Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Server

Windows Server 2012 : Enhanced security and compliance (part 1) - Dynamic Access Control

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
4/5/2014 2:06:52 AM

Security and compliance are two areas that have been significantly extended in Windows Server 2012. Dynamic Access Control now allows centralized control of access and auditing functions. BitLocker Drive Encryption has been enhanced to make it easier to deploy, manage, and use. And implementing Domain Name System Security Extensions (DNSSEC) to safeguard name resolution traffic can now be performed using either user interface (UI) wizards or PowerShell. This concluding section covers these new features and enhancements.

Dynamic Access Control

Controlling access and ensuring compliance are essential components of IT systems in today’s business environment. Windows Server 2012 includes enhancements that provide improved authorization for file servers to control and audit who is able to access data on them. These enhancements are described under the umbrella name of Dynamic Access Control and enable automatic and manual classification of files, central access policies for controlling access to files, central audit policies for identifying who accessed files, and the application of Rights Management Services (RMS) protection to safeguard sensitive information.

Dynamic Access Control is enabled in Windows Server 2012 through the following new features:

  • A new authorization and audit engine that supports central policies and can process conditional expressions

  • A redesigned Advanced Security Settings Editor that simplifies configuration of auditing and determination of effective access.

  • Kerberos authentication support for user and device claims

  • Enhancements to the File Classification Infrastructure (FCI) introduced previously in Windows Server 2008 R2

  • RMS extensibility to allow partners to provide solutions for applying Windows Server–based RMS to non-Microsoft file types

Implementing Dynamic Access Control in your environment requires careful planning and the performing of a number of steps that include configuring Active Directory, setting up a file classification scheme, and more.

Just to give you a taste, however, let’s look briefly at the redesigned Advanced Security Settings Editor that simplifies the configuration of auditing and determination of effective access. As in previous versions of Windows, the advanced permissions for a file or folder can be opened from the Security tab of the Properties dialog box for the file or folder. As you can see here, the Permissions tab of the Advanced Security Settings Editor in Windows Server 2012 and Windows 8 looks fairly similar to the one in previous versions of Windows:

image with no caption

However, the Effective Permissions tab of the Advanced Security Settings Editor in earlier versions of Windows has been replaced with a tab named Effective Access, which lets you choose not only the user or group being used for accessing the file or folder, but also the device:

image with no caption

The Auditing tab of the Advanced Security Settings Editor in earlier versions of Windows has been completely redesigned and now allows you to add auditing entries that can include conditions to limit their scope:

image with no caption

For more information on these user interface improvements, see the following sidebar.

New Effective Access user interface

Windows Server 2012 provides an improved way for administrators to help resolve authorization problems. The new Advanced Security Settings Editor provides a new Effective Access tab that shows simulated access results of a user, computer, or group against targeted resources like a files or folder. The newly designed Effective Access tab provides substantial improvements over its predecessor, the Effective Permissions tab, in the following ways:

  • Simulates access accurately, both locally and remotely

  • Evaluates conditional permission entries, Share permissions, and Central Access Policies

  • Enables administrators to insert user and device claims before evaluating access

  • Enables administrators to delegate troubleshooting access issues

The Advanced Security Settings editor remotely tells a file server to simulate a logon of the user and device selected, inserts additional user and device claims in the evaluation, and gathers permissions from the file system, share, and Central Access Policies.

The Effective Access tab represents the easiest way to diagnose problems with users accessing files and folders on Windows Server 2012 file servers. Use the results from the Effective Access tab to determine which aspect of access control to troubleshoot next.

Typically, the Effective Access tab identifies possible problems with red X’s in the Access Limited By column.

The Effective Access dialog box’s Access Limited By column for file system resources can show Share, File Permissions, and the names of any Central Access Policy that applies to the file folder on the file server. The Access Limited By column indicates the point of access control that Windows perceives is responsible for limiting access to files or folders.

The Effective Access tab lists all points of access control that limits the specified permission for the designated security principal (and device, optionally). Therefore, each entry in the Access limited by column can show one or more limitations. Each limitation listed either specifically limits the security principal’s access or does not provide access to the security principal.

For example, a security principal that is implicitly denied access occurs when none of the points of access control provides access. In this scenario, the Effective Access tab shows limitations for all points of access control (Share, File Permissions, and Central Access Policies applied to the folder). Each point of access control requires investigation to ensure that it allows the security principal the designated access.

Other -----------------
- Windows Server 2012 : Full Windows experience (part 2) - Configuring User Profile Disks
- Windows Server 2012 : Full Windows experience (part 1) - RemoteFX enhancements,Configuring RemoteFX, Enhanced USB redirection
- Windows Server 2012 : Support for open standards
- Microsoft SharePoint 2013 : Working with Visio Services - Customizing Visio Services solutions
- Microsoft SharePoint 2013 : Working with Visio Services - Designing dashboards - Data linking (part 4) - Adding data graphics , Web part connections
- Microsoft SharePoint 2013 : Working with Visio Services - Designing dashboards - Data linking (part 3) - Mapping external data to shapes
- Microsoft SharePoint 2013 : Working with Visio Services - Designing dashboards - Data linking (part 2) - Refreshing external data
- Microsoft SharePoint 2013 : Working with Visio Services - Designing dashboards - Data linking (part 1) - Obtaining external data
- Microsoft SharePoint 2013 : Looking at Visio Services (part 4) - Visio Services security considerations,Supported data scenarios
- Microsoft SharePoint 2013 : Looking at Visio Services (part 3) - Visio Graphics Service service application
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server