Administrative security systems and methods

US 6,775,781 B1
Filed: 07/20/2000
Issued: 08/10/2004
Est. Priority Date: 12/13/1999
Status: Active Grant

First Claim

Patent Images

1. In conjunction with an operating system configured to limit access privileges in accordance with defined privilege levels, said privilege levels including at least an administrative privilege level under which a plurality of administrative methods can be initiated and a non-administrative privilege level under which at least one of the administrative methods cannot be initiated, a method comprising:

executing an administrative security process under the administrative privilege level;

the administrative security process accepting a request from a user process executing under the non-administrative privilege level to initiate a particular administrative method, the user process calling the administrative security process with parameters comprising (a) an identification of the particular administrative method and (b) arguments to be provided to said particular administrative method; and

the administrative security process calling the identified particular administrative method on behalf of the user process and providing the arguments to said identified particular administrative method.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer such as a network appliance executes an administrative security process configured to run under an administrative privilege level. Having an administrative privilege level, the administrative security process can initiate administrative functions in an operating system function library. A user process executing under a non-administrative privilege level can initiate a particular administrative function that the process would not otherwise be able to initiate by requesting that the administrative security process initiate the function. In response to a request to initiate a particular function from a process with a non-administrative privilege level, the administrative security process determines whether the requesting process is authorized to initiate the particular administrative function based on information accessed in a data store. If the requesting process is authorized, the administrative security process initiates the particular administrative function. In this manner, the administrative security process facilitates access to specific administrative functions for a user process having a privilege level that does not permit the user process to access the administrative functions.

54 Citations

View as Search Results

75 Claims

1. In conjunction with an operating system configured to limit access privileges in accordance with defined privilege levels, said privilege levels including at least an administrative privilege level under which a plurality of administrative methods can be initiated and a non-administrative privilege level under which at least one of the administrative methods cannot be initiated, a method comprising:
- executing an administrative security process under the administrative privilege level;
  
  the administrative security process accepting a request from a user process executing under the non-administrative privilege level to initiate a particular administrative method, the user process calling the administrative security process with parameters comprising (a) an identification of the particular administrative method and (b) arguments to be provided to said particular administrative method; and
  
  the administrative security process calling the identified particular administrative method on behalf of the user process and providing the arguments to said identified particular administrative method.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. A method as recited in claim 1, the administrative security process determining whether the user process is allowed to initiate said identified particular administrative method prior to calling the identified particular administrative method.
  - 3. A method as recited in claim 1, the administrative security process referencing a data store to determine whether the user process is allowed by the administrative security process to initiate said identified particular administrative method.
  - 4. A method as recited in claim 1, wherein:
5. A method as recited in claim 1, wherein:
- the user process executes under an operating system user account, different user accounts belonging to one or more operating system user groups;
  
  the administrative security process referencing a data store to determine whether the user process is allowed by the administrative security process to initiate said identified particular administrative method; and
  
  the data store indicating, for a plurality of user groups, which of the plurality of administrative methods are allowed for processes executing under user accounts belonging to the user groups.
6. A method as recited in claim 1, wherein:
- the user process executes under an operating system user account, different user accounts belonging to one or more operating system user groups;
  
  the administrative security process referencing a data store to determine whether the user process is allowed by the administrative security process to initiate said identified particular administrative method; and
  
  the data store indicating, for a plurality of user accounts, which of the plurality of administrative methods are allowed for processes executing under the user accounts; and
  
  the data store indicating, for a plurality of user groups, which of the plurality of administrative methods are allowed for processes executing under user accounts belonging to the user groups.
7. A method as recited in claim 1, the administrative security process determining whether the user process is allowed by the administrative security process to initiate the identified particular administrative method, said identified particular administrative method being associated with a particular class of methods;
- andwherein the determining comprises referencing a data store to verify that the user process is executing under a user account that has been designated as being authorized to initiate administrative methods of the particular class.
8. A method as recited in claim 1, the administrative security process determining whether the user process is allowed by the administrative security process to initiate the identified particular administrative method, said identified particular administrative method being associated with a particular class of methods;
- andwherein the determining comprises referencing a data store to verify that the user process is executing under a user account belonging to a group that has been designated as being authorized to initiate administrative methods of the particular class.
9. A method as recited in claim 1, the administrative security process determining whether the user process is allowed by the administrative security process to initiate the identified particular administrative method, said identified particular administrative method being associated with a particular class of methods;
- andwherein the determining comprises referencing a data store to verify that the user process is executing under a user account that has been designated as being authorized to initiate (a) administrative methods of the particular class, and (b) said identified particular administrative method.
10. A method as recited in claim 1, the administrative security process determining whether the user process is allowed by the administrative security process to initiate the identified particular administrative method, said identified particular administrative method being associated with a particular class of methods;
- andwherein the determining comprises referencing a data store to verify that the user process is executing under a user account belonging to a group that has been designated as being authorized to initiate (a) administrative methods of the particular class, and (b) said identified particular administrative method.
11. A method as recited in claim 1, the administrative security process calling a parameter validation function that has been designated to validate input arguments for the particular administrative method.
12. A method as recited in claim 1, the administrative security process calling a parameter validation function that has been designated to validate input arguments for the particular administrative method, wherein different parameter validation functions are designated for different ones of the administrative methods independently of the administrative security process.
13. A method as recited in claim 1, wherein the administrative security process performs further acts comprising:
- referencing a validation function lookup store to identify a parameter validation function that has been designated to validate input arguments that are to be provided to said particular administrative method;
  
