Windows 2000 is a secure operating system. The security offered by the operating system protects the local machine from any unauthorized operation performed by a user. Each secured resource under the operating system can be configured to allow access to some users while denying access to others.However, COMs ability to invoke servers, especially from remote machines, raises security issues such as the verification of clients credentials and how to validate that the client is privileged to perform an operation on a secured resource.Security is also a concern for clients. A client may have good reasons not to trust the server, and therefore may wish to hide its credentials from the server.COM+ provides support to address client-side and server-side security issues. In this chapter we will look at how we can leverage this support in developing secure applications.