Checklist: Before You Start Using Authorization Manager

Applies To: Windows Server 2008


Authorization Manager is available for use in the following versions of Windows: Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows XP, Windows Vista, Windows 7, and Windows 8. It is deprecated as of Windows Server 2012 R2 and may be removed in subsequent versions.

Before using Authorization Manager, review the following items:

Step References

Review fundamental security concepts.

For more information about security information for developers on the Microsoft MSDN Web site, see Microsoft Security Development (

For more general security information, on the Microsoft Web site, see Security (

Read background material about Authorization Manager.

Read about the difference between administrator mode and developer mode in Authorization Manager.

Set Authorization Manager Options

Learn about authorization stores and applications, and about the difference between authorization stores that are stored as XML files, authorization stores that are stored in Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS) and authorization stores that are stored in a SQL Server database.

Understanding Authorization Manager Stores

(For developers) Review the latest information about Authorization Manager and authorization-related application programming interfaces (APIs) in the Platform SDK.

For more information, refer to the MSDN section of the Microsoft Web site (

Before you can use Authorization Manager for authorization stores that are stored in AD DS, you must raise the domain functional level to Windows Server 2003 or newer.

Raising the domain functional level is an irreversible step.

For more information, on the Microsoft Web site, seeRaise the domain functional level (

Start Authorization Manager.

Start Authorization Manager