This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Dynamic Access Control
Dynamic Access Control

Version management

Difference between version and

At line 1 added 21 lines
!!! Overview
[{$pagename}] (DAC) is an [Access Control Model] that aims to make it easier to enhance authorization and authentication by applying better security, risk-management and auditing policies in [Microsoft Active Directory].
Helps control Token Bloat and some of the [Microsoft Active Directory And Group Issues].
!! Key Appeal
The key appeal of [{$pagename}] is that it extends [Group Policy Object] and access-control functions applied to file shares managed by [Microsoft Active Directory]. It does so by integrating [claims]-based [authentication] using [Kerberos] [tokens]. Instead of describing users by which [Security Groups] they're assigned to, [{$pagename}] also makes it possible to validate [claims] based on different [Subject Attributes] in [Microsoft Active Directory], such as a user's department, location, role, title and security clearance, as well as the [Data Classification].
!! No Need for all to be [Windows Server 2012]
An organization doesn't need to upgrade all of its file servers to [Windows Server 2012] in order to implement DAC. As long as there's one new file server running a Windows Server 2012 domain controller, the organization can implement DAC.
[{$pagename}] also lets organizations apply more refined policies by which a user or device can access a file using claims-based authentication, says Patrick Gookin, product manager for AD products at NetIQ Corp. "The security system can have a rule that says: If the claim that someone is a VP is true, and the claim is that the department is finance, and the resource they're accessing it from is also within the finance department, then I'm going to give them access to this folder," Gookin explains. "Which is unbelievably more powerful than the group model, but it also has a lot of pieces and moving parts that need to be managed and understood."
!! New File Security Model
[{$pagename}] also integrates [Rights Management Services] (RMS), where files defined as sensitive are automatically encrypted, ensuring information is protected when it's moved from the file server. A file may be deemed sensitive if it has a Social Security number. Microsoft and many of its third-party partners believe this new approach to file management in Windows Server 2012 is among the most important new features in the OS. As organizations begin deploying Windows Server 2012, [{$pagename}] promises to also change the way IT secures and audits various document types that reside on file servers.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Dynamic Access Control: An Active Directory Game Changer|http://redmondmag.com/Articles/2013/01/01/Group-Control.aspx|target='_blank'] - based on information retrieved 2013-07-11
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop