When you install the software, a service is fired up which is accepting connections on port 514, the standard rshd port.
When a connection has been detected, a thread is started to handle the incoming request.
However, for security reasons not everybody is allowed to connect. This will result in a "Access denied" message reported to the rsh client.
Under UNIX a .rhosts file, located in the  users's directory, is checked whether the rshd daemon which is running under root should perform a setuid() on the requested command.

WIN32 does not have the concept of setuid() and therefore a different approach is needed, if the call has been placed outside a Windows NT environment.

Thus, a trustbase has to be configured to allow certain users to connect to the machine onto which the software has been installed.
The security on this software is as tight as possible. An account with administrative privileges configures the trustbase by excactly specifying which username from a remote machine identified by an IP address can impersonate a process under a local account. By adding users by user, a trustbase is generated.