  wherein the validation function lookup store designates different parameter validation functions for different administrative methods; and
  
  calling a designated parameter validation function to validate the arguments to be provided to said particular administrative method.
14. A computer-readable medium comprising computer executable instructions that, when executed, direct a computing system to perform the method of claim 1.

15. A computer-readable medium comprising computer executable instructions for execution in conjunction with an operating system configured to limit access privileges in accordance with defined privilege levels, said privilege levels including at least an administrative privilege level under which a plurality of administrative methods can be initiated and a non-administrative privilege level under which at least one of the administrative methods cannot be initiated;
- said instructions, when executed, directing a computing system to perform a method comprising;
  
  executing an administrative security process under the administrative privilege level;
  
  the administrative security process accepting a request from a user process executing under the non-administrative privilege level to initiate a particular administrative method, the user process calling the administrative security process with parameters comprising (a) an identification of the particular administrative method and (b) arguments to be provided to said particular administrative method;
  
  in response to receiving the parameters, the administrative security process referencing a data store to determine whether the user process is allowed by the administrative security process to initiate the identified particular administrative method; and
  
  the administrative security process calling the identified particular administrative method on behalf of the user process and providing the arguments to said identified particular administrative method if the user process is allowed to initiate the identified particular administrative method.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
- - 16. A computer-readable medium as recited in claim 15, wherein the data store indicates, for a plurality of user accounts, which of the plurality of administrative methods are allowed for processes executing under the user accounts.
  - 17. A computer-readable medium as recited in claim 15, wherein:
18. A computer-readable medium as recited in claim 15, wherein:
- the identified particular administrative method is associated with a particular class of methods; and
  
  said referencing a data store comprises verifying that the user process is executing under a user account belonging to a group that has been designated as being authorized to initiate administrative methods of the particular class.
19. A computer-readable medium as recited in claim 15, wherein:
- the identified particular administrative method is associated with a particular class of methods; and
  
  said referencing a data store comprises verifying that the user process is executing under a user account that has been designated as being authorized to initiate (a) administrative methods of the particular class, and (b) said identified particular administrative method.
20. A computer-readable medium as recited in claim 15, wherein:
- the identified particular administrative method is associated with a particular class of methods; and
  
  said referencing a data store comprises verifying that the user process is executing under a user account belonging to a group that has been designated as being authorized to initiate (a) administrative methods of the particular class, and (b) said identified particular administrative method.
21. A computer-readable medium comprising instructions to perform a method as recited in claim 15, the administrative security process calling a parameter validation function that has been designated to validate input arguments for the particular administrative method.
22. A computer-readable medium comprising instructions to perform a method as recited in claim 15, the administrative security process calling a parameter validation function that has been designated to validate input arguments for the particular administrative method, wherein different parameter validation functions are designated for different ones of the administrative methods independently of the administrative security process.
23. A computer-readable medium as recited in claim 15, wherein the administrative security process performs further acts comprising:
- referencing a validation function lookup store to identify a parameter validation function that has been designated to validate input arguments that are to be provided to said particular administrative method;
  
  wherein the validation function lookup store designates different parameter validation functions for different administrative methods; and
  
  calling a designated parameter validation function to validate the arguments to be provided to said particular administrative method.

