Authorization Security Components

5/10/2007

After a principal or device is authenticated, the process of authorization establishes the access rights on the system.

The following tables show some of the authentication security features and the Windows XP Embedded components that must be added to support them.

Access Control Lists (ACL)

ACLs are lists of privileges for users and groups on the system.

Required components Key binary

Local Security Authority Subsystem (LSASS)

Lsass.exe, Lsasrv.dll

Primitive: NTdll

Ntdll.dll

Primitive: AuthZ

Authz.dll

GPO, Restrictions (Software, Computer)

Group Policy Object uses group policies to define policy settings that are applied to computers or users.

Required components Key binary

Group Policy Client Core

Gptext.dll

Primitive: Profmap

Profmap

Local & Roaming Profiles

Local and roaming profiles allow a user to access the same authorization settings across multiple systems.

Required components Key binary

Local Profile Core

Roaming Profile

Userenv.dll

Auditing

Auditing logs and monitors events on a system.

Required components Key binary

Local Security Authority Subsystem (LSASS)

Lsass.exe, Lsasrv.dll

Primitive: Ntdll

Ntdll.dll

Auditing Resource DLLs

Msaudite.dll

Event Log

Eventlog.dll

See Also

Concepts

Authentication Security Components

Other Resources

Add Security Features to a Run-Time Image