483b-9e55-48e210089787" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\8cf72d7f-b0ae-482f-b26c-9540c63cc8ec.xml" RLTitle="Add Definition Dialog Box: Roles Tab">
<Attr Name="assetid" Value="8cf72d7f-b0ae-482f-b26c-9540c63cc8ec" />
<Keyword Index="AssetId" Term="8cf72d7f-b0ae-482f-b26c-9540c63cc8ec" />
<Keyword Index="AssetId" Term="8cf72d7f-b0ae-482f-b26c-9540c63cc8ec1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="8cf72d7f-b0ae-482f-b26c-9540c63cc8ec" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\8eadb7c7-a89b-4aab-a565-5b21ad5b63cb.xml" RLTitle="Add an Authorization Rule to a Role Definition">
<Attr Name="assetid" Value="8eadb7c7-a89b-4aab-a565-5b21ad5b63cb" />
<Keyword Index="AssetId" Term="8eadb7c7-a89b-4aab-a565-5b21ad5b63cb" />
<Keyword Index="AssetId" Term="8eadb7c7-a89b-4aab-a565-5b21ad5b63cb1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="8eadb7c7-a89b-4aab-a565-5b21ad5b63cb" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\93a693c7-e3de-4cf7-95e6-fb6491fc4f31.xml" RLTitle="Understanding Authorization Manager Store Limits">
<Attr Name="assetid" Value="93a693c7-e3de-4cf7-95e6-fb6491fc4f31" />
<Keyword Index="AssetId" Term="93a693c7-e3de-4cf7-95e6-fb6491fc4f31" />
<Keyword Index="AssetId" Term="93a693c7-e3de-4cf7-95e6-fb6491fc4f311033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="93a693c7-e3de-4cf7-95e6-fb6491fc4f31" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\9bd3ff29-71de-466c-a0b9-30b225c1358e.xml" RLTitle="Using and Managing the Authorization Manager Snap-In">
<Attr Name="assetid" Value="9bd3ff29-71de-466c-a0b9-30b225c1358e" />
<Keyword Index="AssetId" Term="9bd3ff29-71de-466c-a0b9-30b225c1358e" />
<Keyword Index="AssetId" Term="9bd3ff29-71de-466c-a0b9-30b225c1358e1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="9bd3ff29-71de-466c-a0b9-30b225c1358e" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\a1c72a61-31f7-4d5e-b8f5-0f6fb9c0bc90.xml" RLTitle="Create an Authorization Manager Application">
<Attr Name="assetid" Value="a1c72a61-31f7-4d5e-b8f5-0f6fb9c0bc90" />
<Keyword Index="AssetId" Term="a1c72a61-31f7-4d5e-b8f5-0f6fb9c0bc90" />
<Keyword Index="AssetId" Term="a1c72a61-31f7-4d5e-b8f5-0f6fb9c0bc901033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="a1c72a61-31f7-4d5e-b8f5-0f6fb9c0bc90" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\a1f5e7f1-97e2-4a67-a83f-7d869ef4aff4.xml" RLTitle="Allow Other Users to Administer an Authorization Store">
<Attr Name="assetid" Value="a1f5e7f1-97e2-4a67-a83f-7d869ef4aff4" />
<Keyword Index="AssetId" Term="a1f5e7f1-97e2-4a67-a83f-7d869ef4aff4" />
<Keyword Index="AssetId" Term="a1f5e7f1-97e2-4a67-a83f-7d869ef4aff41033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="a1f5e7f1-97e2-4a67-a83f-7d869ef4aff4" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\a364ca04-413a-4681-971a-7b727c7e4fa4.xml" RLTitle="Add the Authorization Manager Snap-In to MMC">
<Attr Name="assetid" Value="a364ca04-413a-4681-971a-7b727c7e4fa4" />
<Keyword Index="AssetId" Term="a364ca04-413a-4681-971a-7b727c7e4fa4" />
<Keyword Index="AssetId" Term="a364ca04-413a-4681-971a-7b727c7e4fa41033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="a364ca04-413a-4681-971a-7b727c7e4fa4" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\a554bec2-7ce7-45fb-a84c-063133141635.xml" RLTitle="Assign a Windows User or Group to a Role">
<Attr Name="assetid" Value="a554bec2-7ce7-45fb-a84c-063133141635" />
<Keyword Index="AssetId" Term="a554bec2-7ce7-45fb-a84c-063133141635" />
<Keyword Index="AssetId" Term="a554bec2-7ce7-45fb-a84c-0631331416351033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="a554bec2-7ce7-45fb-a84c-063133141635" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\b03487c7-3ec6-46b6-9878-8a62bafbabfc.xml" RLTitle="Change the Properties of an Authorization Store">
<Attr Name="assetid" Value="b03487c7-3ec6-46b6-9878-8a62bafbabfc" />
<Keyword Index="AssetId" Term="b03487c7-3ec6-46b6-9878-8a62bafbabfc" />
<Keyword Index="AssetId" Term="b03487c7-3ec6-46b6-9878-8a62bafbabfc1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="b03487c7-3ec6-46b6-9878-8a62bafbabfc" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\b083dda8-8bc3-4dff-b7e3-b9e41e9cd369.xml" RLTitle="Options Dialog Box">
<Attr Name="assetid" Value="b083dda8-8bc3-4dff-b7e3-b9e41e9cd369" />
<Keyword Index="AssetId" Term="b083dda8-8bc3-4dff-b7e3-b9e41e9cd369" />
<Keyword Index="AssetId" Term="b083dda8-8bc3-4dff-b7e3-b9e41e9cd3691033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="b083dda8-8bc3-4dff-b7e3-b9e41e9cd369" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\b08e119e-2d1b-482d-8fdd-88d120a0ad3a.xml" RLTitle="New Task Dialog Box">
<Attr Name="assetid" Value="b08e119e-2d1b-482d-8fdd-88d120a0ad3a" />
<Keyword Index="AssetId" Term="b08e119e-2d1b-482d-8fdd-88d120a0ad3a" />
<Keyword Index="AssetId" Term="b08e119e-2d1b-482d-8fdd-88d120a0ad3a1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="b08e119e-2d1b-482d-8fdd-88d120a0ad3a" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\b42ada63-88c6-4924-aa45-c8abef160975.xml" RLTitle="Overview of Authorization Manager">
<Attr Name="assetid" Value="b42ada63-88c6-4924-aa45-c8abef160975" />
<Keyword Index="AssetId" Term="b42ada63-88c6-4924-aa45-c8abef160975" />
<Keyword Index="AssetId" Term="b42ada63-88c6-4924-aa45-c8abef1609751033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="b42ada63-88c6-4924-aa45-c8abef160975" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\b60f5e4e-2d89-410f-8564-489774028610.xml" RLTitle="<Operation Name> Properties Dialog Box">
<Attr Name="assetid" Value="b60f5e4e-2d89-410f-8564-489774028610" />
<Keyword Index="AssetId" Term="b60f5e4e-2d89-410f-8564-489774028610" />
<Keyword Index="AssetId" Term="b60f5e4e-2d89-410f-8564-4897740286101033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="b60f5e4e-2d89-410f-8564-489774028610" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\b89a3969-418e-4224-972d-d40bf5b3f7ed.xml" RLTitle="<Store Name> Property Sheet: Limits Tab">
<Attr Name="assetid" Value="b89a3969-418e-4224-972d-d40bf5b3f7ed" />
<Keyword Index="AssetId" Term="b89a3969-418e-4224-972d-d40bf5b3f7ed" />
<Keyword Index="AssetId" Term="b89a3969-418e-4224-972d-d40bf5b3f7ed1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="b89a3969-418e-4224-972d-d40bf5b3f7ed" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\c0568214-22d8-4d08-830b-2379d84c91da.xml" RLTitle="Add an Authorization Rule to a Task Definition">
<Attr Name="assetid" Value="c0568214-22d8-4d08-830b-2379d84c91da" />
<Keyword Index="AssetId" Term="c0568214-22d8-4d08-830b-2379d84c91da" />
<Keyword Index="AssetId" Term="c0568214-22d8-4d08-830b-2379d84c91da1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="c0568214-22d8-4d08-830b-2379d84c91da" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\c4a6cb43-f98e-41c8-875d-c53d7b3b690a.xml" RLTitle="<Group Name> Property Sheet: Members Tab">
<Attr Name="assetid" Value="c4a6cb43-f98e-41c8-875d-c53d7b3b690a" />
<Keyword Index="AssetId" Term="c4a6cb43-f98e-41c8-875d-c53d7b3b690a" />
<Keyword Index="AssetId" Term="c4a6cb43-f98e-41c8-875d-c53d7b3b690a1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="c4a6cb43-f98e-41c8-875d-c53d7b3b690a" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\c7365dce-f571-49d7-9524-2a9edf0451bf.xml" RLTitle="New Authorization Store Dialog Box">
<Attr Name="assetid" Value="c7365dce-f571-49d7-9524-2a9edf0451bf" />
<Keyword Index="AssetId" Term="c7365dce-f571-49d7-9524-2a9edf0451bf" />
<Keyword Index="AssetId" Term="c7365dce-f571-49d7-9524-2a9edf0451bf1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="c7365dce-f571-49d7-9524-2a9edf0451bf" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\cda23592-f7c5-47d8-a6cc-e84d4210d431.xml" RLTitle="Understanding Authorization Rules and Business Rules">
<Attr Name="assetid" Value="cda23592-f7c5-47d8-a6cc-e84d4210d431" />
<Keyword Index="AssetId" Term="cda23592-f7c5-47d8-a6cc-e84d4210d431" />
<Keyword Index="AssetId" Term="cda23592-f7c5-47d8-a6cc-e84d4210d4311033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="cda23592-f7c5-47d8-a6cc-e84d4210d431" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\cf8cc355-d055-4536-92f6-22813ef42b3c.xml" RLTitle="<Application or Store Name> Property Sheet: Auditing Tab">