24. A security system, comprising:
- an operating system configured to limit access privileges in accordance with defined privilege levels, said privilege levels including at least an administrative privilege level under which a plurality of administrative methods can be initiated and a non-administrative privilege level under which at least one of the administrative methods cannot be initiated;
  
  a user process that executes under the non-administrative privilege level;
  
  an administrative security process that executes under the administrative privilege level;
  
  wherein the user process requests initiation of a particular administrative method by calling the administrative security process with parameters comprising (a) an identification of the particular administrative method and (b) arguments to be provided to said particular administrative method;
  
  the administrative security process being configured to receive the parameters and to reference a data store to determine whether the user process is allowed by the administrative security process to initiate the identified particular administrative method; and
  
  if the user process is allowed to initiate the identified particular administrative method, the administrative security process calls the identified particular administrative method on behalf of the user process and provides the arguments to said identified particular administrative method.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 25. A security system as recited in claim 24, wherein the data store indicates, for a plurality of user accounts, which of the plurality of administrative methods are allowed for processes executing under the user accounts.
  - 26. A security system as recited in claim 24, wherein:
27. A security system as recited in claim 24, wherein:
- the user process executes under an operating system user account, different user accounts belonging to one or more operating system user groups; and
  
  the data store indicates, for a plurality of user groups, which of the plurality of administrative methods are allowed for processes executing under user accounts belonging to the user groups.
28. A security system as recited in claim 24, wherein:
- the identified particular administrative method is associated with a particular class of methods; and
  
  the data store indicates whether the user process is executing under a user account that has been designated as being authorized to initiate administrative methods of the particular class.
29. A security system as recited in claim 24, wherein:
- the identified particular administrative method is associated with a particular class of methods; and
  
  the data store indicates whether the user process is executing under a user account belonging to a group that has been designated as being authorized to initiate administrative methods of the particular class.
30. A security system as recited in claim 24, wherein:
- the identified particular administrative method is associated with a particular class of methods; and
  
  the data store indicates whether the user process is executing under a user account that has been designated as being authorized to initiate (a) administrative methods of the particular class, and (b) said identified particular administrative method.
31. A security system as recited in claim 24, wherein:
- the identified particular administrative method is associated with a particular class of methods; and
  
  the data store indicates whether the user process is executing under a user account belonging to a group that has been designated as being authorized to initiate (a) administrative methods of the particular class, and (b) said identified particular administrative method.
32. A security system as recited in claim 24, wherein the administrative security process is configured to call a parameter validation function that has been designated to validate input arguments for the particular administrative method.
33. A security system as recited in claim 24, wherein the administrative security process is configured to call a parameter validation function that has been designated to validate input arguments for the particular administrative method, wherein different parameter validation functions are designated for different ones of the administrative methods independently of the administrative security process.
34. A security system as recited in claim 24, wherein the administrative security process is configured to reference a validation function lookup store to identify a parameter validation function that has been designated to validate input arguments that are to be provided to said particular administrative method;
- the validation function lookup store designating different parameter validation functions for different administrative methods; and
  
  wherein the administrative security process is configured to call a designated parameter validation function to validate the arguments to be provided to said particular administrative method.

35. A network computer appliance for performing one or more predetermined functions determined by a manufacturer of the network computer appliance, comprising:
- an operating system configured to limit access privileges of processes in accordance with defined privilege levels, said privilege levels including at least an administrative privilege level under which a plurality of administrative methods can be initiated and a non-administrative privilege level under which at least one of the administrative methods cannot be initiated;
  
  a network interface configured to communicate with network clients and to facilitate remote administration of the network computer appliance from the network clients;
  
  a plurality of hyperlinked documents forming a user interface for remote administration of the network computer appliance, said hyperlinked documents including executable content that is configured to execute under a non-administrative privilege level of a requesting remote administrator;
  
  an information server configured to serve said hyperlinked documents to the requesting remote administrator;
  
  an administrative security process configured to execute under the administrative privilege level on the network computer appliance; and
  
  the executable content being configured to initiate a particular administrative method by calling the administrative security process with parameters comprising (a) an identification of the particular administrative method and (b) arguments to be provided to said particular administrative method; and
  
