This post has been republished via RSS; it originally appeared at: Ask the Directory Services Team articles.First published on TechNet on May 22, 2012
Hey all, Ned here with a quick “xerox” post: the Dynamic Access Control developers have released a good intro on their octo-feature through the Windows Server Blog:
It’s written by Nir Ben-Zvi, a Program Manager on the Windows Server development team. If you’re unfamiliar with DAC, this is a great first read. Here’s a quote:
These focus areas were then translated to a set of Windows capabilities that enable data compliance in partner and Windows-based solutions.
Add the ability to configure Central Access and Audit Policies in Active Directory. These policies are based on conditional expressions that take into account the following so that organizations can translate business requirements to efficient policy enforcement and considerably reduce the number of security groups needed for access control:
- Who the user is
- What device they are using, and
- What data is being accessed
- Integrate claims into Windows authentication (Kerberos) so that users and devices can be described not only by the security groups they belong to, but also by claims such as: “User is from the Finance department” and “User’s security clearance is High”
- Enhance the File Classification Infrastructure to allow business owners and users to identify (tag) their data so that IT administrators are able to target policies based on this tagging. This ability works in parallel with the ability of the File Classification Infrastructure to automatically classify files based on content or any other characteristics
- Integrate Rights Management Services to automatically protect (encrypt) sensitive information on servers so that even when the information leaves the server, it is still protected.
Click to the read the rest .
If you are looking for more depth and “how it works”, check out our very own Mike Stephens’ downloadable whitepaper:
Until next time,
Ned “10 cent copies” Pyle