<Attr Name="assetid" Value="cf8cc355-d055-4536-92f6-22813ef42b3c" />
<Keyword Index="AssetId" Term="cf8cc355-d055-4536-92f6-22813ef42b3c" />
<Keyword Index="AssetId" Term="cf8cc355-d055-4536-92f6-22813ef42b3c1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="cf8cc355-d055-4536-92f6-22813ef42b3c" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\d1397e5e-8bdd-415d-b67d-bbb19aeeeee2.xml" RLTitle="Assign an Application Group to a Role">
<Attr Name="assetid" Value="d1397e5e-8bdd-415d-b67d-bbb19aeeeee2" />
<Keyword Index="AssetId" Term="d1397e5e-8bdd-415d-b67d-bbb19aeeeee2" />
<Keyword Index="AssetId" Term="d1397e5e-8bdd-415d-b67d-bbb19aeeeee21033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="d1397e5e-8bdd-415d-b67d-bbb19aeeeee2" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\d528fb6e-616f-4c1d-bb4c-84b6a504c0c2.xml" RLTitle="User Interface: Authorization Manager">
<Attr Name="assetid" Value="d528fb6e-616f-4c1d-bb4c-84b6a504c0c2" />
<Keyword Index="AssetId" Term="d528fb6e-616f-4c1d-bb4c-84b6a504c0c2" />
<Keyword Index="AssetId" Term="d528fb6e-616f-4c1d-bb4c-84b6a504c0c21033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="d528fb6e-616f-4c1d-bb4c-84b6a504c0c2" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\d7145ff2-d560-498d-89e0-a10359799da5.xml" RLTitle="Checklist: Before You Start Using Authorization Manager">
<Attr Name="assetid" Value="d7145ff2-d560-498d-89e0-a10359799da5" />
<Keyword Index="AssetId" Term="d7145ff2-d560-498d-89e0-a10359799da5" />
<Keyword Index="AssetId" Term="d7145ff2-d560-498d-89e0-a10359799da51033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="d7145ff2-d560-498d-89e0-a10359799da5" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\df0924f5-2c0f-4e6e-b94c-a00a63c88160.xml" RLTitle="Change the Properties of a Group within an Authorization Store">
<Attr Name="assetid" Value="df0924f5-2c0f-4e6e-b94c-a00a63c88160" />
<Keyword Index="AssetId" Term="df0924f5-2c0f-4e6e-b94c-a00a63c88160" />
<Keyword Index="AssetId" Term="df0924f5-2c0f-4e6e-b94c-a00a63c881601033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="df0924f5-2c0f-4e6e-b94c-a00a63c88160" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\e0b4ddb8-6422-471c-8c5b-12e6fea7cb35.xml" RLTitle="Add Definition Dialog Box: Operations Tab">
<Attr Name="assetid" Value="e0b4ddb8-6422-471c-8c5b-12e6fea7cb35" />
<Keyword Index="AssetId" Term="e0b4ddb8-6422-471c-8c5b-12e6fea7cb35" />
<Keyword Index="AssetId" Term="e0b4ddb8-6422-471c-8c5b-12e6fea7cb351033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="e0b4ddb8-6422-471c-8c5b-12e6fea7cb35" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\eb35e1cb-4840-40e2-b2e5-0e49562024b3.xml" RLTitle="New Operation Definition Dialog Box">
<Attr Name="assetid" Value="eb35e1cb-4840-40e2-b2e5-0e49562024b3" />
<Keyword Index="AssetId" Term="eb35e1cb-4840-40e2-b2e5-0e49562024b3" />
<Keyword Index="AssetId" Term="eb35e1cb-4840-40e2-b2e5-0e49562024b31033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="eb35e1cb-4840-40e2-b2e5-0e49562024b3" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\f27a7262-e5ff-4064-96ec-0fc0fe93c4c0.xml" RLTitle="Activate Auditing for an Authorization Store">
<Attr Name="assetid" Value="f27a7262-e5ff-4064-96ec-0fc0fe93c4c0" />
<Keyword Index="AssetId" Term="f27a7262-e5ff-4064-96ec-0fc0fe93c4c0" />
<Keyword Index="AssetId" Term="f27a7262-e5ff-4064-96ec-0fc0fe93c4c01033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="f27a7262-e5ff-4064-96ec-0fc0fe93c4c0" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\f431afc5-b4bd-4cab-b5f5-b84f3955e401.xml" RLTitle="<Role Name> Property Sheet: General Tab">
<Attr Name="assetid" Value="f431afc5-b4bd-4cab-b5f5-b84f3955e401" />
<Keyword Index="AssetId" Term="f431afc5-b4bd-4cab-b5f5-b84f3955e401" />
<Keyword Index="AssetId" Term="f431afc5-b4bd-4cab-b5f5-b84f3955e4011033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="f431afc5-b4bd-4cab-b5f5-b84f3955e401" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\f7a6a421-89d5-4c3f-b5bd-6c4c0f4f41ac.xml" RLTitle="Define an Operation in Authorization Manager">
<Attr Name="assetid" Value="f7a6a421-89d5-4c3f-b5bd-6c4c0f4f41ac" />
<Keyword Index="AssetId" Term="f7a6a421-89d5-4c3f-b5bd-6c4c0f4f41ac" />
<Keyword Index="AssetId" Term="f7a6a421-89d5-4c3f-b5bd-6c4c0f4f41ac1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1804" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="f7a6a421-89d5-4c3f-b5bd-6c4c0f4f41ac" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
</VTopicSet><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpTOC>
<HelpTOC xmlns="http://schemas.microsoft.com/help/toc/2004/11" DTDVersion="1.0" Id="authm_TOC" FileVersion="" LangId="1033" ParentNodeIcon="Book" PluginStyle="Hierarchical">
<HelpTOCNode Url="mshelp://windows/?tocid=9b747721-2e3f-485e-82bf-61903fead1b4" Title="">
<HelpTOCNode Url="mshelp://windows/?id=427ffef5-e054-44ce-949a-09be24b01728" Title="Authorization Manager">
<HelpTOCNode Url="mshelp://windows/?id=b42ada63-88c6-4924-aa45-c8abef160975" Title="Overview of Authorization Manager" />
<HelpTOCNode Url="mshelp://windows/?id=1f8f1a16-af60-4e44-8836-a6373b48fa67" Title="What's New in Authorization Manager" />
<HelpTOCNode Url="mshelp://windows/?id=d7145ff2-d560-498d-89e0-a10359799da5" Title="Checklist: Before You Start Using Authorization Manager" />
<HelpTOCNode Url="mshelp://windows/?id=9bd3ff29-71de-466c-a0b9-30b225c1358e" Title="Using and Managing the Authorization Manager Snap-In">
<HelpTOCNode Url="mshelp://windows/?id=a364ca04-413a-4681-971a-7b727c7e4fa4" Title="Add the Authorization Manager Snap-In to MMC" />
<HelpTOCNode Url="mshelp://windows/?id=4c026431-c042-4ccc-9761-a32f465ae684" Title="Start Authorization Manager" />
<HelpTOCNode Url="mshelp://windows/?id=7b83af3f-b3c8-481d-8558-e32a7447a367" Title="Set Authorization Manager Options" />
<HelpTOCNode Url="mshelp://windows/?id=811e933b-a029-421e-9b55-81f2586fe2b2" Title="Synchronize the Authorization Manager Console" />
</HelpTOCNode>
<HelpTOCNode Url="mshelp://windows/?id=63c53320-fbcd-42b3-ae6d-0a89d8228c62" Title="Managing Authorization Stores">
<HelpTOCNode Url="mshelp://windows/?id=5a9cbc58-21a6-4946-a0a1-373d5edc264a" Title="Create an Authorization Store" />
<HelpTOCNode Url="mshelp://windows/?id=b03487c7-3ec6-46b6-9878-8a62bafbabfc" Title="Change the Properties of an Authorization Store" />
<HelpTOCNode Url="mshelp://windows/?id=a1f5e7f1-97e2-4a67-a83f-7d869ef4aff4" Title="Allow Other Users to Administer an Authorization Store" />
<HelpTOCNode Url="mshelp://windows/?id=f27a7262-e5ff-4064-96ec-0fc0fe93c4c0" Title="Activate Auditing for an Authorization Store" />
<HelpTOCNode Url="mshelp://windows/?id=0e8e5a95-1cdc-4876-b49c-f04a68f73128" Title="Connect to an SQL-based Authorization Store" />
<HelpTOCNode Url="mshelp://windows/?id=57075178-e06b-44b9-a0cd-588c244fe704" Title="Understanding Authorization Manager Stores" />
<HelpTOCNode Url="mshelp://windows/?id=93a693c7-e3de-4cf7-95e6-fb6491fc4f31" Title="Understanding Authorization Manager Store Limits" />
</HelpTOCNode>
<HelpTOCNode Url="mshelp://windows/?id=6568d6dc-df83-4716-b990-4aba2212e99a" Title="Managing Applications and Scopes">
<HelpTOCNode Url="mshelp://windows/?id=4a076990-699c-4c45-92b5-4e5eb50208d7" Title="Create an Application Group within an Authorization Store" />
<HelpTOCNode Url="mshelp://windows/?id=df0924f5-2c0f-4e6e-b94c-a00a63c88160" Title="Change the Properties of a Group within an Authorization Store" />
<HelpTOCNode Url="mshelp://windows/?id=a1c72a61-31f7-4d5e-b8f5-0f6fb9c0bc90" Title="Create an Authorization Manager Application" />
<HelpTOCNode Url="mshelp://windows/?id=11edca2e-bedf-4fc4-bf8b-3083efbbb5e3" Title="Understanding Authorization Manager Applications" />
<HelpTOCNode Url="mshelp://windows/?id=6083e41e-0a7d-47ba-9a87-59c79990f745" Title="Understanding Authorization Manager Scopes" />
<HelpTOCNode Url="mshelp://windows/?id=6857c310-c2fb-4f9d-9a4c-639f38ffab73" Title="Understanding Authorization Manager Auditing" />
</HelpTOCNode>
<HelpTOCNode Url="mshelp://windows/?id=1faebced-b2b3-4772-a8df-2d2f7b5e177b" Title="Managing Groups, Roles, and Tasks">
<HelpTOCNode Url="mshelp://windows/?id=a554bec2-7ce7-45fb-a84c-063133141635" Title="Assign a Windows User or Group to a Role" />
