RE: Are domain/machine names required when specifying roles
From: Bassel Tabbara [MSFT] (basselt@online.microsoft.com)
Date: 03/28/03
- Next message: jos: "beginners question impersonation"
- Previous message: Ramiro Calderon Romero: "Re: Registry Access Problem after Impersonation"
- In reply to: Mark Walker: "Are domain/machine names required when specifying roles"
- Next in thread: Mark Walker: "RE: Are domain/machine names required when specifying roles"
- Reply: Mark Walker: "RE: Are domain/machine names required when specifying roles"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: basselt@online.microsoft.com (Bassel Tabbara [MSFT]) Date: Fri, 28 Mar 2003 07:10:39 GMT
Hello Mark,
For Windows Defined Roles you can use the WindowsBuiltInRole Enumeration.
These roles represent the local Windows groups common to most installations
of Windows NT, Windows 2000 and Windows XP.
Members
AccountOperator: Account operators manage the user accounts on a computer
or domain.
Administrator: Administrators have complete and unrestricted access to the
computer or domain.
BackupOperator: Backup operators can override security restrictions for the
sole purpose of backing up or restoring files.
Guest: Guests are more restricted than users.
PowerUser: Power users possess most administrative permissions with some
restrictions. Thus, power users can run legacy applications, in addition to
certified applications.
PrintOperator: Print operators can take control of a printer.
Replicator: Replicators support file replication in a domain.
SystemOperator: System operators manage a particular computer.
When you are refering to domain roles (contoso\PowerUser), you must include
both the domain and user name combination.
Otherwise as the documentation blow is referring you can just use the role
name:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/htm
l/cpconaspnetauthorization.asp.
Please let me know if you have further questions on this.
Thanks,
Bassel Tabbara
Microsoft, ASP.NET
This posting is provided "AS IS", with no warranties, and confers no rights.
--------------------
| Content-Class: urn:content-classes:message
| From: "Mark Walker" <markwalker42@hotmail.com>
| Sender: "Mark Walker" <markwalker42@hotmail.com>
| Subject: Are domain/machine names required when specifying roles
| Date: Thu, 27 Mar 2003 12:21:26 -0800
| Lines: 12
| Message-ID: <008701c2f49e$719e6010$a601280a@phx.gbl>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Thread-Index: AcL0nnGbaRHDaqisSF+53cCu4Hdt/g==
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Newsgroups: microsoft.public.dotnet.framework.aspnet.security
| Path: cpmsftngxa06
| Xref: cpmsftngxa06 microsoft.public.dotnet.framework.aspnet.security:4583
| NNTP-Posting-Host: TK2MSFTNGXA14 10.40.1.166
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
|
| Is the domain/machine name always required when specifying
| roles? I can't get it to work without the full
| specification even though most references imply otherwise.
|
| Which way is it supposed to work?
|
| How can this be resolved?
|
| I would really like to create a standard web.config file
| using a generic role (other than the builtin\roles) soI
| don't have to edit to edit the specific machine or domain
| in the web.config file.
|
- Next message: jos: "beginners question impersonation"
- Previous message: Ramiro Calderon Romero: "Re: Registry Access Problem after Impersonation"
- In reply to: Mark Walker: "Are domain/machine names required when specifying roles"
- Next in thread: Mark Walker: "RE: Are domain/machine names required when specifying roles"
- Reply: Mark Walker: "RE: Are domain/machine names required when specifying roles"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
