Reasons to Create a Trustee

[Previous] [Next]

Before bringing this chapter to a close, I'd like to bring some perspective to the creation of trustee accounts. We've discussed how to create and destroy user and group accounts, as well as how to assign privileges to these accounts. Additionally, we explored the critical topic of the security identifiers or SIDs. However, you might still be wondering why your server software would need to create trustee accounts, since, simply put, many server applications never create trustee accounts and never assign or revoke privileges from existing trustee accounts.

Here are a couple of reasons:

  • To restrict or otherwise manage access to resources. This is how your server software is likely to take advantage of trustee management.
  • To create accounts for human users to use as a logon identity or to create group accounts to manage live users. Although this is a common reason to create trustee accounts, it is not a usual reason for server software to create trustee accounts. The MMC or some other administrative tool typically manages this function.

We'll be discussing the association between trustees and access rights of securable objects in the next chapter. Chapter 11 will talk about methods your server software can use to act on behalf of a client or any arbitrarily selected trustee account. You'll also learn ways to adjust the rights of an existing trustee by using a second trustee account.

As these topics unfold and you learn more creative ways to restrict and enhance access to objects using the various techniques available in the Windows environment, it is important to remember that, if necessary, your server software has the power to create trustee accounts. And as I discuss these topics in the next couple of chapters, I will point out cases where a trustee account created solely for use by your server software might be appropriate.



Programming Server-Side Applications for Microsoft Windows 2000
Programming Server-Side Applications for Microsoft Windows 2000 (Microsoft Programming)
ISBN: 0735607532
EAN: 2147483647
Year: 2000
Pages: 126

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net