<HelpTOCNode Url="mshelp://windows/?id=d1397e5e-8bdd-415d-b67d-bbb19aeeeee2" Title="Assign an Application Group to a Role" />
<HelpTOCNode Url="mshelp://windows/?id=6d2736d9-d803-423c-b376-29c04929d3ee" Title="Choose Users or Groups with a Custom Object Picker" />
<HelpTOCNode Url="mshelp://windows/?id=f7a6a421-89d5-4c3f-b5bd-6c4c0f4f41ac" Title="Define an Operation in Authorization Manager" />
<HelpTOCNode Url="mshelp://windows/?id=7c373b4c-7124-420b-82b2-d62528ceec58" Title="Understanding Authorization Manager Application Groups" />
<HelpTOCNode Url="mshelp://windows/?id=2fc7ad83-7967-44be-88ef-c2c517952043" Title="Understanding Authorization Manager Role, Task, and Operation Definitions" />
<HelpTOCNode Url="mshelp://windows/?id=41a112a6-1b0c-4994-a2b5-5fe1ccb81adb" Title="Understanding Authorization Manager Role Assignments" />
</HelpTOCNode>
<HelpTOCNode Url="mshelp://windows/?id=2193b1ca-331a-40fb-affe-9cf9abc2a6ae" Title="Controlling Authorization by Using Authorization Rules and Business Rules">
<HelpTOCNode Url="mshelp://windows/?id=c0568214-22d8-4d08-830b-2379d84c91da" Title="Add an Authorization Rule to a Task Definition" />
<HelpTOCNode Url="mshelp://windows/?id=8eadb7c7-a89b-4aab-a565-5b21ad5b63cb" Title="Add an Authorization Rule to a Role Definition" />
<HelpTOCNode Url="mshelp://windows/?id=cda23592-f7c5-47d8-a6cc-e84d4210d431" Title="Understanding Authorization Rules and Business Rules" />
</HelpTOCNode>
<HelpTOCNode Url="mshelp://windows/?id=5187d0f6-0e81-4128-a1a7-509444c77890" Title="Troubleshooting Authorization Manager" />
<HelpTOCNode Url="mshelp://windows/?id=1fd01896-c118-4c0e-949b-aad87ea063e5" Title="Resources for Authorization Manager" />
<HelpTOCNode Url="mshelp://windows/?id=d528fb6e-616f-4c1d-bb4c-84b6a504c0c2" Title="User Interface: Authorization Manager">
<HelpTOCNode Url="mshelp://windows/?id=8cf72d7f-b0ae-482f-b26c-9540c63cc8ec" Title="Add Definition Dialog Box: Roles Tab" />
<HelpTOCNode Url="mshelp://windows/?id=1614b1cb-5f53-4175-a965-df24cf1982de" Title="Add Definition Dialog Box: Tasks Tab" />
<HelpTOCNode Url="mshelp://windows/?id=e0b4ddb8-6422-471c-8c5b-12e6fea7cb35" Title="Add Definition Dialog Box: Operations Tab" />
<HelpTOCNode Url="mshelp://windows/?id=0dda9d4b-2711-4a45-b98b-3b18b5e5e163" Title="Add Groups Dialog Box" />
<HelpTOCNode Url="mshelp://windows/?id=316142b3-d6d7-40ec-beb1-b2fd8f2e2521" Title="<Application Name> Property Sheet: General Tab" />
<HelpTOCNode Url="mshelp://windows/?id=cf8cc355-d055-4536-92f6-22813ef42b3c" Title="<Application or Store Name> Property Sheet: Auditing Tab" />
<HelpTOCNode Url="mshelp://windows/?id=88a3d65b-8209-447c-8307-454c220accd8" Title="<Authorization Rule or Business Rule> Property Sheet" />
<HelpTOCNode Url="mshelp://windows/?id=6519a260-0c63-4172-a1a5-d576581eb07e" Title="<Group Name> Property Sheet: General Tab" />
<HelpTOCNode Url="mshelp://windows/?id=301eb3de-1084-49a3-9708-af750590b14a" Title="<Group Name> Property Sheet: Exclusions Tab" />
<HelpTOCNode Url="mshelp://windows/?id=c4a6cb43-f98e-41c8-875d-c53d7b3b690a" Title="<Group Name> Property Sheet: Members Tab" />
<HelpTOCNode Url="mshelp://windows/?id=0516b760-e489-4048-a7ee-7219cc2d47ff" Title="<Group Name> Property Sheet: Query Tab" />
<HelpTOCNode Url="mshelp://windows/?id=369a7869-3aed-43c2-ad99-8d6b9a40345c" Title="New Application Dialog Box" />
<HelpTOCNode Url="mshelp://windows/?id=4996409a-af9f-4dc8-8bc0-e1aba2c98aea" Title="New Application Group Dialog Box" />
<HelpTOCNode Url="mshelp://windows/?id=c7365dce-f571-49d7-9524-2a9edf0451bf" Title="New Authorization Store Dialog Box" />
<HelpTOCNode Url="mshelp://windows/?id=eb35e1cb-4840-40e2-b2e5-0e49562024b3" Title="New Operation Definition Dialog Box" />
<HelpTOCNode Url="mshelp://windows/?id=87853750-cef8-4b95-ba9b-c865b9a792ae" Title="New Role Definition Dialog Box" />
<HelpTOCNode Url="mshelp://windows/?id=313c6deb-14c7-45d6-a90c-7a7bd5b32d43" Title="New Scope Dialog Box" />
<HelpTOCNode Url="mshelp://windows/?id=b08e119e-2d1b-482d-8fdd-88d120a0ad3a" Title="New Task Dialog Box" />
<HelpTOCNode Url="mshelp://windows/?id=3d6661e4-d84b-4c9a-b09e-a04da656b0a9" Title="Open Authorization Store Dialog Box: Active Directory Browse" />
<HelpTOCNode Url="mshelp://windows/?id=28ecac39-9498-46d1-9670-8c166af88156" Title="Open Authorization Store Dialog Box" />
<HelpTOCNode Url="mshelp://windows/?id=b60f5e4e-2d89-410f-8564-489774028610" Title="<Operation Name> Properties Dialog Box" />
<HelpTOCNode Url="mshelp://windows/?id=b083dda8-8bc3-4dff-b7e3-b9e41e9cd369" Title="Options Dialog Box" />
<HelpTOCNode Url="mshelp://windows/?id=f431afc5-b4bd-4cab-b5f5-b84f3955e401" Title="<Role Name> Property Sheet: General Tab" />
<HelpTOCNode Url="mshelp://windows/?id=684cf18f-a298-4fce-b942-2053616818e7" Title="<Role Name> Property Sheet: Definition Tab" />
<HelpTOCNode Url="mshelp://windows/?id=5b73725f-7090-4f89-a50e-f5d4f1cabefb" Title="<Role Assignment> Property Sheet" />
<HelpTOCNode Url="mshelp://windows/?id=5b03edb4-1a0e-4d2f-9b33-bf56e6c91369" Title="<Scope Name> Property Sheet" />
<HelpTOCNode Url="mshelp://windows/?id=11df9361-ad81-4d8b-90c2-19e599f621f0" Title="<Store Name> Property Sheet: General Tab" />
<HelpTOCNode Url="mshelp://windows/?id=b89a3969-418e-4224-972d-d40bf5b3f7ed" Title="<Store Name> Property Sheet: Limits Tab" />
<HelpTOCNode Url="mshelp://windows/?id=140e185a-d024-41da-a651-b681e8e6f6e2" Title="<Store Name> Property Sheet: Security Tab" />
<HelpTOCNode Url="mshelp://windows/?id=8bca0570-5905-483b-9e55-48e210089787" Title="<Task Name> Definition Property Sheet: General Tab" />
<HelpTOCNode Url="mshelp://windows/?id=67e26497-3093-4aba-b524-3be32eea5612" Title="<Task Name> Definition Property Sheet: Definition Tab" />
</HelpTOCNode>
</HelpTOCNode>
</HelpTOCNode>
</HelpTOC><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpIndex>
<HelpIndex DTDVersion="1.0" Name="AssetId" /><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpIndex>
<HelpIndex DTDVersion="1.0" Name="BestBet" /><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpIndex>
<HelpIndex DTDVersion="1.0" Name="LinkTerm" /><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpIndex>
<HelpIndex DTDVersion="1.0" Name="SubjectTerm" /> 5y�`!7�V��Ol36>t 7 2tEi
A66'!*JIURQ)`u]1t6�]B97>]@Aўqm
nP_[4Ԩ m3XgA]�pE"zu5����Qyz>@hH Q&~5kZ8<
CGhk1ŚgZ[..Cn;k| wPa]o&V>H_1fOUsJ/O7ܰWM~OwOp5Sfe6^֞_py
f=Yms
sOdM?wAZ ԋ"}߆
n|_O_d!6]|.Gm>>q?ɮ}k>E^֞lq|s9s={9kKjV㫢 /pӦ>XO.g.|z{z?$<#uZ5??
s0
̗=uY3 ߛj9\;
ryyrs>U簟n.<ry^2,rM7h>9\<Kqs\N~y河W6{\
/|.on{\<sl{
ssaz79\kge6<sy
2Y1735ߛ%_랜5EV6tO:jwmQ
9G
ϙ
5Q
7GGmԍշv?C~?m~=td?}Uo
z]k|nm |[w}]W8<i]SE5﷿ky]ʥ \}8^5)};d}/m&z7 Ͱ~3GpVx7kI§y 6i~3{憿O߇;7ۛn& v!nZG>Ė�7
[[:WmW7fqǐc07f_}9>f8}Ǟ|G
ٟ5Et
N
gHh1?u^IVK.9?֩r~lS;|r{'<< У?
SWߗ=ᖖcq=\7W-fOLJcan 衅}A>4Ch̡uy<C[=
C
Cyن͡vy
=Cc~]=C{Ư|;m#
C{hֲt_:t6wɣc7 I?
oG
tֆ:~ܨ С^]O|KGOv?.,tZ x艮芭f[++FV+V܊ݘ雮ۊ[+qtOWuW
Q,uSW|ŏoTfݬ
[nWs]Oi
w?ni
Ki/^O4^ĺnk}K|>V}c:?gӟ-Ot>v-FN
{-u#+72_tF,xCx`~GSg{w臌9bǻ<
#|<!yC8|9djo~{
<!
zCe??ߎzlCLqL9Ygr ?dK`F{=!~l!k|{~!㴹j;?UN=!x<l= |qب2~IӾK;zuWݝw\WW|߇?x/^NNx�PF1į=Oo/
<0xh D
`7A
,<\yAÝ<
kGM;
x- §
Sս#\]kdCVfSJ_ uvd^O.d8/ ˝
[{{1UtWϽo&nR})}߸tJN)}/:Rw})/:V;N)}bSW
)}fS">So:ŧJ_uO龋җ)}vS>>S/:_O龒;N)}SoZ>S_vJ;OO龙N)}w}9)ҷ=)}o>~SJ_}}JѧJ{vO龤[N)}}O)S_nJWS)}>SJ_vMηSJ_vN})o>S_wJ;MS/;uSJ_wN});}S_xJO)}<%
SJ_xO})e<>SuFSvWNS_yJ[-O)}<řWnSJ_yO}=){7MySWRҔSM_s
V+
++
++
++
++
++
++
++
++
++
++
++
++
++
+l)[?
ɤ
PkjaC(!ׂ0lp`
ðC!plp`H`0|B\.
#
É!q`h
.
/
0q`ܸ\0r-.
;
Ï!0{0\-G.
$
ár`0L\.
WC!`Xl\0_.
0
ápHs``^0
6
Û!a`x.
sPs`ܹ[00T^
<
!`0\/~
`0].
B
apHt`0,\[]0-.
H
äpmm4�-@ � @�@ � @�@ � @�@ � @�@ � @�@ � @�@ � @�@ � @�@ � @}ѯWag=D
l,
,,
,,
,,
,,
,,
,,
,,
,,
,,
,,
,,
,,
,,
,,
,,
B!D"!B"DB!D"!B"DB!D"!B"DB!D"!B"DB!D"!B"DB!D"!B"DB!D"!B"DB!D"!B"DB!D"!B"DB!D"!B"DB!D"!B"DB!D"!B"DB!D"!B"DB!D"!B"DB!D"!B"DB!D"!B?znW=U3\g۾ʟZ5|_?됪?6qrO:_-j
\Y?
_]Spsr)|+9|,
nvxo}{wl{l}vGAB
-B-B
-B-B
-B-B
-B-B
-B-B
-B-B
-B-B
-B-B
-B-B
-B-B
-B-B
-B-B
-B-B
-B-B
-B-B
-B-B
-B-B
-B-B
-B-B
-B-B
-B-B
-B-ԅA $H AH$ A $H AH$ A $H AH$ A $H AH$ A $H AH$ A $H AH$ A $H AH$ A $H AH$ A $H AH$ A $H AH$ A $H AH$ A $H AH$ A $H AH$ A $H AH$ A $H AH$ A $H AH${ @m a0&L 0aL& a0&L 0aL& a0&L 0aL& a0&L 0aL& a0&L 0aL& a0&L 0aL& a0&L 0aL& a0&L 0aL& a0&L 0aL& a0&L 0aL& a0&L 0aL& a0&L 0aL& a0&L 0aL& a0&L 0aL& a0&L 0aL& a0&L 0a~.
