Delegated Administration Console builds upon the security implemented by the non-provider namespaces available in Microsoft Provisioning System. These non-provider namespaces are responsible for allocating, deallocating, creating, deleting, and setting permissions on physical directories used by the provisioned Web sites and File Transfer Protocol (FTP) sites. The configuration includes permissions applied to the following:
The default configuration of Microsoft Provisioning System, with Delegated Administration Console installed, optimizes security at several levels. Much of the security of Delegated Administration Console is managed using Active Directory functions and features. This includes:
Because the security configuration has been tested as implemented, you should change security settings only as required to address specific needs. You should also test all changes thoroughly before implementing them in a production environment.
For more information on how Delegated Administration Console and the related Microsoft Provisioning System namespaces implement security, see Security in Delegated Administration Console.