Summary

The methods that can be used to restrict application execution are many, but for restriction to be granular, security must be built into the application in the form of roles. To be effective and easy to administer, roles should map to actual user job functions.

Even if sophisticated application security is in place, it is wise to remember that the first level of defense may be file, folder, and registry key ACLs. ACLs can prevent someone from running an application at all. If that is your purpose, even if you have more sophisticated tools to configure security, you would be wise to set file ACLs, too. The next chapter will discuss ACLs on files, folder, and registry keys.

Get Windows Server 2003 Security: A Technical Reference now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.