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
._]ܖ蛟U}d˷R?
UfATPPATATPPATATPPATATP;PATATPPATATPPATATPPAT�@
E/PT
**
*=7Z:+5ATPPATATP
v
jXPATATPPATATPPATATPPATAPs
;wAtì
;pwC{
;w5|x0C9<(xXǃ;w"y a.`
<yaўsZ C**V"(((((((((((((((((((((((((((((((((((ʬ塂gggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggzwQEEQUf(((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((ʬٙ٠vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv7}x%"(((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((/?ϑ^j|ByϫUPA^z
*jj
o(((((((((((((((((((((((V+/B(((((((((((((((((((((((((((((((((((((((I"((((((((((((((((((((((((((((EQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEIQP%EQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQQEEQ\ʊB()$> jG+̻:\A'}$fJ׀՟v6wm?k?\{O_j{_)}ߟ{Kj
{?s&qUqWo?;.
>gS;L/_{ewT~_@_ K8m;5ϷJ}Ѻɫo<U}W~m#f~a
֨"
on?ݙ.:_lpZ*n{
/s9yٯ
J=Nyܛn5 \k}wq:G=~�;̿ Uu 5QM`
Ypre`5TD(PK
%/*j }D3UDwTfp9}=y=~}`Cws캀{?uUb$P-
&d% ]bZ%T"<1ۅn*Eq&TEʭEnqDrT�D0+�0*>#Uwp*MֿlF6sʁ(:O
`HH+
y-L<ymTvV}PâsZԎ3"y+b=qDV#}
Fom)
:foW!R_756lk
PzN^x
y 5r]f�`s 87�~[݉UƞN{
uJ+fYڰY
6ϴ%ګ+zac۪u 8ŗ:- gRtl
UAuT=5N~G`↯sxeom;"[.ҽ씐SF$
vF}-ݰǍ7
H}B]lE~
-:m=X^3Sﳥ%ew}mmpQW>:ĽtD,0%[ϳ{֑K?t
OG5c⢙f)B@?G!ƖL>̈́xr
p`awAYk±0UW
r
{H `TrF/=9lɆt`{*L{^(j#ze
\f/W@/N4??J%*enp ;4`=H6YM4SE畵P09Q$Wkvm,6F8jQ!@C͗ vXuLm&ʡb̧T;Mzegru{PODNo 5i;פ v wE`8Tq#cw[QB
=R PG@l46G)F-^,h�(
x'=]EKh*}k:�}/c78
Q^4wzuBc/־}?Ewl?bQi]~3ogJAT Tc7:O-Ϟ-Ʊ�6
@ErÜ#CKA
Dg+sBCZr/z>W _-SL˖7!,4ѯ
%J6Bw?
B/җ|j߉5{GZX ӄjeE
}Ү
$B4Jʤ#\d[Wm6@N-%9ɩ-мVeWLb082]o)zaY4 [7fc^b
tN<1v]D%8vޕ?/7,opozD˚5P(;=
uMNrk~"~1/e`NZ*KvXt]ߺ2Fln"ODŘ.`Qq
NT JϨ{
j1u3(X㺊 Y&}
mJ<R]iOSC!!8sXΞ`v]vM^t8Lf/ta)I<
{%X=8
dT1YmJQU0/0{8b=$7dw
_X|acٖ.T9|
˪'o'
|6@RԩNsه
<i>l<256w1j 2C<x)
ZcfZQ9oDwMh.Yf.>LN2`RXe,2
e=*I8~jÈ{f X]̭twX{yؼH~2M
Ovfܰ. {=TxZxb&m1
ر�|MkZ
D:iTlR<7Wf@ x/R
j
d{Tiژq
ɶ`L<j߫״i:%3kyF/`pP2c
,S@`0~mLVb(&+gj9,Z>h'iUq:~)?_Xy`;8ǨV {
͈2;
UݍOh�oE{ٙkd 3Ar{V,rxmͿНB/ΨmHw:x?9
w{J7H@e`б:y-`a#ts±\K hЍY/_o|''
\3TcFKIpE.!_ E tV`v )=�z5̙SĪ`kx`fl\Jx:گ(óh,ǎ|w:[A
$?8^:\bm2
1]~p s"lN^irRS5gzu:Ia!Rڧ%kU4Ǽ Y
>
ɷcG>ĊHͰTFSY=6NN[ߧej=XA*w' p'/ !b03~94z@EJVt
"�خP;/H K(X
=/r
?
]`Iܾ ŗ29kd>PBIV2{JYa W]%
4C8hh``n$R
IFBa{ƹ%`jSt}]+6+#E
X@H3]}=}|Wwaz*.DG[�'һo#kOud� d?k*J%~wL9EQ7J0ŐM:5c
Wnۙ%-cNPPl :r`+v㖫,b<
M&3=yIKûh_ݔ_=*`B
*I=E7 J
!8`D7
8F`!3u/ڳMZZKx"\zDEx\"&
WN@
0l&hgL<3Ycʻ6@,V:n}"0QfJ: яP(o+EgXAw9dmL,N<6{%PfUÑ5XVV-2,"ҤkVV|I:$G"Ѧe?ۏw Gy')H?rs*0v<_+
_!j/ִj�]+>(L5iv:u}
f R:Ϗ 8s zU>gZ6ya>%}<IܰDAF;k:}k,X-nB
b X
:�eI]7.v?
+; {o<466# Uh0|Q!us$ w
('1Qyt\'Zj٫$OEe$R7T+3@:?aH
UXuxQ7A"oz[K'o5/GS?Z7Ue,vv;r iFue8*B7,z
ﻣ^=v3
̽(az R$$J3|"amS+`R`Hx#hnKu#629,hŎ
}ee1 j}W\H
־n3_ث[SQ3T4g)9Hi8OAwh"9b"E{]T㦻Xɑ2i?
oU
]>1oq{Q렰!x̥=')!z@fr|V3$]WBzRpt^|
l;u5I@5:Sr}vWw!,6U?͐7
# `(DŖ`:fn;Ri
^JbપX{J'Z`9Bm
j)1wd
⇱`<
ie Nn83V5:w
̠?hiPla4*@͜r6^p6
yk(ir6Z
Fǭ!?AD9RJ uEK5~4 ~?`~
تK{|w6Il48'FLp
;*[mq¬ϗ-<m
OG
$Q
JTH1z`ɟ~8Hl
[ǷϢ/Mo=y퇄߃W_<!{
_v~ �tKדCW> j
,,g.R䫬"{_T*?,52_ ϠO zpG'6::
Li?iPt/XӤxVE=>nJ>ɔ~[z2|
}H}cm
�).
3\L?ғm/!dk-ti6M*g)_\J"
_踊ɸuz:nro쁗,r<}rv
ſ͝j¿~[tC4Ӈ{M7EI^Ys!W=6qE%֖4%
:uH
Wo
Ǧ&݄cy١pNO)qW7EwMTgb$.sf/KfAeK[RBg
[&%z]
f[҆R^mw~iah&
[Q
LQHp-ׇd HXFQ
`Cr49
~peޣ [rh
F3ytI[(`W
Z5N
^_iSY+_%)i>JU;u.M{דyNe
"`A$&D(~I#U`3xh&w.Յ:>ؘ
L֓\
z
s/_w#
=ؓGyWܫcu4y+V
M6YLknh
n`yAQ
: 3¦ Y,'Bc$ [緅/{?+|7.Dy^t_e{rVpn o~Yr1
7Ns{aEqr@kAHOam'OF[58|{+k? mO[dZ\83J�(OۿXE
?Jj"Ad{E ǽD"%_1
7je҃+Lz
v
~
1x yg4wsݞ$~yx[xəG̻[
3E
' ?Ŷx2
K~ $6P_~j>su;(A#!*3;826
kf]bb9m/X5A&5aҺ"߂Jmapʟ?l? Q\y#;ǝ~4'I%R%9BVL"LRKH(H>FDC Ï:?X
23x-
� {YZ-*(+QuD?$�UƯſNXE,*W跄^>*[�"
_
l|1HO,˲,,˲,,˲,,˲,,˲,,˲,,˲,,˲/P �
[l˹ႅFLPx0([S
\]uZ,
DzM\
AQcPXi+U:N
[Fcw\W2`EYsfdB"
+hf<yݬb}ъöxn(mBdn
)##E]3V'@5}~G?%`_
k<cy@xeǙ0E1%1w`NW/a |
-XB&A,WbMQOwfhz6hē3(~˥?bclV]K}:Aro|`.X)
3~Vr?)z^R
gWx0B >y,w
,W8<:}�g駺vUh}l8ӳX l>X,g1yT Bp+=: U~g0jGC2t(KÕm.-^
fJ>C8kJ [/*B*NcOH/6
-E@\ǿl.<aJA<@/Tr{FK11LE#DX uq^[
gO=U(C
HDSçf(N9^nq
y6*,ut5�.'Dxk8W=hٺAJK?;J/~y M^p]
11s
"&mqe҄U{`l*#fьK;4ͻ
<s'
˥*QqlΠ%'
!
eds
v.SnR_v$׃\ ܪ
$7|>�̌TUԆPTX0
Z*,Q0Gі
|c{-5 㗦NupEK:ͅ;u`Z.nȒ"+ydh
XPg
WxZIg(gzĺ ]O+PӮqƇ`ap VT<.G<
h761pSt3 GM@
\ٱ3>a`,Y:oRV!<M6SތȊh6Xh
R|v
TTSmR
??
|E=
y\Y
eY$~?Yn}
B*
T֦mv4iopĎc'#T0b}̖
|I{3\0a
;�Q?I~gg
ozHIo6-8ɸAj8Q ]o=(ɫ+ޏr
[pчu9Gkh!_X
04LRXt7`~M 6@ęec #-AK<r
o챓)^u)bcgOުo4qM^B
%120'
GgX-.ݹ8wK�4kF۪KÌypg&ww 3(5
%
>hq!ĸKL}N
rZl7v\Q.ꠤdF
<[
D)
!Ej^̝Ҳ
oEbA7j22㿦Pbb�Lt#]3[:7fup3^ŨƩoqMmPJl1Kq]V_d*e+Az|#at̏|?=v+Od% tP �ZqOQUo-hwbBZ}r�nyK`!蒗
?,\Q$ۺ϶6m"Ө't2xNA}/#>Xkqx:y̋Q =Sʉ$l+ɋGW
? 1®/? ?=lo-zv|r+(qPx Uӽ=)}?)!OӜ㱳?ai؊ZWZ5T-ju#Mih
3RR7hyIQGJ#MWA&
- N>~K`*5{qWT)(8;|#QYںhG=Zq@
vc+t
KBm)?q*MpcPP%P]?}\DsZvOc:C(~j2v!A
辨%5_E]wik{8>F'nn�qv
0.Rj{% n^UzjՕдM
c8
]Q5p-BP'۵qwKe Z(q@S!
ۋZNM4#>l[.0Tn8 fP/{ٖ}\mٓUxGΌ{0�dZޫm"̊[2T`q1M~5ssY! e{} U#0y{{;4FTB8&FuKWx!KFLE;zRbDc
P٦5ίXﱒj7w`L==
Uc[l
+ghk]> 꿻AӎOp!
˴t̎
%e ׆tg?%2<S d6r6XSހb^O8
_H/F*|L/( !)-4ӢuBIG('-
vwۉdVoq+wgdEG�N`ABh}R m;+- 4E&tH:!ly'mIHD_A?旖ma�q,k5=iL=L@.S`x\;^z'-iݙ4"#Uf& 5QT;N
_0\zz@Wymb.naԗ9ŅU#qR2Zqq
X@l2:(
P4hiˣOd4ktG~>Fs¿gK̄_!389YYS\D3?QDsc0f?+D51cP1&(")|
0&+J;x0R2VqRHzC*=ob5yU=
Y
:-H*G9rnM-
@
Sl(."HjM
T;~n`q䱥
HE mѶsQ/T+r+0;u
4ϻP<l6mMWKk6#g
C#mF?(\|2kxrKm#r1Uo2(
. ?{3(wI
C
cwyMwm+*=p|!U-`_J1MV{Tm-/<ckY{䤔rv1F/y
KDf
HiE9&z5RCz9'3nƓ$CcrY1-Pp }F}8(oBHQ=b[.O9(K1 gd8|@7`Xd2kn
uVO0&-J)/o3KEn[~;j>J&7SBI~_:+{MHUAUz4f|
Ǡ{-/H1S5Llzl+s7J"XR[.(o'4Wo{!I
ZZ2h&
$
ڶ[-F
J̸/K C$^o uy
r
r<arݬ<c +
}!{hSBΫkU/a-
1t/~zzG
y(!z8kd(q"K{V=+f'i4$,{.VR"W[ra
Khԫ-
rދ܊Pϸ!q9/(˕UJ1%t6~
oY5Dkoi}9$OzN/़5 "Zph 9ܽ˕Rmq³)ۈ �
Id(dߒ
単-4GzT0bg^Jf&\Kü
"/,?j8&ׁ0VwPݦV
yr=Og}æ«60葵6[iB@-'A2>Lfjk5p
jkhW4Ǿ
bϐ
WQ[Do]ǽ;Nzm-e3||ݫG쀏`VN%pM`:=:�++k
S抚3x< s#[/#{n% nbfOi:] 0g}cdX{=DOpC i^
.^F[cc1i2IG R!+m(tٙzޜ;
C~b(ϋX t@uܑ
/sbf1Ey4[
vj[a'E
@kcJ,m@]c%| ^}
7{?K~B5~QQSbײ^Gh؛G#c6r1
B0I0G "d`f8;sz}Z'Oר)7o%�w69[Q~0YxbZԖ8
%[||Tn$ј-;9sMl09%s^;]C!ů+)д'K(cts QP$֎Nq"
;蒼
ie <dOf~{qz9t
w
̧
D+ȵ
?
[-~2|LK$lȔD0
w9l
\
�3b1<'
T
`*&"S_]�K~[يo�>/o
WW3t?y@Eіg/ )fzg(極oo&ιd}I|kK %t42)sll;zĻ%ŮĞU
S&
lk3cɲ(i]q{
6eh
�XJ
l+PsAR;\QN*-Y
ec9ޞbеsspkXft7>1�?a=חÿd =`$*f0> ?\Mq!
%<[8$" A`f`B&&g
Z
EnY
qSw?AK@s0JKpːӀ
x܃U@8O_P
Zߌw.ZfVv~7#xbn搏
X,
#J6= {2*wV ik?
+bx_-Kz;]6UNk[ݰXhdx|zΧD+gL.=
LvOF(@�:[=#Y|~cALכ/֠ku@{TAo?Ӏイ 4=q6?XA"
>Y
=C'`6i3a3nvp<)%{'p7eU0GUz&1w4C,9ǁՎ43ԂլeSv1}HIDZ=sWSO
яY?[}0� Z2|`m=y<]ψ
ɴw_e{ϖN[
fubG╽o~y^Qj
xW>B
*y\
{
6^tډ9u={
yȇL+L)ɣ"v:˹z
}ޭY
8жEqTǟEڽ
v(;&ҙjXke1`[4iYuKw|(ŭ;vɁ[ÆV
d{i[ڨT̽a
X"Ltl
<Aʯ t\K^@N{10ŧ^XV\Q{}lޡ
N<tsM5v?|T9�vnJskg^
B(ZbssK%m)J,7*l5Exl&a|}飽}x[b;D;Wi(`H-F*68>{QP±#9
[4!y^y%W,6tOh % h lמ?|>+K'uAf `
HȾPN%-GU <(TqOǽLEaAR-ky
{ZXGl;kt,0(
R⬧4i/ 3M3=ӌ
0`IJ5'KFTP@9M[ W{+
ϜW!
pLX
/Vq8~ˡo.̐+VT1 UrΖ[ͳoe
xl}=Ki
Ndk<eFH-(p
Ym%
d3,W.eZYYY?Brwcz@?qaKD`{Jnƙ
zo
^K_
z7θC}-'w}B4B.`7Vl<ㇲQBMer_{a|8 :VRINX~n&@cV]nyބc@n=Q>;,O�)Umr:j^rX0պoեLR9(&&14AQ"x%tmW*n+ap#57M;Uԏ`رHT)VDYNl ygG.)
6Z
M6VFʚ %*%T959>N4
)ښX`|KtJaw
4
9m Kpb`%G
rmF=mC<I'tI
=4+GSlcvNiחif*K
m#1D]l W:BcR-)D}.Tbj:9
_"p`.
>
;X �d/AW=O*C>χ
,Z.8$Zk96&>y .wezۧd?/:B"&"hCHc'YNަmphx;w,fu-.^Yl;Xhhuj}wl+lp 6ᴂZܐv#paXhUN@I['1}sy]Yo,ѧyo@5;)$hEU,}-:F5 DC ;/|_7}pC҆v^f^Wď,>c/u2t}[cSgnz2
D;9، PφPz
:<z䃡@~᎙LCxz:_
z"C -dY$
B_eH?>�G*NMus^w}P=
bNHo<Ø>
ϕ%`pNޛ+f
JFdBH͔j
6^ښ겐t*-F+l6<]QE6WCp
\pgWfEؐ8N$&ܝs/3NS[ !"/2
0JO�~*
p*XP--&!E
´mX1)bޝNEKq.e0-rdEoqa:TnHvpa|Qǝ5jeԦr
)w:B^x彩b_
oJ
X^bx:E"&'rq|V_p=\
t5WI< $|m!P1xq$
aR<kY
1A]҄琴&a,
GCRӚ!f%){bgϱHliooWUۂ|y~W <p?]T=@bPҔ
_-ºF`/m{aEiZP-J)k.K}Ţu7sB#"(3_W֒$<KxT("5Eb҉ߠ+3*9B}
{Wg#__{\+=NŞJ
u
o뢑훸?҈Є~^c
Eg<20e8MKφQ4$ НUU
n4Tާlq-)
-uz
Fzo�*71V
.}jΔ/I+(
5 G;}
>8 ʦJeA7Ʃwp]@Z6gbrWuTd#<*º(KXf6qǐR/ IF'J/.Jy2>!)pcedpi,BS$Հ
RB Uuq{%cRÐbCW[g.آTKּG[;1;
@&
U CCݵ!&6PZjl5a
m;(y53ӧ6Wy{Y>/A[n�Wf:AsDDX,;o
S3Ra!(̮S623>.Ήz
n
+Kю&xvs!8㽊suo
zUf1nΦLMisH'~5~vzE+_7N4 z GBif.*VL
}S&?3%Pi<8K2}PZ\y,$ H�n$60pfc#%#*>
%PUo t�.@Ŵ
T
ϊPj+ӧ聅[,*>K[X1W
:CnqN!_2IxaF-poӇv
^%h=kYw>n,uy &
}\Pڟ*=B
-Bo{ 5傐l7/=}ܠ:N}H6cLS%x6T =
VIZM䡾
\c.k
ͳt
Z
³4VKjnOH2
}Veo}~
1z%"OeoT$ y~Rp$G & P>02]_.8B8~?).t9s$~@籗Ӿ:eb춴03]_IZ?@㟾;`?Ve:
E`jѩ.cۜ?4>ćy
):Aɍ?XIɢ$ <ʣ�ZM_A02HF9`
U㶥$OZl`Swd
;
-�O>L B !B%00M
}II{'^G[Rܘsʥb4
9mE�>ŴedK*Άw
Iµ29p0fu_ V7%ks-hu+|1
p4nUBSSF]ӬX֬
6! /j(g<a]֖찪OKrW&AĵzxO�;Q>i
ae@x<'].Y 3&/p
JuF}úE$nmrFJoZ/bA-&�OxbEaY$tvy/oJ
9#/@ވxk'bGM= 4ļ7;Ӈ[Oe⊠ahv
]2_YF64z
hX[}ҸF* 6'=[5Dm&)
˺NPh�'yBSl+kjfוϫ<7>)%m;(%IOQGUzI<t4|fjVL[bD7ö1[ʔ8-
ĶQ/,|䇷Ga6UT[#̻_N^�Ók:WCz[J^:V[yʴ\[�luWg }½ra>
/~3xo/tX߅fT;
nyx
,$uo{eo
{R킰�ADqmU=j
}KTe'а8@AvM
pT((+2s@!dðj$Ԛq"~ǯ`]ݵ&XSNzl7N'[D4Ȇ/.Vu@`
\
ڙ.cm:-
~'U�!zkG"'fY{tNൣWJW
t|ę/kLb_`V a".BwۅL'= g>_'̝5cZ#BfكDjxG5V*)@
U|g
lnL@;%l)҆P[P/
4'TZ" t?
