Bruce Adamczak

I have spent years working in perfmon, so I thought I would share some tips and tricks on the tool!

Follow me and learn Windows Server 2012 - Dynamic Access Control

Follow me and learn Windows Server 2012 - Dynamic Access Control

  • Comments 4
  • Likes

Hello, Bruce here again.  With the release Windows Server 2012 we all have to start learning the new features of the product.    So I thought I would share with you what I’m studying and some resource to bring you to speed at the same time.     Below is the first topic I’m starting to look at.

Dynamic Access Control (http://technet.microsoft.com/library/hh831717.aspx)

Today, it is difficult to translate business-intent using the existing authorization model. The existing capabilities of access control entries (ACEs) make it hard or impossible to fully express requirements. In addition, there are no central administration capabilities. Finally, modern-day increases in regulatory and business requirements around compliance further compound the problem.

Windows Server 2012 AD DS addresses these challenges by introducing:

  • A new claims-based authorization platform that enhances, not replaces, the existing model, which includes:
    • User-claims and device-claims
    • User + device claims (also known as compound identity)
  • New central access policies (CAP) model
  • Use of file-classification information in authorization decisions
  • Easier access-denied remediation experience
  • Access policies and audit policies can be defined flexibly and simply:
    • IF resource.Confidentiality = high THEN audit.Success WHEN user.EmployeeType = vendor

Dynamic Access Control: Scenario Overview

http://technet.microsoft.com/en-us/library/hh831717.aspx

Dynamic Access Control demo walkthrough

http://technet.microsoft.com/en-us/video/dynamic-access-control-demo-walkthrough.aspx

Technet Windows Server 2012 Virtual Labs
Using Dynamic Access Control to Automatically and Centrally Secure Data

In this lab, you will explore Dynamic Access Control in Windows Server 2012. You will learn how to create Central Access Policies, explore the new Access Denied Remediation features, as well as learn how to use the audit capabilities built into Dynamic Access Control.

http://go.microsoft.com/?linkid=9806471

 

Setting Up the Test Environment

http://technet.microsoft.com/en-us/library/hh831776.aspx

 

Windows Server 2012 Dynamic Access Control Overview

http://northamerica.msteched.com/topic/details/2012/SIA207#fbid=6Bsslue7jST

Windows Server 2012 Dynamic Access Control Deep Dive for Active Directory and Central Authorization Policies

http://northamerica.msteched.com/topic/details/2012/SIA341#fbid=6Bsslue7jST

 

Windows Server 2012 Dynamic Access Control Best Practices and Case Study Deployments in Microsoft IT

http://northamerica.msteched.com/topic/details/2012/SIA316#fbid=6Bsslue7jST

 

Comments
  • What are the requirements and server roles needed for the New central access policies (CAP) model?

    Does Active Directory Rights Management Services and/or Active Directory Certificate Services need to be implemented for this to work?

  • Jacques,

    You do not have to have RMS or Certificates Services to use a Central access policy.  You will need 2012 DC and the file servers will need to be 2012.

    Here is a good walkthrough to assist your learning:

    Deploy a Central Access Policy (Demonstration Steps)

    technet.microsoft.com/.../hh846167.aspx

  • Does this seem overly complicated to anyone else?.  Now we're getting in to programming variables, IF THEN WHEN... for a file share.... too much.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment