More Central Access Policies blogging happening

This post has been republished via RSS; it originally appeared at: Ask the Directory Services Team articles.

First published on TechNet on May 29, 2012
Hi all, Ned here. Our friend Nir has another new DAC-related post up , this time on the File Cab blog:

Getting started with Central Access Policies - Reducing security group complexity and achieving data access compliance using Dynamic Access Control


If you need a reason to go read this, consider the following quote:

"So, we have 2,000 groups, 2,000 ACLs and many groups that are affected by a person changing a role not to mention the complexity of adding another level (say Branch) or the implications if we want to change the folder structure.

With Dynamic Access Control, you can cut the number of groups down from 2,000 to 71 (50 for country, 20 for department and 1 for sensitive data access). This is made possible by the ability to use expressions in Windows ACL. For example: You would use MemberOf (Spain_Security_Group) AND MemberOf (Finance_Security_Group) AND MemberOf(Sensitive_Security_Group) to limit access to Spain’s finance department sensitive information."

Get on over there and give it a read.

I swear we are going to post some original content here at some point. Just crushed under the load.

- Ned "sock puppet" Pyle

REMEMBER: these articles are REPUBLISHED. Your best bet to get a reply is to follow the link at the top of the post to the ORIGINAL post! BUT you're more than welcome to start discussions here:

This site uses Akismet to reduce spam. Learn how your comment data is processed.