K1av�B2roPi@v}lNqr:J
8Ij
!aTͻ;p{7.D\5UkI9
ǔΚ՝ʡfaa露hA0UxC+S!`�fE-HMČĐ`9qY6 HT9Z
sv;yi�ge8N(1_I`~
D#;ofT^7Acu/< ޢ{2HJ},)9?jb5
!Ayl_ hoǸ<ȨxM)I59Ȃ1h
6eڋ5js
ʲǘ49L &$JgP[
29fÔyt$tϪ=BIf讒3�pKÁ' ¶g$̹H {PyOBKX^kN.mq.9ӱ@cf}%r�̰1yx첣!8p㰤
lIh7
٬0A)^
:?g12%A3|&%PޢYDd
ԗq6vEm7�P$A1}
<LɭO+ܘ2R,gM+07+լ3@Y##JhZ\Ueg6y*bzLV"^>{wxhc~
V-czz.pr<?7`b�₺BrO3;
Ӝ䊰q:Fd,:n8!tΗ9
:},OxiYO:wG3܉lә
R+wގa�5+S7@ׁ`em,W,04PG[rOʯ-,qpWp<2f@~|:
u'\$3<XTζ)ẇ
,3'/
7#@1(=YN+w5qЭjYgWjna$ɠRLyx?m9ژY�G5eDEkNE4[
1ƹ(byLԳ%FY>,
75 ]3DqȊ*k8v_PϦTg,9GCJ!e$kV$L
J&U
\Rb2;fYNڰf@8iҚS[߉ȅJ CU [ YbS(RQe1&
C.CQ`|="L^oF/ֈoa P43*BKp)Ѷ
1
ݴ|
XZm7Ӱ\A_\7twy(k
Sr%%8WbNk h*H8|+g#䱘=R@i/\{R<:[A9y;`
(9Vِ͟N&v]S}A
-iNPO<.�#ǾX
l[+Y\])J`ך
_8,ّZm2`
ʕ'XcH23IKoATWV]/& ^#Ŵf_ŢAϯpm(N=')ڸ-_Sz@
.JzoHP{a<x]Bԩ$ťѥ>Xz~r6]F�ubUkIMTuohxP
_QI
=H%Ľ4̔WMu*B7{>qq^}<U`&騩wJ?q)R/27~!=7L8@y.s
}z[
kwQf5qlq8An<H.CQ=)[
%EҮ]bVkh<y^wjsJ!#zٵ[Ww
.;?br{B1
\f-g=\#�v_LX\kq_[KaH
$T)c7H2f$C}
ֵoXHmL%V#ۻF1ҶJ%/>90@؉If
t$Ӟ{
(&$UP'Wv),A
J;h'1Z
~,T.}mu̶u!;+mU§g/'~ pnky` P&A 4lͱ OQYݡ׳tV׀
1ŽFY("p5
"@ sǶLn]sn
{/^*%N4Ԉ
@= g^nR2~
bZ؏V>\~WeѸK_xШ =
Byv~x-7'ykgŷE
k`SkU_`ZR&}jss�(
μ;F1ORL6!eԶ^ţs,soi)D
$L71HETLS%"
e+Ae*
9t-!.p
_|~ԔpTmT5>`A?ՇJ n#[:hhqEmUӺ:Wra1<cf6Ji5ޢ܍i_nq7]
z7:yZ�CXr
&`Or
u?Zv'0^xgwv^(� ,=k+[ٻ7o܊D_
&ұFbw2f!
Ja;50N?2]
hƷc
zTRfܾ\O|ɺuJE
碁ڂ.Y꣱r^I
Ԥߣ5*Xwj@k
IئMbwؗRKDE4t;:pL?8Z^
z(;v<{kjgGjԐD;ԽAE~)W'eb
}M]!Du?xuS,t�S?V4P:P~j''N&xKrQH0o@H_/cңApڠ!aK
0
HL0JgA�d�`8Pǣ �0z]^ӥ[TK\ԸEu
^٤h7'bdX2ձ
q%?kgXrjz݉e$5 jaB6qː@e0!Pm;q:{rP7ꞎ+f;5I*1q;n(p#y#ˋrf'.˦ڹ ;;SMS";۞RTipoħG0˓8Ń7d�M6G`%&ymroH\LPku"
xT92a~2$q-}d&Dz'vL
ٔ (4ۖ"cGZ!wjI8>zͰ=RZ*%6!q bVXKn9u?
a)ʭ
ɓ'"vy)XMo
ZVo�p%47^P-])6!IHvT7vrʣŐ'|X7Ez7/
TNqSnk̤Lm{< VY;Vt~7[A +։)+ʥdAB$Vy�x^L rC>0n
"b=j* XZyKbG!7䋁^
[#Sۃ({uwFJm0fz*|�m*bl7[̚)VOU
3x
y+O<(D(m|:ߠ ѻ"&
J05∢?Hw
!P;^O35͒Z^y�D=d_tsn)a>^G0'ZHgسu,2UO_;{46lCE6Y~dTs |^G-w
k <
#$j
JVPa>+Q+>6I0@@+%bOY`
L+뫲;
qZ(
^z sZx"-
ܬk6h
x0 e
d9^'&P?"PɑknǚY
ZbNYǧb٧њqAQ
�N0<�
ցWsul
*-'?5Um BWՖo|8nF8m
;"U;w>Effcb8Ltwbp{eА\
{f~
\) ym>.
,y=1H|x\ń9PqnMy̍e};T`DVr�Y6)- H
`"wtR
ENs|X߆ſf-/>媮
e<[&SBzBK"8sOD#.71
*)ZK�JuLv UКz,9鉓 Fil
wZI{*z
_-K 9pFOe3CI-tK蒂RVRSqE.i{[V ̹V{`Uu8(kU43JT)a҇-m-
-hO,MϼV|
ꕢb8mJ)uBO_r&*❘LDT6T
NҳᏞF;Yz6W&
y<eT>nxP
!
]6Ec ;fҊp=7
SnGWE`ˉ_v&p0F%>:38Pv-2JLJ&[(or`.Ztogil/pbYO/B]Zytԙ#A(nM=?:gLwqftep>'`L"
4(փ
~
5jZiP�%=.=G}_xm2N,Z;J/Wk3$55F}!b8Ӯ}@C7l%좇px4ҽ' 5E=Ξ8f6y;2c^I`]z{LN2o:͙*Y'1x-8juL"NM
W`֡W4)XxHۀ43KgP3
nں$F gk(:/D!eҵ2
f$Rc
!\I3S-ش
bkysY؋e:]:} >
tm 5[
?:ޝ1ok"}y̙5oOndP4ܩfy̥
<W1ުOvrvx3
XWSc~alw)XTh!e;ZnsւD'@29kA$.Wrmt
2Gc|~ nSl#b<aդ{ "ؿl卞"!FK4
t5 4Gd8 sQf$nEubԲ\6
,L^_?@
hU^w%>ABA@|
Ni!
Wc kҒBb|]R"w\}xo2
clv`ۮF!ڇ"E]zC'$"=51bg˳[$utoG ņX# u8$3۾j`(Nr|Pc9I~|}+EOz*yQFT0>`篳!F
o1߁߇<:~Bٽ;[A~NNjy3kr2^㤘3BLPH {ۛrRMoHNs'Gf+�
U Xڻyвu[Ԉq\܁ɑ-,a~Ach9)
d<,-C
VN״FXbH~>:πYr%Qoťa[5+\Bd(G6G&qlVZ:zar}dI4[_bf&#l{-H(ZW@s
O-zɾK$gk*ڴX$cx. 2
X=Z~{{.�J
0Cje,ۆ`u1懋U7$
kwpSp=Bdz'j
�ѠZ8SJp]J3>'q漠YK3P*ou7val?-x=K3뵆pW*pNN(:oKVBl+#"UyC.IݛHH/}@4-w! dӞ]@mYrMtNAp vT8nG
V(
]PRg1YkɎ`-qq)1Sӑ;G)8)j9a8~^ex`H
dڈ
8:76qG?XpSËKolTZl=Tu'EfiϽr�yVsm07쳿⸥jdnC< 19O~BakjΤ-HZo\["yHQ\L(>@9->kq jB
F!*H[2#JB6COAO}
A\ yF:3U:҈d
D!^ XL=2'h]_|6
q{ݝˀ;;/BrbNI'=fy
@d^582Yn` K'e"8A!
7hkdLYB
_pL'q^@r>ڑ
K4ymZ7>rnt8ག;,<
|c>NMBk#\IM
ްV)gŚ!] rbmSE
Op4$0
Oeoz^4u hϾs^,sN$s@;M٭
MV
O9(X2#k߽:Mg
8Ȅ)>)wۥ3
?A.Dʿ
5XD]㮙I )
Ė b
b[MQwG(E*X1aq,97Е9
pnicY#IT=SmseyKXqA{ ?\ St~eoSgwŵ'mGϧURR-ai:;yv'XCd*ɓ}+wtk
k
kd-
[|$x8k4Fq*`:
2XScnq/M59I af=܀qN%Zz^Ǥ^
e갎eZK3֘ly_PDb*M\Vu vdjؙZՌn5
MmF2'
`{
cC>a^Ƴ
Ujoc%ʮlw%J�W7yE̓np4�l#+1
'ily?Ttȋi;0)4:
2+Ǯt{#Kwgd|KdsjeH"2f}F#aLhxKcXp\P*k瓧41ܨ/У>\T,"chE?dTU)D)(Zcl(9.
XP
=b
Ԏ
=j/
)b&(<"Lk�^@0
S_PYo,7L'eҚ$ fr)
Z?5gJz9DaP[&z gޛi]LvzPSr 7KAjKV;Vw(b)�1kG58wsv}
n Mfڟ9@]~vL,u'525eSٓZRAAvrz ۉIg3:/U;S㱉Ɩi+lw>ɛv79t:+:Ax
0}E�l/ÛrDp=aW@aq9TBW>Yv0%N''1 Ν
ۢ܊Lr
BAhy;F;Q8zs1ЧY0
[8 {2_xT*bB \
yic+
5:5w�SO NP/</Z
R2nJM:kg2jv
ut21{n߱E,Ϋs fb)< j/PlqY-x,-\m
\PS$
?-LZZ!6x*:!fY7ou]8... m8f.f
4.adGtSKQVa`QL.
ۚ0l
sJ4I
AWJ{Y,;e>Cb>-R
5*9O#+[�,X@5DY}#!l(+xk7X-eO+kH*z{^IW`fEdp
}M~@^l.eKp'*q-A nm/W1 8mn
z!ds QCԺu$[
Hn#WgT
BMyozd nin
h.ԵKxfȲ
*ݮZMm
Yu$Xc5{<X*r QusD۶ˋImHZ`HDUc44LBw
!D
G$?5HI
{ʛh .oFOJü!cҏGш
_L(
\o''FwC@%aɉn1xՆukcVG}TLҦ�py]6! Qy�HLN҅f$jDieb7L%GW#һ З@x"%-_-Xkns
93[[8@`9>y{{?cfBD
/( 274
z!ikō<:yjNAPeҋ�=3o<bѓJỏ\
ZRQZDU|͇$\L} o]5Me0o+|=hng%ک 4Zx<|,]j%t~#m=@˶)
v}
㜏8
hilIy3^5C{ZÏ1m!6K0ߧrͦݑZ
#M9$" <1Vd2cB3
m'7ǔڂ+ԳSL
#$%hU͢|DLeFvT/psIX7o]Uof
5@>5ȳN>xG(
rѕ
n%s5dG[nu4:]et->ACpzXxz^(E�usg@96T?~Nnz;ZX+b ;|&Xi+H
U2cDujƂh�^?J /p
2l6uMui=P_F20,3Ia-Su%*)C6t<!?=/-"JfdI(ݖVjeQձSѩbR@LCzq6�,Nτ#+ r
9;qvK4k8T\
mO}b7Kj[p
t~q_ūO:)6Ugq./u\'
8`rJ].%a7hҤE-8)qr)r`c>mS4kt⩁
wA{/ln֧
t5jz elZֻ`j/
FWRE
f8_s
ڊ+i1&L -..4Ȱj'f
;{CDQ[kO%a`fw@ls
]egS*#p
*r\WD¨њU~FAPӠ`8F*PU=7W3H
+5'HZ}si((!NL
+}JA6>0co<<ipKCtB}TyO~x3&bP?Χ@<{^(ݦaـ#vf9XcT4
lK`kM@eKM"*{>9̬h'֒Y R#2
n=;
w+/Яq༬#j荑~;bBmV mUebSCxOWFa^s]ƕƩE@6h0[M-r']K
]d
Mߥ֚S5ӱ=e_Qݸ 2Ok=91sdb~v-җJOnTtK/ƚcil[s*\"&O ;1U%Z)!&
< #k7ٴ> z?whp6~Nͻ6M&>M{(64
S_R3nZO\BR`3ai{p#Uv&S$,\}w$JQ⩳X5-*Lz'ذ0a
ǒOW3`aWOLb.]z
^_+dnoF+JPf&80`>;xVN]PǨ3~/ײqgt
jrS7~+[ʀ
ݿ̺#g 5b
r7Cunp'")1@}7gCء-wS#1j
U(tv/y
u,B]zuv9H~0r<7<%mig6̽lϻeS.]LйV3@zX*1=Rg{"�x
XV5Zo(
ܺL{eBBYr"
TW
-"Z %ohΔlp4,LWfPpCxuv1~- Z @k+dYBy3lMT;6?"[n0$'H-@;LXT^|[ǵ6)1d(رlE$.Vs
^
L^U$(_<N(O48y4eЮH6sOv!9 Up%ϼ�_D²|�L*Z5";Hg>D3?88d<xS
-"|&q_PiN1A[=
VƊh1qZVP|1+'G(]
K Zké
- ?
