In addition to the general areas of security for Windows NT, you should consider the following areas of security when developing an application in a BackOffice environment.
User Accounts
User accounts are the keys to Windows NT security. You can create as many accounts as needed, and include any user account in as many groups of accounts as are appropriate. You can then permit or limit access to any computer resource to individual accounts or to groups. For your BackOffice application, this means that properly configured user accounts play a significant role in allowing users to access system and application resources. For more information about user accounts, see the Microsoft Windows NT Workstation System Guide or Microsoft Windows NT Server System Guide.
Passwords
Passwords play an integral part in the Windows NT security model and help guarantee that only authorized users can access system and application resources. BackOffice applications should utilize this functionality by following the Unified Logon concepts. For more information about password enforcement options and controls, see the Microsoft Windows NT Workstation System Guide or the Microsoft Windows NT Server System Guide.
File and Directory Protection
A range of file protections can be set on a per-file or per-directory basis, and on a per-user or per-group basis. Your BackOffice application should make extensive use of the features in the Windows NT file system to ensure that file and directory structures are kept secure and are correctly managed. For more information about file and directory protection, see the Microsoft Windows NT Workstation System Guide, Microsoft Windows NT Server System Guide, or the Microsoft Windows NT Resource Kit.
Registry Protection
Because the Windows NT registry is the repository of all system configuration information, it is important to protect it from unauthorized changes. At the same time, individuals and programs that need to access or alter information in the registry must be allowed to do so. As a BackOffice developer you should use the registry to store and manage information relative to your application's initialization needs, such as the system information, user characteristics, or specific application parameters. For more information about the registry and the Registry Editor, see the Windows NT Resource Kit.
Auditing
Windows NT includes built-in auditing capability. This allows you to track which user account was used to attempt a particular kind of access to files or other objects in an application. Auditing can also be used to track logon attempts, shutdowns or restarts of the system, and similar events. For more information about auditing, see the Microsoft Windows NT Workstation System Guide, Microsoft Windows NT Server System Guide, or the Microsoft Windows NT Resource Kit.