Creating an application right

An application right lets you run a specific application as a different user. An administrator assigns an application right rather than a desktop right when the user needs only occasional administrative responsibilities for a specific application and needs only temporary or infrequent use of the elevated privileges. (Desktop rights provide administrative access to more than a single application at a time. See Creating a desktop right for details about desktop rights.)

If you have completed the exercises in the previous sections, you are ready to create your first application right. If you have not completed all of the exercises to this point, you might not be able to perform all of the following exercises successfully.

In the following exercises, you will:

  • Verify the Active Directory domain user amy.adams does not have permission to use the Windows Control Panel to change security settings.
  • Configure a new application right that gives administrative privileges for the Control Panel application.
  • Define a new role that uses the application right.
  • Assign the role definition that includes the Control Panel application right to the Active Directory domain user amy.adams.
  • Verify that the role assignment grants the user amy.adams the right to change a setting in Control Panel.