Re: Understanding MMC and AzMan
From: Chris Pettingill (nospam_at_nospam.com)
Date: Thu, 6 Nov 2003 19:00:33 -0500
I do understand that my app might have specific needs, but that would be
easily handled. Like AzMan, you just create an operation/task (really
nothing more than a name/idientifier) in the snap-in. Thus you could tailor
the snap-in to your specific needs for any application. The application
would be responsible for deciding whether or not to allow a user to perform
a task based on the role assignments for the operations created in the
snap-in. I'm suprised there's been nothing before like AzMan that provides
the ability to define user/role assignments for user created app
Operations/Tasks/Functions in the snap-in. I had been thinking that I'd be
able to do stuff with Group Policy to allow this (but I am pretty fuzzy on
the details of Group Policy, and what policies you can configure).
I am unfamiliar with MMC and AzMan, but the stuff I'm asking for seems so
basic and obvious, I'm wondering if there's some
technical/security/performce/other reason why such a general snap-in doesn't
"Pent" <pent> wrote in message news:O7yNihLpDHA.3688@TK2MSFTNGP11.phx.gbl...
> You have to build your own MMC snapin for this. As to why such a snapin
> doesn't exist, it's very specific to your app needs. i don't think someone
> can write a snapin that will do everything you or anyone else wants for
> their specific application.
> You can find all MMC Snap-ins: Start | Run | mmc
> Console | Add/Remove Snap-in | Add
> You'll see all snapins registered on the system and you can see what each
> one does.
> "Chris Pettingill" <firstname.lastname@example.org> wrote in message
> > When I first saw SQL Server's Enterprise Manager, I thought this would
> > great way to secure my own application (I mean having a tool like this).
> > see now that Enterprise Manager is just an MMC snap-in (or at least I
> > it is). I also recently read the "Use Role-based Security in Your
> > Tier .NET Apps with Authorization Manager", in the Nov 2003 MSDN mag
> > Now when I first looked at the group policy editor (and some other)
> > on my WinXP machine, I had figured I could use one of these to do what
> > seems to allow. AzMan looks great except for that it's quite limited on
> > and Win2k.
> > I don't think I need all the scripting flexibility of AzMan, so is there
> > some other snap-in available that will allow me to do something similar?
> > Basically here's what I'd like:
> > - Define key application functions
> > - Allow an admin to assign users/groups to each function
> > - I want to be able to control client app UI functionality, not just
> > middle-tier stuff
> > - Have my app check the configuration above to determine if a given user
> > perform a certain task
> > - This should work in on Win2k/XP/2003
> > - Admins with Active Directory should be able to use that to remotely
> > administer policies for users/machines, but alternatively this should
> > work for users with machines that are not part of an Active Directory
> > - Obviously only those with the requisite authority should be able to
> > change the above settings
> > - Should work with .NET
> > I am just getting my head around how MMC works. I always thought that
> > sort of stuff I'm talking about above was configurable using MMC only,
> > least a standard snap-in. But now it seems that if I really want the
> > I'm going to have to build my own snap-in. Am I missing something? Why
> > such a snap-in not been built before? Is there some sort of performance
> > security or issue with using an MMC snap-in of some sort to configure my
> > application's security and functionality?
> > (I'm in the very early brainstorming stages of building a major new
> > of our application, and I'm trying to understand all the current
> > technologies and the best way to apply them to my application design).
> > Thanks,
> > Chris