-rt%H�A7˓DNrI4?"+}7a5
_@&r2c#ɆET̛<8k�`GSѱpb8h"V ?j01%t\DZ /4`kG^l;(j,~mٛRcFPו
ֻv>ӈ#*N̞RhfKe8F
k̨`=ZCL^Hv6%udeg?!
Ȣ
YAMFC]
&㑩Wg%'0^rvf1
6ᗺC,c!-l]LZP2^*eAv
iW$ٟ8 )%|~,uRR˫
ߕ|=ͼ|E/1
m舰>åk;
Vu
b;IZP&"<E^5,0DfV$V.'p!}ZFH&k~#-iҎ*e%nD様
0
a^#?jɟ
)iO
lHl{.i3Ph:K
#fʑ{a0,:9Vf{(3WS\/I2*oP
L*DgySF'uWwB4x=|P%;RM%}/0q7
:ƨ
6T;~7jgOdMKdeZK�{~'$C626oa'on
K7՞T($8
PEv
P7Bapg`oDnLE
h]w
he
וC9Ɉ 6\
m,N87[Y)DeNwBژv*Έ
NrМ
yj4l6@P[Ikɠ
/Yz\
@%K;kʽw֟a |/4@.wp0{љL[P
_5
KlE㱹)ch) [/8}BZp)Kǧ#hA~:
WhҜ@Ui`~l D_Cz
"X@R۞=Cf>cӐk_tM?'[RkiṊH* ߶8wLjMVZ2V5{+MЋ`n,{#k#VyivD(ͷ &
b{ŇDR7y=}
>n
U2Nm[-'ݒɻu?C[j3ΕwAV
n.ƓhGWK=S
]؝t|~Z^
0b>ȭUox:}!{lVꤥֹ.$vN[M
Fq,zŗV>1haCiݖ&&OmZha"3-9g)v
+8\4Qzͣ[
?z >U=U4Wly6k8jK8Up] I
u]X[킭UƋ3�$$Ϊ>VaHg O&NO;]5"@*&-=6Ӑ
`NIWH/
� 1*X5PFx9#گ!�(a+
pH:n
-0o~T=uݹ1gx[ъz
xk7
Jrݪj'LMK$btHDcQѶh 3C6@d�EEyF
�\U(/ٻ, Pxd&l
vD
'՛sj6C\
2n(W㖣$ z%ݖy2�^jC4a(* 3$B{ͪLF -R]O-yb")3B&m #+S8�9hC�|lh@!&,/0a~Uni5BL%`>|1oC
mrr>@Ǘ]8sbɿ#e`L˲,,˲,,˲,,˲,,˲,,˲,,˲,,r_hғѹ'[ :6Z"gIMJ\h5Px(J*oa@@
!_ %Bt
J
Q'B95;w҈
\i
uqXɸVr)VE-t0xwfl"*tmM1&f]wB&!6XUF?t=*y|\ƾ?g>$Xc \Z;_'CbQZJ1?<;{@
cE3]+nS%9yitȽD̟�̞L
PohD rfg2mdV3PVn�n@z1`C{NvBogCٯذ
NO0" EB�?
{9 6V#AJKhA[Fij<q("=$aK#a:)]F$OFNدs=2@Bgq=^Dz"=WU
]wu3) 3xP}kԭ_^0qൃdYaWuL
#&a IjTbr2WaB}�
BnSkW17"A"sDa@}Vf/^Ϋbq您Æ
W)G~&0
M%*Z@C:{)`R*rAb?zdc
$*^!1
^+l([| <oD\\lG:XjNg-@I㜸TfQ7u%pqÉ6c-V
MM<1(PnOIQqCG&OhdQP3
ẹ`!"#͖.uK{
)1˳8?Gb-a
jh[F4&D#mG\4
8W{
"*Th?G e)Yõک*l6FN
C]TYn'ѷSe.�WriiAgmO,vY(} `3eQzP\b4ƹjZ 34eߍثC+̨BRa텒EgPȫoeEoF51"+:e&Vp@Q߷Na
(d#'s7y(q
@ĐrSve<RUŮġcm"g1pnC1
(#,b?~DjH*J3/AK% 8v
=yd:C2[I/C˩d#
t$};SUB
en)cN{,BVܵk7rdBG %\i<�(wJKmv=GTz5
QV}pAqvaM
E'YUiB3j;[3hr5�t\_F
LgIǨW3Ռ.J3U:RDbrgaJDo9)wzs\w
<}~/)k7.5ȆeڷoJ\
T$szK;!/M&kOs=Ǥqm
2(؞wB(s[m-I
EGwZ9$WiOu'ЋcÈuefܠݕY#3b:GZa
n4nQ@*Qxa7�ye
(UaҧD]`I-DS ?ZEn`bn~U &GVn^W#$!b'؊P=:
?�!>]cOp'ږhBsUbK!`ہUp? MC*Gؤѕ0md
L%18
RZi
m&
V&#$ݜ\W+{ t^VjkK+=!~F[�Q 1ssE2E{L5
4O%M_ϛ4cq\BR6o
Ze#j<IeG*0Yjd*&ջ7.9xմg1lcK&!4FYf59jcp`P={lӴ
}
m*lZ�1R=
~w}́P&ҼR̄\F
Zt\۹:4B-H7O3CVh'Ъ
4e`Z#
T�SάQ݁XNps@g]U5A䛆2 a]88ͩW2_LVoZ
wo
%!>[
ԛ@!j?R
[o`�}ގ|KhƊ,.߲9*Z+ yTov:
wfU%%5G
2mOT)b+ˎLoM*KdJ wpr=%5e@"s~1B?A
BUdq c,{1&^v#L}|תd$l;/&JȔԂ%&7,aWCVU
l
;>
!l{J<xL/sm%/4$V
ayyZ|$
S?S&!H'A
ÚI5g6a
{5
Gpdl/
jY,&߈T�m4b?|[%
XY+:Dn]FiSĤ
¸ECa"!a;Kg7:Hwr!EZEE&!b X^J,e˔(IHɩ9C=b,Ɗxt5cț]rڕlKV#E&>x'&mȤˮ
7gJrW/Gy9a
vG$-*ꂜvg,#=W4<G9Y~=T2<Sd=Z-
U[
^{SQYSwhU7vrX09Tc6VJ:1tnV>6pvvh[JPv8TÖa9``MaG4UCRnL4IBQ&J桮
ftz2gԼ
5mT5^`Bn3XQt! ٜB-6
=b[nqRVd
n Pd.i ]24h5AP=~J%iTGGkQY;B )ɨ*k|^
H ,/ ( 3 p"r6-dJsKcDY@==;m6Xx,wPI(*^˺h"8
ޤUsY
�z%}q^r혶>vdT%\1
YB:Ly0wO p=o텒b'5NUD
B`En=ՏM
ݭB]X
G7,H㧠Ѝ
:
U
d%Dž
r]/ 9y
[Fo0UχІ]f7shɥB([SK3iSawH f? �q�@C5"�`��?ukTQ-[UVDo
}U@T1"HFB tr>$f@ Pℎ$
0@4�#3V��{xΛjWFP@dGMf:�֥]H[lڥSl,\.R<Lℒ?._,Iɢ&w >K4I3M��3D4�P fNk̅ݮmJ1mvnݷGr!"$ q 4)&Gԛ4<J.xY,g7]vL(e\ *>#zΧiSim_Ҥ:
GիUFcsѮϾmuFצao__e/V5
ta
5
y
]fܬ7~Hn[
C)pEwǞ8Wi5=R
QVM=\'Eڞ=.~t~]E^V
)WgJݦx&
:y
{3 Tu
ObU|ŶjU7Ǣfw0N\.Uf8-
>ǔL_%7fYk
NGhs*X&ʏeF]`-_yTaPUΩ]>Cv^y~"]eC}ِ
cJtXc5՜mSZcUs}>ȭ5:
AY#y}5U>WǽVG-O^Tq?0Yo~۵ս>~<'Hn'1mۥϦ5dIyޭr[@n
~l&ζqSRYu/LqtVǝRISE5ӪOK
ʪqdGՕ̸$-
>7g>sѝ{Iʸ&^mGyTT&81
t>gՋ;wnWP
^IոN$;nr7\6<r譲1tJ=Kđ#Tb`
q;د6=sX/ewmU\}{^ijD[d[ً89c|vLVn_KM|
+ 3\)vgڛ0:jck<ھĻNRqap
@yñ=>9/PG&mgupF?#&{HyzӁ-ݢd-h/ s놓9tMهl(g
1ԖlM=tO&
<w)7b~p-AVnN<ISY랐?oҦ ut=
%1FOK�yCSŽe
{{n5j\оcb7e3 4Xp莑
82_{_oU6Mżuq�_`2_5a,0ZRoӊXmIPW
,}
↳vlZî#+#)w_,d
x*<$V&wG^of mvc]Mґ3lm(vuVqݔ21콩VOt
PG&Xmg
e5
[Z!e}g
w
GM}o[>m; S{s M-=}qiq%FY-֑|Mb/Dĝm~0};pWsjL
U�-ƺֈ ^ְC7Ekc':sV~_}1U2wc6p< (΅7!p'[e!