  the administrative security process being configured to call the identified particular administrative method on behalf of the executable content and provide the arguments to said identified particular administrative method.
- View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
- - 36. A network computer appliance as recited in claim 35, wherein the administrative security process is configured to receive the parameters and to determine whether the executable content is allowed to initiate the identified particular administrative method prior to calling the identified particular administrative method.
  - 37. A network computer appliance as recited in claim 35, wherein the administrative security process is configured to call the identified particular administrative method on behalf of the executable content only after verifying that the executable content is executing under a user account that has been designated as being authorized to initiate said identified particular administrative method.
  - 38. A network computer appliance as recited in claim 35, wherein the administrative security process is configured to call the identified particular administrative method on behalf of the executable content only after verifying that the executable content is executing under a user account belonging to a group that has been designated as being authorized to initiate said identified particular administrative method.
  - 39. A network computer appliance as recited in claim 35, wherein the administrative security process is configured to reference a data store to determine whether the executable content is allowed by the administrative security process to initiate said identified particular administrative method.
  - 40. A network computer appliance as recited in claim 35, wherein:
41. A network computer appliance as recited in claim 35, wherein:
- the executable content is configured to execute under an operating system user account, different user accounts belonging to one or more operating system user groups;
  
  the administrative security process is configured to reference a data store to determine whether the executable content is allowed by the administrative security process to initiate said identified particular administrative method; and
  
  the data store indicates, for a plurality of user groups, which of the plurality of administrative methods are allowed for executable content executing under user accounts belonging to the user groups.
42. A network computer appliance as recited in claim 35, wherein:
- the executable content is configured to execute under an operating system user account, different user accounts belonging to one or more operating system user groups;
  
  the administrative security process is configured to reference a data store to determine whether the executable content is authorized by the administrative security process to initiate said identified particular administrative method; and
  
  the data store indicates, for a plurality of user accounts, which of the plurality of administrative methods are allowed for executable content executing under the user accounts; and
  
  the data store indicates, for a plurality of user groups, which of the plurality of administrative methods are allowed for executable content executing under user accounts belonging to the user groups.
43. A network computer appliance as recited in claim 35, wherein:
- the identified particular administrative method is associated with a particular class of methods; and
  
  the administrative security process is configured to determine whether the executable content is allowed by the administrative security process to initiate the identified particular administrative method by referencing a data store to verify that the executable content is executing under a user account that has been designated as being authorized to initiate administrative methods of the particular class.
44. A network computer appliance as recited in claim 35, wherein:
- the identified particular administrative method is associated with a particular class of methods; and
  
  the administrative security process is configured to determine whether the executable content is allowed by the administrative security process to initiate the identified particular administrative method by referencing a data store to verify that the executable content is executing under a user account belonging to a group that has been designated as being authorized to initiate administrative methods of the particular class.
45. A network computer appliance as recited in claim 35, wherein:
- the identified particular administrative method is associated with a particular class of methods; and
  
  the administrative security process is configured to determine whether the executable content is allowed by the administrative security process to initiate the identified particular administrative method by referencing a data store to verify that the executable content is executing under a user account that has been designated as being authorized to initiate (a) administrative methods of the particular class, and (b) said identified particular administrative method.
46. A network computer appliance as recited in claim 35, wherein:
- the identified particular administrative method is associated with a particular class of methods; and
  
  the administrative security process is configured to determine whether the executable content is allowed by the administrative security process to initiate the identified particular administrative method by referencing a data store to verify that the executable content is executing under a user account belonging to a group that has been designated as being authorized to initiate (a) administrative methods of the particular class, and (b) said identified particular administrative method.
47. A network computer appliance as recited in claim 35, wherein the administrative security process is configured to call a parameter validation function that has been designated to validate input arguments for the particular administrative method.
48. A network computer appliance as recited in claim 35, wherein the administrative security process is configured to call a parameter validation function that has been designated to validate input arguments for the particular administrative method, wherein different parameter validation functions are designated for different ones of the administrative methods independently of the administrative security process.
49. A network computer appliance as recited in claim 35, wherein the administrative security process is configured to reference a validation function lookup store to identify a parameter validation function that has been designated to validate input arguments that are to be provided to said particular administrative method;
- the validation function lookup store designating different parameter validation functions for different administrative methods; and
  
  wherein the administrative security process calls a designated parameter validation function to validate the arguments to be provided to said particular administrative method.

50. A computer-readable medium comprising computer executable instructions for execution in conjunction with an operating system configured to limit access privileges of processes in accordance with defined privilege levels, said privilege levels including at least an administrative privilege level under which a defined set of administrative functions can be initiated and a non-administrative privilege level under which at least one of the administrative functions cannot be initiated;
- said instructions, when executed, directing a computing system to perform a method comprising;
  
  communicating with network clients to facilitate remote administration from one or more of the network clients;
  
  generating a user interface for remote administration from a plurality of hyperlinked documents, said hyperlinked documents including executable content that executes under a non-administrative privilege level of a requesting network client;
  
  serving said user interface to the requesting network client;
  
