If you have set access permissions on files and directories in
an NTFS file system, you can enable the WMS NTFS ACL Authorization
plug-in to enforce the permissions. This plug-in enforces
discretionary access control lists (DACLs) and system access
control lists (SACLs) that have been set on files and directories
in an NTFS file system. A DACL is a list of user accounts, groups,
and computers that are allowed or denied access to an Active
Directory object. A SACL defines the events that are audited for a
user, group or computer. This plug-in is useful when you want to
set different access control policies for your content.
The WMS NTFS ACL Authorization plug-in can be enabled for
specific on-demand publishing points or for an entire server. Once
this plug-in is enabled, each piece of content streamed from the
publishing point or server must be authorized for the user account
specified by the authentication plug-in. This means that if you are
streaming content from a playlist, the user account must be
authorized for every item listed in the playlist. If a user account
cannot be authenticated for a certain item in the playlist, that
item is skipped and the next item in the playlist for which
authentication succeeded is streamed to the client.
Because this plug-in enforces access control policies that you
set on files or directories, it is not appropriate for use in the
following situations:
Broadcasting a live stream. Because a stream from an
encoder is not located in a file or directory on an NTFS drive,
this plug-in cannot be used for live stream authorization.
Proxying a stream. When using a Windows Media server as
a proxy server that does not cache content, the WMS NTFS ACL
Authorization plug-in does not have a defined set of files or
directories against which it can authenticate a user account.
Enabling the WMS NTFS ACL Authorization plug-in on the origin
server will cause the proxy server to forward the authorization
request to the client and transmit the information back to the
origin server, which then performs the authorization. If you want
to authorize clients that access a proxy server, use the WMS
Publishing Points ACL Authorization plug-in instead.
Notes
The authentication and authorization plug-ins
work together to grant clients access to streaming media content.
If either the WMS NTFS ACL Authorization plug-in or the WMS
Publishing Points ACL Authorization plug-in is enabled but no
authentication plug-in is enabled, unicast clients cannot access
the server.
This plug-in is dependent on information
gathered from the NTFS file system that is accessed by the WMS File
Data Source plug-in. The WMS File Data Source plug-in is enabled by
default when Windows Media Services is installed. Do not disable
the WMS File Data Source plug-in if you are using this
authorization plug-in.
For more information about creating and managing
DACLs and SACLs, see Windows Help and Support.
Notes