IT tutorials
 
Windows
 

Windows Server 2012 : Deploying Dynamic Access Control (part 1) - Preparing Claims

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
4/20/2014 9:36:01 PM

There is a basic workflow in deploying DAC. The key component of DAC is a central access policy. The workflow for creating a central access policy begins with configuring claims; as mentioned previously, these are properties used to compare user accounts and files to determine if a user has the requirements needed to access a file. These properties, or claims, are added to a resource property list.

The next steps involve the actual creation of the central access policy. The resource property list is applied to this policy. The policy is then published throughout the domain.

We can then deploy DAC to file servers, and the central access policy is pushed out to folder shares.

The last step is to validate DAC. The process is summed up in the chart in Figure 1.

Preparing Claims

When configuring claim types for users, you are adding existing Active Directory attributes to the list of attributes used to evaluate who gets access to what.

In this example deployment, we’ll use the Payroll user department as part of the calculation to determine whether a user has access to files in the Payroll folder share.

From Server Manager, open Tools and then Active Directory Administrative Center, and click Dynamic Access Control. Click Claim TypeNewClaim Type.

Under Source Attribute in the resulting window, scroll to look for Department; then, click that attribute and make Value Type equal String. Here, we are basing the existing Department attribute on the new claim type we will create.

Under Display Name, type Department and click OK. (See Figure 2.)

DAC basic deployment workflow
Figure 1. DAC basic deployment workflow

In the Active Directory Administrative Center, you will now see a new claim type.

Note

In Figure 2, you can see the option “Protect from accidental deletion.” This protection is enabled by default for objects created in DAC. If you want to delete an object, you must uncheck this option.

 
Others
 
- Windows Server 2012 : Managing Users and Data with Dynamic Access Control - The Building Blocks of DAC , Requirements and Predeployment Pointers
- Windows 7 : Using BitLocker Drive Encryption
- Windows 7 : Using System Protection (part 3) - Using previous versions
- Windows 7 : Using System Protection (part 2) - Creating a restore point, Returning to a Previous Restore Point, Undoing a System Restore
- Windows 7 : Using System Protection (part 1) - Turning System Protection on or off
- Windows 8 for Business : Disk Encryption - EFS, BitLocker and BitLocker To Go
- Windows 8 for Business : Domain Join and Group Policy
- Windows 8 : Customizing the Start Screen (part 5) - Adding Shutdown and Restart Tiles to the Start Screen, Customizing the Start Screen Background
- Windows 8 : Customizing the Start Screen (part 4) - Pinning a Website to the Start Screen,Displaying the Administrative Tools on the Start Screen
- Windows 8 : Customizing the Start Screen (part 3) - Turning Off a Live Tile, Pinning a Program to the Start Screen
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Technology FAQ
- Is possible to just to use a wireless router to extend wireless access to wireless access points?
- Ruby - Insert Struct to MySql
- how to find my Symantec pcAnywhere serial number
- About direct X / Open GL issue
- How to determine eclipse version?
- What SAN cert Exchange 2010 for UM, OA?
- How do I populate a SQL Express table from Excel file?
- code for express check out with Paypal.
- Problem with Templated User Control
- ShellExecute SW_HIDE
programming4us programming4us