Dynamic Access Control
A more modern approach to managing file system permissions was introduced in Windows Server 8. Dynamic access control brings a new format to ACLs on files and folders, one that can include expressions. The expressions are based on three components:
• User/device claims—These properties of users and devices are stored in the token, making them as fast to verify as group membership. The properties can represent any claims that the user or device make about themselves. For example:
User.Department = “Human Resources”
User.Role = “Executive”
Device.Location = “Los Angeles”
Device.Type = “Desktop”
• Resource properties—Specific properties associated with protected resources (files and folders), typically used to classify the ...
Get Windows Server® 2012 Unleashed now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
