Chapter 10: Windows Server 2003 Authorization

Once an entity has been authenticated, we need some way to restrict its access to the resources that are available on a computer or in a domain. In most environments, not just anyone can access every computer or domain resource. This is the goal of an authorization service: It protects against unauthorized use and provides an answer to the questions: What can an entity do with a resource and how can it interact with the resource?

10.1 Authorization basics

Authorization always deals with two entities (illustrated in Figure 10.1): a subject that wants to access an object. Authorization is typically executed and enforced by a third entity that is generally referred to as the reference monitor. In a Windows environment, this third entity is known as the Security Reference Monitor (SRM). The SRM is the only key security component of the Windows OS that is running in the highly privileged OS kernel mode. It checks all access to resources as requested by code that is running in user mode.

Figure 10.1: Generic authorization model.

Authorization not only deals with access to visible Windows objects such as files, printers, registry keys, and AD objects. It also deals with access to less visible objects such as system processes and threads. Authorization also controls the ability to perform system-related tasks, such as changing the system time or the ability to shut down the system. Microsoft calls these system-related tasks user rights.