Dynamic Access Control
A new feature for Windows Server 2012 is Dynamic Access Control (DAC). DAC is an entirely new way to control access to file share data. Whereas share permissions and NTFS permissions manage share, folder, and file access by referencing the user account and security group membership, DAC extends that functionality by adding in an additional layer of security. This layer includes, as one example, comparing additional user attribute values with folder classification property values, and then granting or denying access based on central access policies and their associated policy rules. To provide an illustration of this, consider the following example.
Jamil and Colby are both in the Human Resources department of a global ...
Get Windows Server® 2012 Unleashed now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