  executing an administrative security process under the administrative privilege level, the administrative security process accepting a request from the executable content to initiate a particular administrative function; and
  
  initiating said particular administrative function under the administrative privilege level of the administrative security process.
- View Dependent Claims (51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62)
- - 51. A computer-readable medium as recited in claim 50, the administrative security process determining whether the executable content is allowed to initiate said identified particular administrative function prior to initiating the identified particular administrative function.
  - 52. A computer-readable medium as recited in claim 50, the administrative security process referencing a data store to determine whether the executable content is allowed by the administrative security process to initiate said identified particular administrative function.
  - 53. A computer-readable medium as recited in claim 50, wherein:
54. A computer-readable medium as recited in claim 50, wherein:
- the executable content executes under an operating system user account, different user accounts belonging to one or more operating system user groups;
  
  the administrative security process referencing a data store to determine whether the executable content is allowed by the administrative security process to initiate said identified particular administrative function; and
  
  the data store indicating, for a plurality of user groups, which of the defined set of administrative functions are allowed for executable content executing under user accounts belonging to the user groups.
55. A computer-readable medium as recited in claim 50, wherein:
- the executable content executes under an operating system user account, different user accounts belonging to one or more operating system user groups;
  
  the administrative security process referencing a data store to determine whether the executable content is allowed by the administrative security process to initiate said identified particular administrative function; and
  
  the data store indicating, for a plurality of user accounts, which of the defined set of administrative functions are allowed for executable content executing under the user accounts; and
  
  the data store indicating, for a plurality of user groups, which of the defined set of administrative functions are allowed for executable content executing under user accounts belonging to the user groups.
56. A computer-readable medium as recited in claim 50, the administrative security process determining whether the executable content is allowed by the administrative security process to initiate the identified particular administrative function, said identified particular administrative function being associated with a particular class of methods;
- andwherein the determining comprises referencing a data store to verify that the executable content is executing under a user account that has been designated as being authorized to initiate administrative functions of the particular class.
57. A computer-readable medium as recited in claim 50, the administrative security process determining whether the executable content is allowed by the administrative security process to initiate the identified particular administrative function, said identified particular administrative function being associated with a particular class of methods;
- andwherein the determining comprises referencing a data store to verify that the executable content is executing under a user account belonging to a group that has been designated as being authorized to initiate administrative functions of the particular class.
58. A computer-readable medium as recited in claim 50, the administrative security process determining whether the executable content is allowed by the administrative security process to initiate the identified particular administrative function, said identified particular administrative function being associated with a particular class of methods;
- andwherein the determining comprises referencing a data store to verify that the executable content is executing under a user account that has been designated as being authorized to initiate (a) administrative functions of the particular class, and (b) said identified particular administrative function.
59. A computer-readable medium as recited in claim 50, the administrative security process determining whether the executable content is allowed by the administrative security process to initiate the identified particular administrative function, said identified particular administrative function being associated with a particular class of methods;
- andwherein the determining comprises referencing a data store to verify that the executable content is executing under a user account belonging to a group that has been designated,as being authorized to initiate (a) administrative functions of the particular class, and (b) said identified particular administrative function.
60. A computer-readable medium comprising instructions to perform a method as recited in claim 50, the administrative security process calling a parameter validation function that has been designated to validate input arguments for the particular administrative function.
61. A computer-readable medium comprising instructions to perform a method as recited in claim 50, the administrative security process calling a parameter validation function that has been designated to validate input arguments for the particular administrative function, wherein different parameter validation functions are designated for different ones of the administrative functions independently of the administrative security process.
62. A computer-readable medium as recited in claim 50, wherein the administrative security process performs further acts comprising:
- referencing a validation function lookup store to identify a parameter validation function that has been designated to validate input arguments that are to be provided to said particular administrative function;
  
  wherein the validation function lookup store designates different parameter validation functions for different administrative functions; and
  
  calling a designated parameter validation function to validate the arguments to be provided to said particular administrative function.

