Dynamic Access Control intro on Windows Server blog

Dynamic Access Control intro on Windows Server blog

  • Comments 1
  • Likes

Hey all, Ned here with a quick “xerox” post: the Dynamic Access Control developers have released a good intro on their octo-feature through the Windows Server Blog:

Introduction to Windows Server 2012 Dynamic Access Control

It’s written by Nir Ben-Zvi, a Program Manager on the Windows Server development team. If you’re unfamiliar with DAC, this is a great first read. Here’s a quote:

These focus areas were then translated to a set of Windows capabilities that enable data compliance in partner and Windows-based solutions.

  • Add the ability to configure Central Access and Audit Policies in Active Directory. These policies are based on conditional expressions that take into account the following so that organizations can translate business requirements to efficient policy enforcement and considerably reduce the number of security groups needed for access control:
    • Who the user is
    • What device they are using, and
    • What data is being accessed
  • Integrate claims into Windows authentication (Kerberos) so that users and devices can be described not only by the security groups they belong to, but also by claims such as: “User is from the Finance department” and “User’s security clearance is High”
  • Enhance the File Classification Infrastructure to allow business owners and users to identify (tag) their data so that IT administrators are able to target policies based on this tagging. This ability works in parallel with the ability of the File Classification Infrastructure to automatically classify files based on content or any other characteristics
  • Integrate Rights Management Services to automatically protect (encrypt) sensitive information on servers so that even when the information leaves the server, it is still protected.

Click to the read the rest.

If you are looking for more depth and “how it works”, check out our very own Mike Stephens’ downloadable whitepaper:

Understand and Troubleshoot Dynamic Access Control in Windows Server "8" Beta

Until next time,

Ned “10 cent copies” Pyle

  • Huzzah for DAC!!  I for one am excited about the potential here.  Granted it will be a lot of work to get everything set up for most organizations, but the future potential is HUGE.  I'm still getting my head around design approaches in a lab, but so far so good on getting some basic stuff setup for testing.