Role-based security has been evolving on the Windows plat-form since the first release of Windows NT . Using roles, the operating system can determine whether a process is privileged by checking the security context for a group called BUILTIN\Administrators. The operating system makes decisions based on this logical role (such as whether to let you install services or device drivers). After installing the operating system, you get to choose who will assume this role by adding them to the Administrators group.

Microsoft Transaction Services (MTS) and COM+ tried to make role-based security palatable for application developers, providing a simple role-based authorization infrastructure for COM servers. The ...