Authorization Manager by Keith Brown

Using Authorization Manager in Windows Server 2003 you can define roles and the tasks those roles can perform. You can nest roles to inherit characteristics from other roles, and you can define application groups. In addition, you use scripts to modify permissions dynamically, and it allows you to wrap your security logic in a security policy that can be stored in Active Directory. 

All of these topics and demonstration of them using a working sample can be found on a great article by the one and only Keith Brown on November 2003 MSDN Magazine

AUTHORIZE IT :-)