N{zyTu|<lMk^ݿ
P
b
殃`Ir
~+
*p
JWߞy|G\]
;x~._oN8kXu ƆΫz[6Yw&z6%ͩ7
o,yO` xM,?V
~U7cT8ҫjue #
D?Z;9b
ŭ&9J??@AZs
lB˅gٙg{̉uSQOYv6>p~
)V*PbC춏
tYY#W_sOkR#
/
a"7P#ø+X+abó]ɼVŢbboZAx:n1vқ^[8w&]+W2o߸{ (α{NUy*|붼(ut
~愷nCاVz�z`^0{2uɹϢ^os:qU]g|i^W%c==9dŚEVRzX(4E7VUB6E<61we~A{
-gW<\ߧ-Fxu6sgA@[vN|}HEs-ͩs|+v?oAzyVo^Y
V~gXVy_d >g<w=C*_BoAVRq�nmUN|k5 ~*V|$e
f_e$C7*}W_=e}:AZgUͿr^ O=&.>ܸs{{y^3謏`MMYW%X2դ`;`ogIНCo�8<צji~sjD?u֪Lb1JYok6
]Y
Ws_V\ޯ9y<}WO%2zx.V+cwd2]'YΟ<B
<sGsl#oA\}@sO}=(lS uVx||HU}ٿZ?N~VzCǚ3 2ڂfM1:{ʯ3!lÔ#583td~9k}]}։z0cݜKjV8T7\9n䚢Lw߲zWwc+O
b5sVwJ|Z*<( )=Et8[|&Vܷ*hc|W`
\i1&ou;m6>~ylI;)"YGϜor'Jz@5{
v?5!new|}'iAZ|9939pW '3ԿU~ޢIk<j͙Wq
o[Ah
<['9X GoJ
;;
=+ٽ
fchIc7?:A39ՓDJaߜj怙m
C?-UewT
M<o9qEgģCެhfԮ[gu='ћCoƼM8U{r|&/f{&uh
}ۑ|7w1zw:vqG٧wг]rgn̵^h1_JͿ7wgwZ2=z韣&?L)I2X!:ãץ3b
?-@Z=
V'$
H6
=a)v:{t$O�ugt
Zt2;d9*!^ݡ!}0
M7D7+}w-F9n/
2XS1
i))NCyT
~Aiܬn?2F=
9KS
z_hJdwXg
\+!M6j\0+D ɇI{ϒ *L7~s<liul=9z+}yKw}2՟ntk|"0/_Bt9`77Js3t
#PzT)紥QP 甌o:Ty9ku1ďٟJ5zL*Ni9yz57WMOʙěޥWWêiqJK{p˫Ob C
]*45ϰ^K#x|VR\KfW?uћ*OޕoW<ˊ!Lvګz%rD݄WJdZLMjB݆'K'o~nvը|{m{[%:~g夙vӕޞo6rO4EFebJ,wG*.ʼ<[Wc$گ |.tMTJV.Ry|ev~<7Q
ۊƼF[3l{XTm}zʑ.ϣ)A#ItikWdey/ou
RO~r1˳ky_
1
ZiU X=zʞae>Iȣ
!'8>$ {J@1\j!E;#wONɾ4-UH4b'e(v̊-{{{u| jm5!T0Ưze
{EW<GEk@vݏȜ,w-k7
D'o_^^df@|//[<D
0
!CdoQn7s3$MQPf<pʝ!U7{
(=fln�{fYC"yn\Ac9[͔zWei+TH=EZF[*$&c"@W+W^*0W
#dFn/)!ggj�ADAx[g"�3D6* u7C{E(#PĢhG^XDld{dMEE7A1H7A9p9IWAW~
=
vXC
;&JngD�R[[
.҆"Q"1I2^#?L6!PQs>\
Szo8
bE<l,2Mb̑RSq6!Q<M0x~ķTX
f) 'k/<T
:]WFոJ%?T�D>A|0 %p|) | -xV?>b``4 >lzT=h
S88DHGvVUzx,A@`| pzt>>|�z>`> (
=0 |G
?%<U/
) Ɣ' FW$9&6Rp)ԏxpO
i)aӴ]^?k{z
`pOQGp8⇫Gq8zE)8Gq-8E)?8⊫RD)
\QWHb7*/Y`q
0G]d*D2
%
PFImm"2Z$B
5gb״jp%!
(ᯤ4Ead>EGI
"10"e4Q0>_Fd5B
DsDhԚQ02 f#GI"pD"r"Ӂ:Dr 2 #^Q|=3JbHd5Z8DD`ԛQ+vL[
k rIQr 2 $`%bs1
S*2=eƿ~x%2
QbJdfI"G
D9
%:"kYDQ"[
9
d>K922 %(@x0j(OT T(RAd>LL5f*gr"(jR9JUOa2㌒)n"A r '2ь\P9j
%+҉Fh;H%
36D4`|A3
%4㌒I喕ؑQf#.�;$ZhrJ(V-Q|ptf+˧(^A\>S%dbms|D6QRv[+KR r.Fmm].ԺGI"壿˂6Q0/Q|yf',ئ(A>b\Ʋ3JF3˄lr . I_%e)
Jb9Y/FIh>i\GI
"9�Ԧ3JFQmQ 9b(YgmK6|Z
(-4oNZM"{OK
GW ToZ}QPvU0q1C&847O'z6V'ǯyH82vJ�B{+*u>)x)%82uLf6i/ruVĥc RO^BF;LF
H�9># &Cɕ/ԏ16FRC Z`
dH8ejĕLfbR
P~q%wρ2_ŷfM9ZHy+\OduĎɅ/.QơkJTL߆Fؕ
YDkC
y
!-Tp PVmp̐>lGQSޣLҺ$= `+{ &MaP,fˬRrWIy4
�bC
n*$҂X
RÃvT!yd4bVg|CSj|Az2'`/>#xM &
&5?8B* *pVaPh.&&|cmS#
sb,
B6B
xIO֨
{,s[à⣈9za! ߫npfNAMk{;@?Wa
Wr3A3U U*0gW ĥA^0ZQI(UY#|nRG-D^ar#B.re+
gMW25@V+/QcWAVp
Jh-;Yyp츕2Tv
^ȩ'Uʚ)W4]S[
ۻ~f
61
!u&&L%+"mN B+i R:,r߄@m!y
+1J
@PURjLh(_d0:48G
) ?4V@#vW2Rl^+5#u&48Eh#yCРÁFD6.5(mxɣCA\ hbȈS}hpC}}dp`
)@M{S-z%ͽn`g2UDAL?a&ŏ-!s5$Ǧz1lk?H
W_%
5(/!:^#AJaMRI AuV@$}1tb�|1G4u@
[#̩"H6KMI쉊'#~N}WMuT~<ҞJ-M
#\X3� _(a7
i+^،z�+TJ0
M^"bj
GV뱩X&NX)1Ҫj/hZĥf^v
M4lRa$NSv(
KNrV^
Hm$?nbK'=؉xO-ΑIJ3"k^M1yOꉻ>\M?Vv@u}c"up#x)
RtK]rp/)&\9=B9|;3U_D9
2kj<
dIBؕ+5
U'afW/H>
DXQ%܁/P^cDrKyM/O"rz=�
RDZ_8)+:2_Iy)S|*\Y:Naz|W
JkU,~A61%%SclJ% >)/> \PX湰h/R{&JC*(ZsH6a:VۗJnR>{
�HSG^K,!I(|íIpZiKR|TM$JڇGJQHL7b2E"O֤x0>"~.XxM
=!RޒbE+m|"O)%]6r$pX))fYLaS;
X| ve3F?=)gBZtgUԟ>??j$YwAcޔs1:QV
G0
T'
QdPRKr/|(`5EL(b|MQ=,iS20YP2SE3"!k2
Y4X|3 !LGX|Eu!3
2kf5B�_`r0-m*2
BfQ/LE
,(LD)E!3Cl̢<0ZLC)(E]ˬ\a'$̢ DXQ!5D>E/JO:aTPQ&ԝEJ٤N]SnjI:6^"
Ľ0*m2m*f
#BLQD9Ѯ`ĴDX$|?!3Q
e`E-d)XN/D jE3AL!2SXES2- 3L Xy3E~ L Sd2^{L
Xy3E a�{,,NC(kĊ]R!Uם0"$`$\
۲�2lkc#W5Ǣq{-qN!a`%'b8+/b``-K\4&)H:^"bc
\QJ [6b�T156$
Ȇ,LHb 0 diXed&AM2>ưh
RZ5@qrQam&`"rd$RA%�c$6l2L2F1ƀ
qǮiF6;.' `MrQoY;MX`,
<%'c�9
)&xe:aS%P(V )9 k1�b*H0alHj+et@2 u�O
: %g8b냚]"#<
K
-iTM*,4e\GZzoY}
[T
BӰCF~Lm_
^`H 8/
cX`S.
)ADQ̐L
N\\
Uڲh
+Ebr(
]J`_
8hek` 84^�zW&֖dU%$6̨
@ceg6Y&C[4E[I"Ql#(&Hke0I>p!
@
z-)&IJ)`ȇ `
J#Q�PK
8^R+iRLpaڄ"$z[B
:?
`83;Ɂ(K%H D6F5
4 òd
,`<B@~kZBjBM&J2
TK*+Jz19R7ZLÕ
E`M"^NOLAΐՒ9ꢦbKKY ҄
",FF
,X)�-آHxeX6
6h#L z@+e@
HKpR
ҮnWKE2mB$[25t`Taid4E2A
,FdE XPed
-X.p�Ym& Ŕ i�eetJLڄ"Q]ۚ:$*pq $:d)K(
X
X~Y"$: pN<.m�DI@[k
c�ByG[p4AOVEOe}!1 s]Tjܨm˖ %B8wǬ;{#q*B/#rc qGkTCp)
ģHw&GpR%ɑ1wYSȒ?IGH[$HЛA=^]׳3fěbGή)K<
T
426njf><s֕d?哓H]ModֿWU~idYdMZm z
_EW5Zw
Ɖ٣G'
]H7*}PzBG A12hՒk)G}
&EoU$2GdqdRş-z}
P.?P
*J`ʢGX}X)Uy.wS"5ɵTXټ뮍+GY5d9~VJi#lnI81v [i{M2l+nwkgv#ؕpbYΑdU~+!vtjAٙ-Vs 6%+McѲ,$Rv
g]~3!xdJrMЏsEo{mCգMG\U1
;:Whs Xm=uDa~
͖uco"d~6n{}j6?86(u[n6 ·[B 67ñ~.Ax˶}MzfB"eq 9VEcܵ
(\>4&hqRa?Xzu>tȓ.."49
ǰ=7p7BYY3m
r]."δ>-=Ɇa$vn&G*3Ilm
p^FPZykkDșI~ĬPoj'|oǧT#2
S."1rjys^5WbSŵsz
ָy˿XyjMNsSntDCco.Ry>xvAto^Tr=zwl'J:k5;l;ǵzb\ hiR]\
]@ؘ.&x)
ꮵ/UFrhI.#$ܻ<u_'$2.hxQs^@$.8�弹5
I
,D삀͵XYBMp
D$ `e^*([a0?_
Yw.r$'(9."wI_.v@e]Z`蔹| #Ҫ5!O
W<1|EE2anftP
!3!5Xg3 jB=V|E
d;uC
Cx[l; `:#ɸ!
bu'f8
9: :#{!/Hߡ|^Y˯U"{1Cj3
8X
#x8+ !/di!ghᳺ+JZC+
?@՞
, ]Ds1u1螨I#,5}
в3$
>wCI
$(T&:3/B34};x
bHq
h">iAC
`!CJ"l Ic YE]XĞ8
)c
!وmx0Gh
Mo
q!i(t9;
t<u|
dx$3
Մ}"�IF<;"s
nPF[ג?c*z1@ws
͏Lgȇo,S>K00A"ob~S6D�qMEoP~_u'Sn'o~Ш?h|,Iwj@#`I`ہҧFyhN3~EsZFO=?
I{*ϤMŊ328
mIYMjwHUG
uu*F Qd]LsK'a"i11"B5o&|eBJs/ET"_E8d
do[Ouu' LUS=YU1iQ;
NhX"0)Sc>
VAR&3xC
F'zL ����������(��������t���������������������4������&������8_������
������������������F������