Logo
HOW TO
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
 
 
Windows Server

Windows Server 2012 : Enhanced security and compliance (part 1) - Dynamic Access Control

4/5/2014 2:06:52 AM

Security and compliance are two areas that have been significantly extended in Windows Server 2012. Dynamic Access Control now allows centralized control of access and auditing functions. BitLocker Drive Encryption has been enhanced to make it easier to deploy, manage, and use. And implementing Domain Name System Security Extensions (DNSSEC) to safeguard name resolution traffic can now be performed using either user interface (UI) wizards or PowerShell. This concluding section covers these new features and enhancements.

Dynamic Access Control

Controlling access and ensuring compliance are essential components of IT systems in today’s business environment. Windows Server 2012 includes enhancements that provide improved authorization for file servers to control and audit who is able to access data on them. These enhancements are described under the umbrella name of Dynamic Access Control and enable automatic and manual classification of files, central access policies for controlling access to files, central audit policies for identifying who accessed files, and the application of Rights Management Services (RMS) protection to safeguard sensitive information.

Dynamic Access Control is enabled in Windows Server 2012 through the following new features:

  • A new authorization and audit engine that supports central policies and can process conditional expressions

  • A redesigned Advanced Security Settings Editor that simplifies configuration of auditing and determination of effective access.

  • Kerberos authentication support for user and device claims

  • Enhancements to the File Classification Infrastructure (FCI) introduced previously in Windows Server 2008 R2

  • RMS extensibility to allow partners to provide solutions for applying Windows Server–based RMS to non-Microsoft file types

Implementing Dynamic Access Control in your environment requires careful planning and the performing of a number of steps that include configuring Active Directory, setting up a file classification scheme, and more.

Just to give you a taste, however, let’s look briefly at the redesigned Advanced Security Settings Editor that simplifies the configuration of auditing and determination of effective access. As in previous versions of Windows, the advanced permissions for a file or folder can be opened from the Security tab of the Properties dialog box for the file or folder. As you can see here, the Permissions tab of the Advanced Security Settings Editor in Windows Server 2012 and Windows 8 looks fairly similar to the one in previous versions of Windows:

image with no caption

However, the Effective Permissions tab of the Advanced Security Settings Editor in earlier versions of Windows has been replaced with a tab named Effective Access, which lets you choose not only the user or group being used for accessing the file or folder, but also the device:

image with no caption

The Auditing tab of the Advanced Security Settings Editor in earlier versions of Windows has been completely redesigned and now allows you to add auditing entries that can include conditions to limit their scope:

image with no caption

For more information on these user interface improvements, see the following sidebar.

New Effective Access user interface

Windows Server 2012 provides an improved way for administrators to help resolve authorization problems. The new Advanced Security Settings Editor provides a new Effective Access tab that shows simulated access results of a user, computer, or group against targeted resources like a files or folder. The newly designed Effective Access tab provides substantial improvements over its predecessor, the Effective Permissions tab, in the following ways:

  • Simulates access accurately, both locally and remotely

  • Evaluates conditional permission entries, Share permissions, and Central Access Policies

  • Enables administrators to insert user and device claims before evaluating access

  • Enables administrators to delegate troubleshooting access issues

The Advanced Security Settings editor remotely tells a file server to simulate a logon of the user and device selected, inserts additional user and device claims in the evaluation, and gathers permissions from the file system, share, and Central Access Policies.

The Effective Access tab represents the easiest way to diagnose problems with users accessing files and folders on Windows Server 2012 file servers. Use the results from the Effective Access tab to determine which aspect of access control to troubleshoot next.

Typically, the Effective Access tab identifies possible problems with red X’s in the Access Limited By column.

The Effective Access dialog box’s Access Limited By column for file system resources can show Share, File Permissions, and the names of any Central Access Policy that applies to the file folder on the file server. The Access Limited By column indicates the point of access control that Windows perceives is responsible for limiting access to files or folders.

The Effective Access tab lists all points of access control that limits the specified permission for the designated security principal (and device, optionally). Therefore, each entry in the Access limited by column can show one or more limitations. Each limitation listed either specifically limits the security principal’s access or does not provide access to the security principal.

For example, a security principal that is implicitly denied access occurs when none of the points of access control provides access. In this scenario, the Effective Access tab shows limitations for all points of access control (Share, File Permissions, and Central Access Policies applied to the folder). Each point of access control requires investigation to ensure that it allows the security principal the designated access.

Other -----------------
- Windows Server 2012 : Full Windows experience (part 2) - Configuring User Profile Disks
- Windows Server 2012 : Full Windows experience (part 1) - RemoteFX enhancements,Configuring RemoteFX, Enhanced USB redirection
- Windows Server 2012 : Support for open standards
- Microsoft SharePoint 2013 : Working with Visio Services - Customizing Visio Services solutions
- Microsoft SharePoint 2013 : Working with Visio Services - Designing dashboards - Data linking (part 4) - Adding data graphics , Web part connections
- Microsoft SharePoint 2013 : Working with Visio Services - Designing dashboards - Data linking (part 3) - Mapping external data to shapes
- Microsoft SharePoint 2013 : Working with Visio Services - Designing dashboards - Data linking (part 2) - Refreshing external data
- Microsoft SharePoint 2013 : Working with Visio Services - Designing dashboards - Data linking (part 1) - Obtaining external data
- Microsoft SharePoint 2013 : Looking at Visio Services (part 4) - Visio Services security considerations,Supported data scenarios
- Microsoft SharePoint 2013 : Looking at Visio Services (part 3) - Visio Graphics Service service application
 
 
REVIEW
- First look: Apple Watch

- 10 Amazing Tools You Should Be Using with Dropbox

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
 
VIDEO TUTORIAL
- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 1)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 2)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 3)
 
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS
Popular keywords
HOW TO Swimlane in Visio Visio sort key Pen and Touch Creating groups in Windows Server Raid in Windows Server Exchange 2010 maintenance Exchange server mail enabled groups Debugging Tools Collaborating
Top 10
- Microsoft Excel : How to Use the VLookUp Function
- Fix and Tweak Graphics and Video (part 3) : How to Fix : My Screen Is Sluggish - Adjust Hardware Acceleration
- Fix and Tweak Graphics and Video (part 2) : How to Fix : Text on My Screen Is Too Small
- Fix and Tweak Graphics and Video (part 1) : How to Fix : Adjust the Resolution
- Windows Phone 8 Apps : Camera (part 4) - Adjusting Video Settings, Using the Video Light
- Windows Phone 8 Apps : Camera (part 3) - Using the Front Camera, Activating Video Mode
- Windows Phone 8 Apps : Camera (part 2) - Controlling the Camera’s Flash, Changing the Camera’s Behavior with Lenses
- Windows Phone 8 Apps : Camera (part 1) - Adjusting Photo Settings
- MDT's Client Wizard : Package Properties
- MDT's Client Wizard : Driver Properties
 
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
2015 Camaro