What is DACL?

Dynamic Access Control in Windows 2012, enhances the authorization model  introducing features below which were not part of ACEs

  • Windows Server 2012 AD DS addresses these challenges by introducing:

    • A new claims-based authorization platform that enhances, not replaces, the existing model, which includes:
      • User-claims and device-claims
      • User + device claims (also known as compound identity)
    • New central access policies (CAP) model
    • Use of file-classification information in authorization decisions
    • Easier access-denied remediation experience
    • Access policies and audit policies can be defined flexibly and simply:
      • IF resource.Confidentiality = high THEN audit.Success WHEN user.EmployeeType = vendor

    Requirements

    • One or more Windows Server 2012 domain controllers
    • Windows Server 2012 file server
    • Enable the claims-policy in the Default Domain Controllers Policy
    • Windows Server 2012 Active Directory Administrative Center
    • For device-claims, compound ID must be switched on at the target service account by using Group Policy or editing the object directly

    For more information about Dynamic Access Control see the Dynamic Access Control section of the technical library.

source – https://technet.microsoft.com/library/hh831477.aspx#BKMK_adfs_win8

Advertisements

Author: MStechJi

IT professional with 8.5 years of experience in providing Remote Infrastructure Support in Windows Server environment including MS Azure. Intent to increase my knowledge and experience and share some tips and tricks I’ve learnt along the way.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s