63. A computer-readable medium comprising computer executable instructions for execution in conjunction with an operating system configured to limit access privileges of processes in accordance with defined privilege levels, said privilege levels including at least an administrative privilege level under which a set of administrative functions can be initiated and a non-administrative privilege level under which at least one of the administrative functions cannot be initiated;
- said instructions, when executed, directing a computing system to perform a method comprising;
  
  communicating with network clients to facilitate remote administration from one or more of the network clients;
  
  generating a user interface for remote administration from a plurality of hyperlinked documents, said hyperlinked documents including executable content that executes under a non-administrative privilege level of a requesting network client;
  
  serving said user interface to the requesting network client;
  
  executing an administrative security process as a service under a user account having the administrative privilege level;
  
  accepting a request from the executable content to initiate a particular administrative function; and
  
  initiating said particular administrative function under the administrative privilege level of the administrative security process.
- View Dependent Claims (64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75)
- - 64. A computer-readable medium as recited in claim 63, the administrative security process determining whether the executable content is allowed to initiate said identified particular administrative function prior to initiating the identified particular administrative function.
  - 65. A computer-readable medium as recited in claim 63, the administrative security process referencing a data store to determine whether the executable content is allowed by the administrative security process to initiate said identified particular administrative function.
  - 66. A computer-readable medium as recited in claim 63, wherein:
67. A computer-readable medium as recited in claim 63, wherein:
- the executable content executes under an operating system user account, different user accounts belonging to one or more operating system user groups;
  
  the administrative security process referencing a data store to determine whether the executable content is allowed by the administrative security process to initiate said identified particular administrative function; and
  
  the data store indicating, for a plurality of user groups, which of the set of administrative functions are allowed for executable content executing under user accounts belonging to the user groups.
68. A computer-readable medium as recited in claim 63, wherein:
- the executable content executes under an operating system user account, different user accounts belonging to one or more operating system user groups;
  
  the administrative security process referencing a data store to determine whether the executable content is allowed by the administrative security process to initiate said identified particular administrative function; and
  
  the data store indicating, for a plurality of user accounts, which of the set of administrative functions are allowed for executable content executing under the user accounts; and
  
  the data store indicating, for a plurality of user groups, which of the set of administrative functions are allowed for executable content executing under user accounts belonging to the user groups.
69. A computer-readable medium as recited in claim 63, the administrative security process determining whether the executable content is allowed by the administrative security process to initiate the identified particular administrative function, said identified particular administrative function being associated with a particular class of methods;
- andwherein the determining comprises referencing a data store to verify that the executable content is executing under a user account that has been designated as being authorized to initiate administrative functions of the particular class.
70. A computer-readable medium as recited in claim 63, the administrative security process determining whether the executable content is allowed by the administrative security process to initiate the identified particular administrative function, said identified particular administrative function being associated with a particular class of methods;
- andwherein the determining comprises referencing a data store to verify that the executable content is executing under a user account belonging to a group that has been designated as being authorized to initiate administrative functions of the particular class.
71. A computer-readable medium as recited in claim 63, the administrative security process determining whether the executable content is allowed by the administrative security process to initiate the identified particular administrative function, said identified particular administrative function being associated with a particular class of methods;
- andwherein the determining comprises referencing a data store to verify that the executable content is executing under a user account that has been designated as being authorized to initiate (a) administrative functions of the particular class, and (b) said identified particular administrative function.
72. A computer-readable medium as recited in claim 63, the administrative security process determining whether the executable content is allowed by the administrative security process to initiate the identified particular administrative function, said identified particular administrative function being associated with a particular class of methods;
- andwherein the determining comprises referencing a data store to verify that the executable content is executing under a user account belonging to a group that has been designated as being authorized to initiate (a) administrative functions of the particular class, and (b) said identified particular administrative function.
73. A computer-readable medium comprising instructions to perform a method as recited in claim 63, the administrative security process calling a parameter validation function that has been designated to validate input arguments for the particular administrative function.
74. A computer-readable medium comprising instructions to perform a method as recited in claim 63, the administrative security process calling a parameter validation function that has been designated to validate input arguments for the particular administrative function, wherein different parameter validation functions are designated for different ones of the administrative functions independently of the administrative security process.
75. A computer-readable medium as recited in claim 63, wherein the administrative security process performs further acts comprising:
- referencing a validation function lookup store to identify a parameter validation function that has been designated to validate input arguments that are to be provided to said particular administrative function;
  
  wherein the validation function lookup store designates different parameter validation functions for different administrative functions; and
  
  calling a designated parameter validation function to validate the arguments to be provided to said particular administrative function.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Wang, Gang, Sutton, Paul C., Phillips, Thomas G.
Primary Examiner(s)
Peeso, Thomas R.

Application Number

US09/620,746
Time in Patent Office

1,482 Days
Field of Search

713/200, 713/201
US Class Current

726/4
CPC Class Codes

G06F 21/33 using certificates

Administrative security systems and methods

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

54 Citations

75 Claims

Specification

Solutions

Use Cases

Quick Links

Administrative security systems and methods

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

54 Citations

75 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links