Re: Using local AzMan XML store from Win32 Service

From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 10/19/05

Next message: Richard Grimes: "Re: how does System.Guid.NewGuid() work ?"
Previous message: owrt_at_nospam.nospam: "Using local AzMan XML store from Win32 Service"
In reply to: owrt_at_nospam.nospam: "Using local AzMan XML store from Win32 Service"
Next in thread: owrt_at_nospam.nospam: "Re: Using local AzMan XML store from Win32 Service"
Reply: owrt_at_nospam.nospam: "Re: Using local AzMan XML store from Win32 Service"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 19 Oct 2005 08:57:02 -0700

Hello owrt@nospam.nospam,

AzMan is IIRC not supported under XP.

Have you also set the "reader role" in the AzMan MMC (store->properties->security)
??

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> I'm having a problem trying to access an AzMan (Authorization Manager)
> XML store from a process running as a Win32 service.
>
> I get an InvalidArgumentException thrown from
> AZROLESLib.AzAuthorizationStoreClass.Initialize().
>
> The Win32 service is running as "Local System". If I run the service
> as my domain account, it works fine. However, I need to be able to run
> the service as "Local System".
>
> The platform is Windows XP SP2 (which is one of the target platforms
> for the software I'm building).
>
> I've set the permissions on the XML store (validated the file
> permissions and validated in the AzMan MMC plug-in) so that pretty
> much every "well-known" system group has full control over the store.
> However, I was unable to get it to work.
>
> The only other mention of this I've seen is that it might work on
> Windows Server 2003 but doesn't work on Windows XP. The writer of that
> post implied the AzMan was broken under Windows XP.
>
> Anyone got any ideas about how to make this work?
>
> Thanks,
>
> Robert
>

Next message: Richard Grimes: "Re: how does System.Guid.NewGuid() work ?"
Previous message: owrt_at_nospam.nospam: "Using local AzMan XML store from Win32 Service"
In reply to: owrt_at_nospam.nospam: "Using local AzMan XML store from Win32 Service"
Next in thread: owrt_at_nospam.nospam: "Re: Using local AzMan XML store from Win32 Service"
Reply: owrt_at_nospam.nospam: "Re: Using local AzMan XML store from Win32 Service"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Windows Security Roles
... Currently we only have a Windows application. ... hold the permissions and the mapping to the AD roles. ... there are issues with using AzMan for this. ... It is useful to allow nested groups, and have a heirarchy of users, ...
(microsoft.public.dotnet.security)
Re: Azman, AD, and Windows 7 Fun!
... If you talk about the permissions did you disable UAC on Windows 7 during testing? ... that has permissions controlled through Azman which in turn is linked ... Azman role. ...
(microsoft.public.windows.server.active_directory)
Azman, AD, and Windows 7 Fun!
... permissions controlled through Azman which in turn is linked to AD groups. ... VS or Windows 7 is replacing it with the newer version. ... we have two AD groups placed in a Azman role (each AD group with ...
(microsoft.public.windows.server.active_directory)
Re: Windows Security Roles
... Does Windows 2000 Server support this as well? ... there are issues with using AzMan for this. ... It is useful to allow nested groups, and have a heirarchy of users, user ... We think that we are able to shift to only be using AD Security groups, ...
(microsoft.public.dotnet.security)
Re: AzMan with 2000 mixed DC
... One of the reasons W2k3 domain and forest funtional levels ... the roles has map to back over the trust. ... Microsoft MVP (Windows Security) ... > We are deploying an application which uses AzMan, with the store in AD, ...
(microsoft.public.security)