You are previewing Learning Microsoft Windows Server 2012 Dynamic Access Control.
O'Reilly logo
Learning Microsoft Windows Server 2012 Dynamic Access Control

Book Description

When you know Dynamic Access Control, you know how to take command of your organization’s data for security and control. This book is a practical tutorial that will make you proficient in the main functions and extensions.

  • Understand the advantages of using Dynamic Access Control and how it simplifies access control

  • Learn how to monitor, maintain, and secure your Dynamic Access Control environment

  • Troubleshoot and solve common misconfigurations and problems with professional techniques

  • In Detail

    Identifying and classifying information inside a company is one of the most important prerequisites for securing the sensitive information of various business units. Windows Server 2012 Dynamic Access Control helps you not only to classify information, but it also gives you the opportunity and the functionality to provide a safe-net policy across your file servers, showing you some helpful ways of auditing and access denied assistance to improve usability.

    Understanding the architecture, the design, and implementing the solution, to troubleshooting will be covered in a practical and easy-to-read manner. This book is packed with project-based examples with plenty of information about the architecture, functionality, and extensions of Dynamic Access Control to help you excel in real-life projects. The book guides you through all the stages of a successful implementation of Dynamic Access Control.

    Microsoft Windows Server 2012 Dynamic Access Control will teach you everything you need to know to create your own projects, and is an essential resource for reviewing or extending already existing implementations.

    The book initially takes you through the task of understanding all of the functionality and extensions with ideas and overviews to help guide you in the decision process. The whole architecture will be explained in the main building blocks of Dynamic Access control. You will have a strong foundation and understanding of the claims model and Kerberos. Classifying information, the hardest part of the prerequisites to fulfil, is also covered in depth. You will also spend time understanding conditional expressions, and the method used to deploy them across your file server infrastructure. A special chapter is included for handling the data quality and the integration in other systems and strategies. Last, but not least, to get your solution up and running you will learn how to troubleshoot a Dynamic Access Control solution.

    Table of Contents

    1. Learning Microsoft Windows Server 2012 Dynamic Access Control
      1. Table of Contents
      2. Learning Microsoft Windows Server 2012 Dynamic Access Control
      3. Credits
      4. About the Author
      5. About the Reviewers
      6. www.PacktPub.com
        1. Support files, eBooks, discount offers and more
          1. Why Subscribe?
          2. Free Access for Packt account holders
          3. Instant Updates on New Packt Books
      7. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Conventions
        5. Reader feedback
        6. Customer support
          1. Errata
          2. Piracy
          3. Questions
      8. 1. Getting in Touch with Dynamic Access Control
        1. Business needs, purpose, and benefits
        2. Inside the architecture of DAC
          1. Building blocks
            1. Infrastructure requirements
            2. User and device claims
            3. Expression-based access rules
            4. Classification enhancements
            5. Central Access and Audit policies
            6. Access-denied assistance
        3. Building your smart test lab
        4. Configuring Dynamic Access Control
        5. Summary
      9. 2. Understanding the Claims-based Access Model
        1. Understanding claims
        2. Claims support in Windows 8/2012 and newer
          1. Kerberos authentication enhancements
        3. Kerberos Armoring and Compound Authentication
          1. Kerberos Armoring
          2. Compound Authentication
        4. Managing Claims and Resource properties
          1. Naming conventions
          2. Authoritative system and data validation
          3. Administrative delegation
          4. Resource properties
        5. Using Claim Transformation and Filtering
        6. Groups or DAC, let's extend our first solution
        7. Summary
      10. 3. Classification and the File Classification Infrastructure
        1. Map the business and security requirements
        2. Different types and methods for tagging and classifying information
        3. Manual Classification
        4. Using the Windows File Classification Infrastructure
        5. Data Classification Toolkit 2012
        6. The Data Classification Toolkit wizard
          1. The Data Classification Toolkit Claims wizard
        7. Designing and configuring classifications
        8. Summary
      11. 4. Access Control in Action
        1. Defining expression-based Access policies
        2. Deploying Central Access Policies
          1. Protecting the legal department's information with Central Access Policies
        3. Identifying a Group Policy and registry settings
        4. Configuring FCI and Central Access Policies
        5. Building a staging environment using proposed permissions
        6. Applying Central Access Policies
        7. Access Denied Remediation
          1. Understanding the ADR process
          2. ADR – a step-by-step guide
        8. Summary
      12. 5. Auditing a DAC Solution
        1. Auditing with conditional expressions
        2. Claims-based Global Object Access Auditing
          1. Monitoring your Dynamic Access Control scenarios
        3. Configuring an effective auditing solution
        4. Policy considerations
        5. Extending the solution with System Center
        6. Summary
      13. 6. Integrating Rights Management Protection
        1. Windows 2012 AD RMS
        2. Installing Rights Management Services
        3. Rights Protected Folder
        4. Classification-based encryption
        5. Protecting your information with a combination
          1. The rights management template
          2. Encryption rule
          3. Information access
          4. Building the RPF example in your environment
          5. File retention
          6. AD RMS in a SAP environment
        6. Summary
      14. 7. Extending the DAC Base Solution
        1. Keeping Active Directory attributes up-to-date
        2. Third-party tools for Dynamic Access Control
          1. Classification
          2. Central Access Policy
          3. RMS Protection
          4. Auditing
          5. Using DAC in SharePoint
        3. BYOD – using Dynamic Access Control
        4. Summary
      15. 8. Automating the Solution
        1. Identifying the complete solution
        2. How other Microsoft products can assist you
        3. Advanced architectures for Information Protection
        4. Summary
      16. 9. Troubleshooting
        1. Common misconfigurations
        2. General troubleshooting
          1. Domain Controller count
          2. Data quality of Active Directory attributes
          3. Checking the user and device claims
          4. Domain connectivity
          5. Advanced Security Editor
            1. The order of entries in the Permissions tab
            2. The Central Policy tab
          6. FCI - resource conditions and resource properties
          7. Access Control Lists
        3. Advanced troubleshooting
          1. Domain function level
          2. Active Directory trust
          3. Claim Transformation Policy (CTP)
        4. Summary
      17. Index